paint-brush
How To Dockerize Your Pen-testing Lab [feat. Kali Linux]by@EphemeralCodex
5,253 reads
5,253 reads

How To Dockerize Your Pen-testing Lab [feat. Kali Linux]

by EphemeralCodex
EphemeralCodex HackerNoon profile picture

EphemeralCodex

@EphemeralCodex

Acquiring Omniscience

December 12th, 2019
Read on Terminal Reader
Read this story in a terminal
Print this story
Read this story w/o Javascript
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The attacker container is built off of the official Kali Linux docker container base image with the label Hack_lab. I decided to just use this in order to keep the image size smaller and portable. With this base image, one can install tools that are needed for the job at hand, rather than a 8gb image that might as well be a full VM that is resource intensive. They are focused on WAP for now, but the goal is to have the list grow and become dynamic in nature.

Coin Mentioned

Mention Thumbnail
featured image - How To Dockerize Your Pen-testing Lab [feat. Kali Linux]
1x
Read by Dr. One voice-avatar

Listen to this story

EphemeralCodex HackerNoon profile picture
EphemeralCodex

EphemeralCodex

@EphemeralCodex

Acquiring Omniscience

Learn More
LEARN MORE ABOUT @EPHEMERALCODEX'S
EXPERTISE AND PLACE ON THE INTERNET.

Tools & Skills

  • Windows Subsystem for Linux (WSL) || Linux OS (Debian preferred)
  • Basic GNU-Linux command line knowledge
  • Basic Docker/Docker-Compose CLI knowledge.

REPO LINK

https://github.com/Ephemeral-Codex/Scripts

GETTING STARTED.

Are you wanting to build a low profile & portable pen-testing lab to assist with building your skills while learning how to use docker containers? Keep on reading!

I have built a pair of scripts that will do the following..

  • Update/Upgrade your linux/wsl environment
  • Install docker-ce
  • pull an official kali docker container
  • pull a variety of vulnerable docker images
  • Allow a user to choose which vulnerable app to provision.
  • Run the containers on a local web browser

THE CURRENT CONTAINERS

The the attacker container is built off of the official Kali Linux docker container base image wit the label

Hack_lab
. I decided to just use this in order to keep the image size smaller and portable. (Docker is meant for singular use apps).

With this base image, one can install tools that are needed for the job at hand, rather than a 8gb image that might as well be a full VM that resource intensive. For example, If you want to install metasploit in the Kali container, just run the following from within the container

apt-get install metasploit-framework.

The vulnerable containers consist the following.

  • Bwapp
  • Juice-Shop
  • Webgoat 8.0
  • DVWA
  • Tiredful-API
  • Hackazon.

They are focused on WAP for now, but the goal is to have the list grow and become dynamic in nature.

USAGE

  • Download the git repo listed from above in your respective directory. ( I recommend making a "project" directory
    IE: mkdir ~/home/<name>/projects.
  • Run the christmas.sh script.
  • Run vulapps.sh to choose which vuln app you wish to practice on

EXAMPLE:

The result of running option 1 - Juice Shop

image

The app running locally on your browser.

image

Kill your containers with the following.

  • docker kill <container name> ----> Above example "docker kill juice_shop"
  • docker rm <container_name> -----> Above example "docker rm juice_shop"
  • If you get really overwhelmed, you can kill all containers (running & stopped) by

    doing docker system prune
    and using the
    "y"
    option

Upcoming Features:
  • Convert this to a full dockerfile rather than 2 separate scripts.
  • Kill and remove containers after 5 failed health checks
  • Leverage a dockerfile to autorun the provisioning script of Hack_lab container
  • Add OWASP Security Shepherd (WIP)
  • Add NodeGoat (WIP)

please feel free to add-on to this or send me ideas to help improve!



L O A D I N G
. . . comments & more!

About Author

EphemeralCodex HackerNoon profile picture
EphemeralCodex@EphemeralCodex
Acquiring Omniscience

TOPICS

THIS ARTICLE WAS FEATURED IN...

Permanent on Arweave
Read on Terminal Reader
Read this story in a terminal
 Terminal
Read this story w/o Javascript
Read this story w/o Javascript
 Lite

Mentioned in this story

X REMOVE AD