• This repository has been archived on 30/Dec/2019
  • Stars
    star
    199
  • Rank 196,105 (Top 4 %)
  • Language
    Python
  • Created about 7 years ago
  • Updated about 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Offensive tools as Dockerfiles. Lightweight & Ready to go


Offensive Dockerfiles

Security-oriented Docker containers, ready to fire!
Offensive-Dockerfiles


This repository contains a collection of security-oriented tools as Dockerfiles.

This makes it easy to deploy various mission dependent tools using common cloud providers (AWS, Azure, Linode..).

The containers are built using Docker. Each container is made to suit required dependencies for each tool.


⭐ Features

  • Cross-platform deploy helper script included
  • Manage cloud-based scans and attacks from your terminal
  • Datacenter fiber internet connection, but still from your terminal!
  • Keep your local environment clean from all those attack toolz
  • ☁️ Become a real nomad ninja ☁️
  • Mix and match with the Red Team Infractructure Guide and Red Baron!

Efforts have been made to keep Dockerfiles minimal.

πŸ” Example with sqlmap:

git clone https://github.com/khast3x/Offensive-Dockerfiles.git
cd Offensive-Dockerfiles/sqlmap
docker build -t sqlmap .
docker run -it sqlmap:latest --wizard

πŸ” deployHelper binary demo:

πŸš€ Working:

Name Description
tulpar Web Vulnerability Scanner
nmap + Vulscan + Vulners scripts Latest Nmap Scripting Engine (NSE) modules, as well as the Vulscan NSE script and the vulners API to NSE script.
sqlmap Automatic SQL injection and database takeover tool
dcrawl Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names.
V3n0m Scanner Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
golismero The Web Knife
sqliv massive SQL injection vulnerability scanner
datasploit Performs OSINT on a domain / email / username / phone
gitminer Tool for advanced mining for content on Github
Cr3d0v3r Know the dangers of credential reuse attacks
UFONet UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
Striker Striker is an offensive information and vulnerability scanner
emailHarvester Email addresses harvester
BruteX Automatically brute force all services running on a target
BlackWidow A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website
Shiva Improved DOS exploit for wordpress websites (CVE-2018-6389)
Memcrashed This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io
ctfr Domain enumeration, it just abuses of Certificate Transparency logs
twa A tiny web auditor with strong opinions
Photon Incredibly fast crawler designed for OSINT
CMSeek CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs
HashBuster Crack hashes in seconds

To push to repo (currently are sitting as forks)

  • CloudScraper
  • hershell
  • Merlin

Notes:

  • Adding them as I go. Don't expect production-ready images
  • Uses either python-slim or python-alpine
  • Tools will show help dialog if no arguments are passed