Docker for Pentester: Pentesting Framework

As we all know, now that we live in the world of Virtualization, most of the organizations are completely reliable on virtual services to fulfil their hardware and software requirements, such as cloud and Container. Containers like Docker are also quite famous techniques used by organizations to build a virtual application environment.

Today in this post we are setting up a docker-based Penetration testing environment for the pentesters to make the installation and configuration for various pentesting tools simple and fast.

Table of Content

• WPScan
• Sqlmap
• Dirbuster
• Nmap
• Python HTTP Server
• John the Ripper
• Metasploit
• Powershell Empire
• Impacket

WPScan

Now let’s continue with our first pentest tool which is used to scan the WordPress CMS-designed website known as WPScan. Open the terminal on your local machine and execute the following command as a superuser, it downloads and builds the docker package.

1	docker pull wpscanteam/wpscan

So we have a WordPress pentestlab, you can create your own wordpress pentestlab and learn more from here.

To use the WPScan docker image you just need to run following command and start pentesting your WordPress.

1	docker run -it --rm wpscanteam/wpscan --url http://192.168.1.105/wordpress/

SQLmap

As we have already told you how to develop your own docking penetration assessment platform, this is SQLMAP for SQL injection testing on our website as our next import pentesting tool. Run the next command, which pulls the SQLMAP docker image.

1	docker pull googlesky/sqlmap

Assuming testpphp.vulnweb.com is the target website I would like to use sqlmap to test SQL Injection for.

For use the SQLMAP docker image only you need to run the following command and start sql injection testing.

1	docker run -it googlesky/sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dbs --batch

Dirbuster

Move to our next pentest tool “Dirbuster”, which digs out the web directories and pages to reveal the sensitive data stored in the web application. Therefore, run the following command to pull the Dirbuster docker image.

1	docker pull hypnza/dirbuster

To use Dirbuster’s docker image only you need to run the following command and start testing for enumeration of web directories.

1	docker run -it hypnza/dirbuster -u http://testphp.vulnweb.com/

Nmap

How can we leave the network scanning’s most effective tool, my favourite NMAP penetration testing tool ? So, run the command below without waste of time and follow the steps

1	docker pull instrumentisto/nmap

Hopefully, you people know about nmap and its command, I’m just showing you how to use nmap docker image for network scanning.

1	docker run --rm -it instrumentisto/nmap -sV 192.168.1.108

HTTP Python Server

File transfer is another big part of penetration testing and we should not ignore that, so here I’m going to pull the python server docker image for HTTP.

1	docker pull trinitronx/python-simplehttpserver

Execute the following command to run the docker image on port 5555

1	docker run -d -v /tmp/:/var/www:ro -p 5555:8080 trinitronx/python-simplehttpserver

Now open the server IP over port 5555 and start downloading the file .

John the Ripper

Without a password cracking tool, the penetration testing framework would not be considered an ideal pentest system, so by executing the following command I pull the Johntheripper docker file.

1	docker pull obscuritylabs/johntheripper

Now, if you have a hash file in your machine, then run the following to make use of the docker image for john ripper to crack the password from inside the hash file.

1	docker run --rm -it -v ${PWD}:/root obscuritylabs/johntheripper --format=NT /root/hash

Metasploit

Metasploit is the most relevant and delegated tool for penetration testing. The manual installations of Metasploit often pose problems for a pentester. Run the following command to drag the Metasploit docker image to your local machine.

1	docker pull metasploitframework/metasploit-framework

To run the Metasploit docker file, execute the command given and proceed using the console in Metasploit.

1	docker run --rm -it -p 443:443 -v ${PWD}:/root/.msf4  metasploitframework/metasploit-framework

It functions exactly the same as we have Kali Linux as you can see from the picture below.

PowerShell Empire

Last but not least penetration testing tools are PowerShell Empire whose docker image we ‘re going to install, and to do this, just run the command below to pull the docker image out of the docker hub.

1	docker pull bcsecurity/empire

To run the Empire docker image to access the console, execute the given command and continue the way you use it.

1	docker run --rm -it -p 443:443 -v ${PWD}:/root/empire bcsecurity/empire

It functions exactly the same as we have Kali Linux as you can see from the picture below.

Impacket Toolkit

The most important tool for our Red Teamers is the Impacket and how we can neglect this tool in a pentest framework. Therefore, just execute the following without wasting time to pull the impacket docker image.

1	docker pull rflathers/impacket

As you know, there are so many python libraries within the impacket and here we use docker image to illustrate one of those libraries.

1	docker run --rm -it -p 445:445 rflathers/impacket psexec.py ignite/administrator:Ignite@987@192.168.1.106