Offensive Docker is an image with the more used tools to create an pentest environment easily and quickly.
β‘οΈ Note: Check out the next repo to know how to launch offensive docker in a VPS in Google Cloud Platform or Digital Ocean (free credit included). Offensive Docker VPS
- Links
- Features
- Requirements
- Tools installed
- π Documentation
- π οΈ Usage
- βοΈ Nice configurations
- β Environment tested
β οΈ Warning- β Donations
- Contributors
- Contributing
- π Stargazers over time
- License
- π¬ Video: Demos
- π¬ Chat: Discord
- π VPS Automation
- π Advanced configurations
- OS, networking, developing and pentesting tools installed.
- Connection to HTB (Hack the Box) vpn to access HTB machines.
- Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou.
- Proxy service to send traffic from any browsers and burp suite installed in your local directory.
- Exploit database installed.
- Tool for cracking password.
- Linux enumeration tools installed.
- Tools installed to discovery services running.
- Tools installed to directory fuzzing.
- Monitor for linux processes without root permissions
- Zsh shell installed.
- Docker service installed
- rdate
- vim
- zsh
- oh-my-zsh
- locate
- cifs-utils
- htop
- tree
- gotop
- fcrackzip
- traceroute
- telnet
- net-tools
- iputils-ping
- tcpdump
- openvpn
- whois
- host
- prips
- dig
- git
- curl
- wget
- ruby
- go
- python
- python-pip
- python3
- python3-pip
- php
- aws-cli
- tojson
- nodejs
- htbenum
- linux-smart-enumeration
- linenum
- enum4linux
- ldapdomaindump
- PEASS - Privilege Escalation Awesome Scripts SUITE
- Windows Exploit Suggester - Next Generation
- smbmap
- pspy - unprivileged Linux process snooping
- smbclient
- ftp
- evil-winrm
- impacket
- CrackMapExec
- Nishang
- Juicy Potato
- PowerSploit
- pass-the-hash
- mimikatz
- gpp-decrypt
- Netcat executables
- Plink executables
- pentest-tools from @gwen001
- qsreplace from @tomnomnom
- NmapExtractPorts from @s4vitar
- apache2
- squid
- ssh
- rsyslog
- Latex
See the project's wiki for documentation.
You can use the docker image by the next two options:
git clone --depth 1 https://github.com/aaaguirrep/offensive-docker.git
cd offensive-docker
docker build -t offensive-docker .
docker run --rm -it --name my-offensive-docker offensive-docker /bin/zsh
Use image from docker hub: aaaguirrep/offensive-docker
docker pull aaaguirrep/offensive-docker
docker run --rm -it --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh
There are differents use cases for use the image and you should know how to run the container properly.
-
Use the container to access HTB (Hack the Box) machines by HTB vpn.
docker run --rm -it --cap-add=NET_ADMIN --device=/dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh
-
Share information from your local directory to container directory and save information on your local directory. You should save information under /offensive directory.
docker run --rm -it -v /path/to/local/directory:/offensive --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh
-
Expose internal container services (apache, squid) for your local environment.
docker run --rm -it --name my-offensive-docker -p 80:80 -p 3128:3128 aaaguirrep/offensive-docker /bin/zsh
Inside the container start apache2 and squid services by the aliases.
apacheUp squidUp
-
Mount directories by umount command.
docker run --rm -it --privileged --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh
-
Tools are downloaded in /tools directory.
You can set up the docker image with nice configurations like as:
To use access keys, tokens or API Keys in the docker review the next repo Offensive Docker Custom
To use both options you should use -v option to map local directoty with /offensive container directory.
Add the next line in step "Create shorcuts" in Dockerfile, build a new image and run a new container with the -v option.
RUN echo "alias vpnhtb=\"openvpn /offensive/path/to/ovpn/file\"" >> /root/.zshrc
Create a new Dockerfile with the next steps, build a new image and run a new container with -v option.
FROM aaaguirrep/offensive-docker
# Create a shortcut and load the ovpn file from workstation
RUN echo "alias vpnhtb=\"openvpn /offensive/path/to/ovpn/file\"" >> /root/.zshrc
When you delete a container all information is deleted incluide command history. The next configuration provides you an option for save the command history in your local environment and load it when you run a new container. So, you wont lose your command history when run a new container.
To use both options you should use -v option to map local directoty with /offensive container directory.
Add the next line in step "Create shorcuts" in Dockerfile, build a new image and run a new container.
# Save and load command history in your local environment
RUN sed -i '1i export HISTFILE="/history/.zsh_history"' /root/.zshrc
Create a new Dockerfile with the next steps, build a new image and run a new container.
FROM aaaguirrep/offensive-docker
# Save and load command history in your local environment
RUN sed -i '1i export HISTFILE="/history/.zsh_history"' /root/.zshrc
The image was tested in the following environments:
-
Docker service for Mac
Docker version 19.03.13, build 4484c46d9d
-
Docker service for Linux instance on Google Cloud Platform
Docker version 19.03.6, build 369ce74a3c
-
Docker service for Linux droplet on Digital Ocean
Docker version 19.03.6, build 369ce74a3c
-
Do not save information on container directories because it will be lost after delete the container, you should save information in your local environment using the parameter -v when you run the container. For instance:
docker run --rm -it -v /path/to/local/directory:/offensive --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh
The above command specify a path local directory mapped with /offensive container directory. You should save all information under /offensive directory.
-
Use hashcat and john the ripper on controlled environments as CTF. You can experiment issues.
Thanks for your donations, are always appreciated.
While I drink the coffee I check more tools to add in the docker image.
Thank you to all our contributors!
Copyright (c) 2020, Arsenio Aguirre