Docker for Pentest – Image With The More Used Tools To Create A Pentest Environment Easily And Quickly
Docker for pentest is an image with the more used tools to create an pentest environment easily and quickly.
Features
- OS, networking, developing and pentesting tools installed.
- Connection to HTB (Hack the Box) vpn to access HTB machines.
- Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou.
- Proxy service to send traffic from any browsers and burp suite installed in your local directory.
- Exploit database installed.
- Tool for cracking password.
- Linux enumeration tools installed.
- Tools installed to discovery services running.
- Tools installed to directory fuzzing.
- Monitor for linux processes without root permissions
- Zsh shell installed.
Tools installed
Operative system tools
- rdate
- vim
- zsh
- oh-my-zsh
- locate
- cifs-utils
Network tools
- traceroute
- telnet
- net-tools
- iputils-ping
- tcpdump
- openvpn
- whois
- host
- prips
Developer tools
- git
- curl
- wget
- ruby
- go
- python
- python-pip
- python3
- python3-pip
Pentest tools
Port scanning
- nmap
- masscan
- ScanPorts created by @s4vitar with some improvements
Recon
- Subdomains
- Amass
- GoBuster
- Knock
- MassDNS
- Altdns
- spyse
- Sublist3r
- findomain
- subfinder
- spiderfoot
- Subdomain takeover
- subjack
- DNS Lookups
- hakrevdns
- Screenshot
- gowitness
- aquatone
- Crawler
- hakrawler
- Photon
- waybackurls
- gospider
- Search directories
- dirsearch
- Fuzzer
- wfuzz
- ffuf
- Web Scanning
- whatweb
- wafw00z
- nikto
- arjun
- httprobe
- striker
- CMS
- wpscan
- joomscan
- droopescan
- cmseek
- Search JS
- LinkFinder
- getJS
Wordlist
- cewl
- wordlists:
- wfuzz
- SecList
- Fuzzdb
- Dirbuster
- Dirb
- Rockyou
- crunch
Git repositories
- gitleaks
- gitrob
- gitGraber
- github-search
OWASP
- sqlmap
- XSStrike
Brute force
- crowbar
- hydra
- patator
- medusa
Cracking
- hashid
- john the ripper
- hashcat
OS Enumeration
- htbenum
- linux-smart-enumeration
- linenum
- enum4linux
- ldapdomaindump
- PEASS – Privilege Escalation Awesome Scripts SUITE
- Windows Exploit Suggester – Next Generation
- smbmap
- pspy – unprivileged Linux process snooping
- smbclient
- ftp
Exploits
- searchsploit
- Metasploit
- MS17-010
- AutoBlue-MS17-010
- PrivExchange
Windows
- evil-winrm
- impacket
- CrackMapExec
- Nishang
- Juicy Potato
- PowerSploit
- pass-the-hash
- mimikatz
- gpp-decrypt
Reverse shell
- netcat
- rlwrap
Other resources
- pentest-tools from @gwen001
- qsreplace from @tomnomnom
Custom functions
- NmapExtractPorts from @s4vitar
Other services
- apache2
- squid
Documentation
See the project’s wiki for documentation.
Usage
Prerequisites
- Docker service installed
You can use the docker image by the next two options:
Option 1 – Use the github repository
git clone --depth 1 https://github.com/aaaguirrep/pentest.git
cd pentest
docker build -t pentest .
docker run --rm -it --name my-pentest pentest /bin/zsh
Option 2 – Use the image from docker hub
Use image from docker hub: aaaguirrep/pentest
docker pull aaaguirrep/pentest
docker run --rm -it --name my-pentest pentest /bin/zsh
Considerations to run the container
There are differents use cases for use the image and you should know how to run the container properly.
- Use the container to access HTB (Hack the Box) machines by HTB vpn.
docker run --rm -it --cap-add=NET_ADMIN --device=/dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 --name my-pentest aaaguirrep/pentest /bin/zsh
- Share information from your local directory to container directory and save information on your local directory. You should save information under /pentest directory.
docker run --rm -it -v /path/to/local/directory:/pentest --name my-pentest aaaguirrep/pentest /bin/zsh
- Expose internal container services (apache, squid) for your local environment.
docker run --rm -it --name my-pentest -p 80:80 -p 3128:3128 aaaguirrep/pentest /bin/zsh
Inside the container start apache2 and squid services by the aliases.
apacheUp
squidUp - Mount directories by umount command.
docker run --rm -it --privileged --name my-pentest aaaguirrep/pentest /bin/zsh
- Tools are downloaded in /tools directory.
Nice configurations
You can set up the docker image with nice configurations like as:
1. Alias to connect to HTB (Hack the Box) VPN
To use both options you should use -v option to map local directoty with /pentest container directory.
Option 1 – HTB VPN using github repository
Add the next line in step “Create shorcuts” in Dockerfile, build a new image and run a new container with the -v option.
RUN echo "alias vpnhtb="openvpn /pentest/path/to/ovpn/file"" >> /root/.zshrc
Option 2 – HTB VPN using docker hub image
Create a new Dockerfile with the next steps, build a new image and run a new container with -v option.
FROM aaaguirrep/pentest
# Create a shortcut and load the ovpn file from workstation
RUN echo "alias vpnhtb="openvpn /pentest/path/to/ovpn/file"" >> /root/.zshrc
2. Save and load command history in your local environment
When you delete a container all information is deleted incluide command history. The next configuration provides you an option for save the command history in your local environment and load it when you run a new container. So, you wont lose your command history when run a new container.
To use both options you should use -v option to map local directoty with /pentest container directory.
Option 1 – Command history using github repository
Add the next line in step “Create shorcuts” in Dockerfile, build a new image and run a new container.
# Save and load command history in your local environment
RUN sed -i '1i export HISTFILE="/pentest/.zsh_history"' /root/.zshrc
Option 2 – Command history using docker hub image
Create a new Dockerfile with the next steps, build a new image and run a new container.
FROM aaaguirrep/pentest
# Save and load command history in your local environment
RUN sed -i '1i export HISTFILE="/pentest/.zsh_history"' /root/.zshrc
Environment tested
The image was tested in the following environments:
- Docker service for Mac: Docker version 19.03.5, build 633a0ea
- Docker service for Linux instance on Google Cloud Platform: Docker version 19.03.6, build 369ce74a3c
Warning
- Do not save information on container directories because it will be lost after delete the container, you should save information in your local environment using the parameter -v when you run the container. For instance:
docker run --rm -it -v /path/to/local/directory:/pentest --name my-pentest aaaguirrep/pentest /bin/zsh
The above command specify a path local directory mapped with /pentest container directory. You should save all information under /pentest directory.
- Use hashcat and john the ripper on controlled environments as CTF. You can experiment issues.
Contributing
Contributing Guide
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.