Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Offensive Docker is an image with the more used tools to create an pentest environment easily and quickly.
:arrow_right: Note: Check out the next repo to know how to launch offensive docker in a VPS in Google Cloud Platform or Digital Ocean (free credit included). Offensive Docker VPS
See the project's wiki for documentation.
You can use the docker image by the next two options:
git clone --depth 1 https://github.com/aaaguirrep/offensive-docker.git
cd offensive-docker
docker build -t offensive-docker .
docker run --rm -it --name my-offensive-docker offensive-docker /bin/zsh
Use image from docker hub: aaaguirrep/offensive-docker
docker pull aaaguirrep/offensive-docker
docker run --rm -it --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh
There are differents use cases for use the image and you should know how to run the container properly.
Use the container to access HTB (Hack the Box) machines by HTB vpn.
docker run --rm -it --cap-add=NET_ADMIN --device=/dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh
Share information from your local directory to container directory and save information on your local directory. You should save information under /offensive directory.
docker run --rm -it -v /path/to/local/directory:/offensive --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh
Expose internal container services (apache, squid) for your local environment.
docker run --rm -it --name my-offensive-docker -p 80:80 -p 3128:3128 aaaguirrep/offensive-docker /bin/zsh
Inside the container start apache2 and squid services by the aliases.
apacheUp
squidUp
Mount directories by umount command.
docker run --rm -it --privileged --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh
Tools are downloaded in /tools directory.
You can set up the docker image with nice configurations like as:
To use access keys, tokens or API Keys in the docker review the next repo Offensive Docker Custom
To use both options you should use -v option to map local directoty with /offensive container directory.
Add the next line in step "Create shorcuts" in Dockerfile, build a new image and run a new container with the -v option.
RUN echo "alias vpnhtb=\"openvpn /offensive/path/to/ovpn/file\"" >> /root/.zshrc
Create a new Dockerfile with the next steps, build a new image and run a new container with -v option.
FROM aaaguirrep/offensive-docker
# Create a shortcut and load the ovpn file from workstation
RUN echo "alias vpnhtb=\"openvpn /offensive/path/to/ovpn/file\"" >> /root/.zshrc
When you delete a container all information is deleted incluide command history. The next configuration provides you an option for save the command history in your local environment and load it when you run a new container. So, you wont lose your command history when run a new container.
To use both options you should use -v option to map local directoty with /offensive container directory.
Add the next line in step "Create shorcuts" in Dockerfile, build a new image and run a new container.
# Save and load command history in your local environment
RUN sed -i '1i export HISTFILE="/history/.zsh_history"' /root/.zshrc
Create a new Dockerfile with the next steps, build a new image and run a new container.
FROM aaaguirrep/offensive-docker
# Save and load command history in your local environment
RUN sed -i '1i export HISTFILE="/history/.zsh_history"' /root/.zshrc
The image was tested in the following environments:
Docker service for Mac
Docker version 19.03.13, build 4484c46d9d
Docker service for Linux instance on Google Cloud Platform
Docker version 19.03.6, build 369ce74a3c
Docker service for Linux droplet on Digital Ocean
Docker version 19.03.6, build 369ce74a3c
Do not save information on container directories because it will be lost after delete the container, you should save information in your local environment using the parameter -v when you run the container. For instance:
docker run --rm -it -v /path/to/local/directory:/offensive --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh
The above command specify a path local directory mapped with /offensive container directory. You should save all information under /offensive directory.
Use hashcat and john the ripper on controlled environments as CTF. You can experiment issues.
Thanks for your donations, are always appreciated.
While I drink the coffee I check more tools to add in the docker image.
Thank you to all our contributors!
Copyright (c) 2020, Arsenio Aguirre