Pentest with Docker

Standard

Docker container for Penetration Testing

LEGAL DISCLAMER

The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent it’s illegal and punished by law.

docker for pentest

(https://hub.docker.com)

 

Note: The docker pull command serves for downloading Docker images from a registry (default pulls images from Docker Hub)

 

Official Kali Linux for Docker

Short Description: This Kali Linux Docker image provides a minimal base install of the latest version of the Kali Linux Rolling

Docker Pull Command:

docker pull kalilinux/kali-linux-docker

link

 

Metasploit for Docker

Short Description: Metasploit image with steroids (nmap, tor and postgress)

docker pull strm/metasploit

link

Metasploit Framework for Docker

Short Description: An image of the famous Metasploit-Framework tool for pentesting.

docker pull phocean/msf

link

 

Metasploitable2 for Docker

Metasploitable2 – pristine condition

docker pull meknisa/metasploitable-base

link

 

 

Social Engineer Toolkit (SET) for Docker

Short Description: Dockerfile for building a Social Engineer Toolkit (SET) container

link

 

OWASP Zed Attack Proxy for Docker

Short Description: Current stable OWASP Zed Attack Proxy release in embedded docker container

docker pull owasp/zap2docker-stable

link

WPSCAN for Docker

Short Description: WPScan is a black box WordPress vulnerability scanner

docker pull wpscanteam/wpscan

link

 

Damn Vulnerable Web Application (DVWA) for Docker

Short Description: Ubuntu container with v1.9 of Damn Vulnerable Web App (http://www.dvwa.co.uk/).

docker pull originalsix/docker-dvwa

link

 

Vulnerable WordPress for Docker

Short Description: Vulnerable WordPress container

docker pull wpscanteam/vulnerablewordpress

link

 

Dockerfile for BeEF (the Browser Exploitation Framework)

for Docker

Short Description: This Dockerfile allows to build a Docker image for the BeEF framework for XSS browser exploitation

docker pull janes/beef

link

 

OWASP Mutillidae II Web Pen-Test Practice Application

Short Description: Docker container for OWASP Mutillidae II Web Pen-Test Practice Application

docker pull citizenstig/nowasp

link

 

OWASP Juice Shop for Docker

Short Description: OWASP Juice Shop – An intentionally insecure Javascript Web Application

docker pull bkimminich/juice-shop

link

 

The Docker Bench for Security checks

Short Description: The Docker Bench for Security checks for all the automatable tests in the CIS Docker 1.6 Benchmark.

docker pull diogomonica/docker-bench-security

link

 

OpenDNS Security Ninjas AppSec Training for Docker

Short Description: Security Ninjas: An Open Source Application Security Training Program.

docker pull opendns/security-ninjas

link

 

OWASP WebGoat Project for Docker

Short Description: OWASP WebGoat Project docker image

docker pull danmx/docker-owasp-webgoat

link

 

The OWASP Security Shepherd project for Docker

Short Description: The OWASP Security Shepherd project is a web and mobile application security training platform.

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status.

docker pull ismisepaul/securityshepherd

link

 

The OWASP NodeGoat project for Docker

Short Description: The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

link

 

Shellshock (Vulnerability as a service) for Docker

Short Description: Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock.

This docker container is based on Debian Wheezy and has been modified to use a vulernable version of Bash (bash_4.2:2b:dfsg-0.1).

docker pull hmlio/vaas-cve-2014-6271

link

 

Heartbleed (Vulnerability as a service) for Docker

Short Description: Vulnerability as a service: showcasing CVS-2014-0160, a.k.a. Heartbleed

A Debian (Wheezy) Linux system with a vulnerable version of libssl and openssl and a web server to showcase CVS-2014-0160, a.k.a. Heartbleed.

docker pull hmlio/vaas-cve-2014-0160

link

 

SambaCry (Vulnerability as a service) for Docker

Short Description: SambaCry remote vulnerable environment with Samba 4.5.9

Samba in 4.5.9 version and before that is vulnerable to a remote code execution vulnerability named SambaCry. CVE-2017-7494 allows remote authenticated users to upload a shared library to a writable shared folder, and perform code execution attacks to take control of servers that host vulnerable Samba services.

docker pull vulnerables/cve-2017-7494

link

WackoPicko for Docker

Short Description: WackoPicko is a vulnerable web application used to test web application vulnerability scanners. (infos from github)

docker pull adamdoupe/wackopicko

link

ITSEC NEWS

Standard

ITSEC NEWS RESSOURCES

ec

Darkreading.com / twitter: @DarkReading

Dark Reading.com encompasses ten communities, each of which drills deeper into the enterprise security challenge: Attacks & Breaches, Application Security, Cloud Security, Data Leaks & Insider Threats, Endpoint Security & Privacy, Mobile Security, Network & Perimeter Security, Risk Management & Compliance, Security Management & Analytics, and Vulnerabilities and Threats. Each community is led by editors and subject matter experts who collaborate with security researchers, technology specialists, industry analysts and other Dark Reading members to provide timely, accurate and informative articles that lead to spirited discussions.

 

securityaffairs.co / twitter: @securityaffairs

Pierluigi Paganini, the founder, ENISA ETL Group, Cyber G7 Group Italy Summit, Ethical Hacker, Researcher, Security Evangelist, Security Analyst.

 

social-engineer.org / twitter: @humanhacker

The Social-Engineer Podcast is a monthly discussion hosted by a panel of security experts that make up the SEORG Crew. We include guests from diverse backgrounds to discuss human behavior and its implications for information security.

 

fifthdomain.com / twitter: @theFifthDomain

Fifth Domain fills that role as a central hub for news, information and collaboration, whether you’re a cyber pro or just getting started.

 

securitymagazine.com / twitter: @SecurityMag

Fifth Domain fills that role as a central hub for news, information and collaboration, whether you’re a cyber pro or just getting started.

 

threatpost.com / twitter: @threatpost

Threatpost is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.

 

zataz.com / twitter: @zataz

L’actu grand public: #zataz #cybersecurite (french website)

 

bbc.com – cybersecurity / twitter: none

BBC News provides trusted World and UK news as well as local and regional perspectives

 

securityweek.com / twitter: @SecurityWeek

IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information Security Industry Expert insights and analysis from IT security experts around the world.

 

scmagazine.com / twitter: @SCMagaziner

Breaking news on cybersecurity, cybercrime, industry insight and security product reviews at SC Media.

 

cnbc.com – cybersecurity / twitter: @CNBC

Latest news on cybersecurity including online standards, hacking awareness, and increasing digital defense.

 

hackingarticles / twitter: @rajchandel

Hacking articles (Blog) / Raj Chandel’s Blog

 

pentestit.com / twitter: @pentestit

Your source for all things Information Security (India)

 

securityonline.info / twitter: @the_yellow_fall

Security Training Share

 

blog.sucuri.net / twitter: @sucurisecurity

Learn about website security, emerging vulnerabilities, and web malware infections from our team of website security researchers.

 

darknet.org.uk / twitter: @THEdarknet

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

 

pentestmag.com / twitter: @PenTestMag

PenTest Magazine is a monthly downloadable IT security magazine, devoted exclusively to penetration testing. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. We cover all aspects of pen testing, from theory to practice, from methodologies and standards to tools and real-life solutions. Each magazine features a cover focus, and articles from our regular contributors, covering IT security news and up-to-date topics.

 

securityonline.info / twitter: @the_yellow_fall

Security Training Share

 

blog.sucuri.net /twitter:@sucurisecurity

Learn about website security, emerging vulnerabilities, and web malware infections from our team of website security researchers.

 

darknet.org.uk/ twitter: @THEdarknet

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pentesting.

 

pentestmag.com /twitter: @PenTestMag

PenTest Magazine is a monthly downloadable IT security magazine, devoted exclusively to penetration testing. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. We cover all aspects of pen testing, from theory to practice, from methodologies and standards to tools and real-life solutions. Each magazine features a cover focus, and articles from our regular contributors, covering IT security news and up-to-date topics.

 

 

 

 

 

 

 

 

Feel free to add others sources in comments, so i can add it on this page 😉
Thanks

**