Pentest with Docker

Standard

Docker container for Penetration Testing

LEGAL DISCLAMER

The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent it’s illegal and punished by law.

docker for pentest

(https://hub.docker.com)

 

Note: The docker pull command serves for downloading Docker images from a registry (default pulls images from Docker Hub)

 

Official Kali Linux for Docker

Short Description: This Kali Linux Docker image provides a minimal base install of the latest version of the Kali Linux Rolling

Docker Pull Command:

docker pull kalilinux/kali-linux-docker

link

 

Metasploit for Docker

Short Description: Metasploit image with steroids (nmap, tor and postgress)

docker pull strm/metasploit

link

Metasploit Framework for Docker

Short Description: An image of the famous Metasploit-Framework tool for pentesting.

docker pull phocean/msf

link

 

Metasploitable2 for Docker

Metasploitable2 – pristine condition

docker pull meknisa/metasploitable-base

link

 

 

Social Engineer Toolkit (SET) for Docker

Short Description: Dockerfile for building a Social Engineer Toolkit (SET) container

link

 

OWASP Zed Attack Proxy for Docker

Short Description: Current stable OWASP Zed Attack Proxy release in embedded docker container

docker pull owasp/zap2docker-stable

link

WPSCAN for Docker

Short Description: WPScan is a black box WordPress vulnerability scanner

docker pull wpscanteam/wpscan

link

 

Damn Vulnerable Web Application (DVWA) for Docker

Short Description: Ubuntu container with v1.9 of Damn Vulnerable Web App (http://www.dvwa.co.uk/).

docker pull originalsix/docker-dvwa

link

 

Vulnerable WordPress for Docker

Short Description: Vulnerable WordPress container

docker pull wpscanteam/vulnerablewordpress

link

 

Dockerfile for BeEF (the Browser Exploitation Framework)

for Docker

Short Description: This Dockerfile allows to build a Docker image for the BeEF framework for XSS browser exploitation

docker pull janes/beef

link

 

OWASP Mutillidae II Web Pen-Test Practice Application

Short Description: Docker container for OWASP Mutillidae II Web Pen-Test Practice Application

docker pull citizenstig/nowasp

link

 

OWASP Juice Shop for Docker

Short Description: OWASP Juice Shop – An intentionally insecure Javascript Web Application

docker pull bkimminich/juice-shop

link

 

The Docker Bench for Security checks

Short Description: The Docker Bench for Security checks for all the automatable tests in the CIS Docker 1.6 Benchmark.

docker pull diogomonica/docker-bench-security

link

 

OpenDNS Security Ninjas AppSec Training for Docker

Short Description: Security Ninjas: An Open Source Application Security Training Program.

docker pull opendns/security-ninjas

link

 

OWASP WebGoat Project for Docker

Short Description: OWASP WebGoat Project docker image

docker pull danmx/docker-owasp-webgoat

link

 

The OWASP Security Shepherd project for Docker

Short Description: The OWASP Security Shepherd project is a web and mobile application security training platform.

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status.

docker pull ismisepaul/securityshepherd

link

 

The OWASP NodeGoat project for Docker

Short Description: The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

link

 

Shellshock (Vulnerability as a service) for Docker

Short Description: Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock.

This docker container is based on Debian Wheezy and has been modified to use a vulernable version of Bash (bash_4.2:2b:dfsg-0.1).

docker pull hmlio/vaas-cve-2014-6271

link

 

Heartbleed (Vulnerability as a service) for Docker

Short Description: Vulnerability as a service: showcasing CVS-2014-0160, a.k.a. Heartbleed

A Debian (Wheezy) Linux system with a vulnerable version of libssl and openssl and a web server to showcase CVS-2014-0160, a.k.a. Heartbleed.

docker pull hmlio/vaas-cve-2014-0160

link

 

SambaCry (Vulnerability as a service) for Docker

Short Description: SambaCry remote vulnerable environment with Samba 4.5.9

Samba in 4.5.9 version and before that is vulnerable to a remote code execution vulnerability named SambaCry. CVE-2017-7494 allows remote authenticated users to upload a shared library to a writable shared folder, and perform code execution attacks to take control of servers that host vulnerable Samba services.

docker pull vulnerables/cve-2017-7494

link

WackoPicko for Docker

Short Description: WackoPicko is a vulnerable web application used to test web application vulnerability scanners. (infos from github)

docker pull adamdoupe/wackopicko

link