Docker container for Penetration Testing
The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent it’s illegal and punished by law.
Note: The docker pull command serves for downloading Docker images from a registry (default pulls images from Docker Hub)
Official Kali Linux for Docker
Short Description: This Kali Linux Docker image provides a minimal base install of the latest version of the Kali Linux Rolling
Docker Pull Command:
docker pull kalilinux/kali-linux-docker
Metasploit for Docker
Short Description: Metasploit image with steroids (nmap, tor and postgress)
docker pull strm/metasploit
Metasploit Framework for Docker
Short Description: An image of the famous Metasploit-Framework tool for pentesting.
docker pull phocean/msf
Metasploitable2 for Docker
Metasploitable2 – pristine condition
docker pull meknisa/metasploitable-base
Social Engineer Toolkit (SET) for Docker
Short Description: Dockerfile for building a Social Engineer Toolkit (SET) container
OWASP Zed Attack Proxy for Docker
Short Description: Current stable OWASP Zed Attack Proxy release in embedded docker container
docker pull owasp/zap2docker-stable
WPSCAN for Docker
Short Description: WPScan is a black box WordPress vulnerability scanner
docker pull wpscanteam/wpscan
Damn Vulnerable Web Application (DVWA) for Docker
Short Description: Ubuntu container with v1.9 of Damn Vulnerable Web App (http://www.dvwa.co.uk/).
docker pull originalsix/docker-dvwa
Vulnerable WordPress for Docker
Short Description: Vulnerable WordPress container
docker pull wpscanteam/vulnerablewordpress
Dockerfile for BeEF (the Browser Exploitation Framework)
Short Description: This Dockerfile allows to build a Docker image for the BeEF framework for XSS browser exploitation
docker pull janes/beef
OWASP Mutillidae II Web Pen-Test Practice Application
Short Description: Docker container for OWASP Mutillidae II Web Pen-Test Practice Application
docker pull citizenstig/nowasp
OWASP Juice Shop for Docker
docker pull bkimminich/juice-shop
The Docker Bench for Security checks
Short Description: The Docker Bench for Security checks for all the automatable tests in the CIS Docker 1.6 Benchmark.
docker pull diogomonica/docker-bench-security
OpenDNS Security Ninjas AppSec Training for Docker
Short Description: Security Ninjas: An Open Source Application Security Training Program.
docker pull opendns/security-ninjas
OWASP WebGoat Project for Docker
Short Description: OWASP WebGoat Project docker image
docker pull danmx/docker-owasp-webgoat
The OWASP Security Shepherd project for Docker
Short Description: The OWASP Security Shepherd project is a web and mobile application security training platform.
The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status.
docker pull ismisepaul/securityshepherd
The OWASP NodeGoat project for Docker
Short Description: The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
Shellshock (Vulnerability as a service) for Docker
Short Description: Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock.
This docker container is based on Debian Wheezy and has been modified to use a vulernable version of Bash (bash_4.2:2b:dfsg-0.1).
docker pull hmlio/vaas-cve-2014-6271
Heartbleed (Vulnerability as a service) for Docker
Short Description: Vulnerability as a service: showcasing CVS-2014-0160, a.k.a. Heartbleed
A Debian (Wheezy) Linux system with a vulnerable version of libssl and openssl and a web server to showcase CVS-2014-0160, a.k.a. Heartbleed.
docker pull hmlio/vaas-cve-2014-0160
SambaCry (Vulnerability as a service) for Docker
Short Description: SambaCry remote vulnerable environment with Samba 4.5.9
Samba in 4.5.9 version and before that is vulnerable to a remote code execution vulnerability named SambaCry. CVE-2017-7494 allows remote authenticated users to upload a shared library to a writable shared folder, and perform code execution attacks to take control of servers that host vulnerable Samba services.
docker pull vulnerables/cve-2017-7494
WackoPicko for Docker
Short Description: WackoPicko is a vulnerable web application used to test web application vulnerability scanners. (infos from github)
docker pull adamdoupe/wackopicko