Offensive Dockerfiles
This repository contains a collection of security-oriented tools as Dockerfiles.
This makes it easy to deploy various mission dependent tools using common cloud providers (AWS, Azure, Linode..).
The containers are built using Docker. Each container is made to suit required dependencies for each tool.
β Features
- Cross-platform deploy helper script included
- Manage cloud-based scans and attacks from your terminal
- Datacenter fiber internet connection, but still from your terminal!
- Keep your local environment clean from all those attack toolz
- βοΈ Become a real nomad ninja βοΈ
- Mix and match with the Red Team Infractructure Guide and Red Baron!
Efforts have been made to keep Dockerfiles minimal.
π Example with sqlmap:
git clone https://github.com/khast3x/Offensive-Dockerfiles.git
cd Offensive-Dockerfiles/sqlmap
docker build -t sqlmap .
docker run -it sqlmap:latest --wizard
π deployHelper binary demo:
π Working:
Name | Description |
---|---|
tulpar | Web Vulnerability Scanner |
nmap + Vulscan + Vulners scripts | Latest Nmap Scripting Engine (NSE) modules, as well as the Vulscan NSE script and the vulners API to NSE script. |
sqlmap | Automatic SQL injection and database takeover tool |
dcrawl | Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. |
V3n0m Scanner | Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns |
golismero | The Web Knife |
sqliv | massive SQL injection vulnerability scanner |
datasploit | Performs OSINT on a domain / email / username / phone |
gitminer | Tool for advanced mining for content on Github |
Cr3d0v3r | Know the dangers of credential reuse attacks |
UFONet | UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. |
Striker | Striker is an offensive information and vulnerability scanner |
emailHarvester | Email addresses harvester |
BruteX | Automatically brute force all services running on a target |
BlackWidow | A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website |
Shiva | Improved DOS exploit for wordpress websites (CVE-2018-6389) |
Memcrashed | This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io |
ctfr | Domain enumeration, it just abuses of Certificate Transparency logs |
twa | A tiny web auditor with strong opinions |
Photon | Incredibly fast crawler designed for OSINT |
CMSeek | CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs |
HashBuster | Crack hashes in seconds |
To push to repo (currently are sitting as forks)
- CloudScraper
- hershell
- Merlin
Notes:
- Adding them as I go. Don't expect production-ready images
- Uses either python-slim or python-alpine
- Tools will show help dialog if no arguments are passed