Tools & Skills
- Windows Subsystem for Linux (WSL) || Linux OS (Debian preferred)
- Basic GNU-Linux command line knowledge
- Basic Docker/Docker-Compose CLI knowledge.
Are you wanting to build a low profile & portable pen-testing lab to assist with building your skills while learning how to use docker containers? Keep on reading!
I have built a pair of scripts that will do the following..
- Update/Upgrade your linux/wsl environment
- Install docker-ce
- pull an official kali docker container
- pull a variety of vulnerable docker images
- Allow a user to choose which vulnerable app to provision.
- Run the containers on a local web browser
THE CURRENT CONTAINERS
. I decided to just use this in order to keep the image size smaller and portable. (Docker is meant for singular use apps).
apt-get install metasploit-framework.
The vulnerable containers consist the following.
- Webgoat 8.0
They are focused on WAP for now, but the goal is to have the list grow and become dynamic in nature.
The result of running option 1 – Juice Shop
The app running locally on your browser.
Kill your containers with the following.
- docker kill
—-> Above example “docker kill juice_shop”
- docker rm
—–> Above example “docker rm juice_shop”
doing docker system prune
and using the
- Convert this to a full dockerfile rather than 2 separate scripts.
- Kill and remove containers after 5 failed health checks
- Leverage a dockerfile to autorun the provisioning script of Hack_lab container
- Add OWASP Security Shepherd (WIP)
- Add NodeGoat (WIP)
please feel free to add-on to this or send me ideas to help improve!