├── .gitignore ├── conf ├── resolv.conf ├── locale.gen ├── conf.fish ├── database.yml ├── .tmux.conf ├── database.sql ├── dns_proxy.conf └── proxychains.conf ├── bin ├── p0f ├── dirb ├── hydra ├── nikto ├── nmap ├── crunch ├── dnsenum ├── hping3 ├── httrack ├── joomscan ├── medusa ├── msfvenom ├── patator ├── sqlmap ├── sslscan ├── wafw00f ├── wpscan ├── dotdotpwn ├── enum4linux ├── setoolkit ├── snmp-check ├── theharvester ├── smtp-user-enum └── msfconsole ├── scripts └── rename.sh ├── LICENSE ├── README.md └── Dockerfile /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store -------------------------------------------------------------------------------- /conf/resolv.conf: -------------------------------------------------------------------------------- 1 | 8.8.8.8 2 | -------------------------------------------------------------------------------- /conf/locale.gen: -------------------------------------------------------------------------------- 1 | en_US.UTF-8 UTF-8 2 | -------------------------------------------------------------------------------- /bin/p0f: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest p0f $@ 4 | -------------------------------------------------------------------------------- /bin/dirb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest dirb $@ 4 | -------------------------------------------------------------------------------- /bin/hydra: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest hydra $@ 4 | -------------------------------------------------------------------------------- /bin/nikto: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest nikto $@ 4 | -------------------------------------------------------------------------------- /bin/nmap: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest nmap $@ 4 | -------------------------------------------------------------------------------- /bin/crunch: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest crunch $@ 4 | -------------------------------------------------------------------------------- /bin/dnsenum: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest dnsenum $@ 4 | -------------------------------------------------------------------------------- /bin/hping3: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest hping3 $@ 4 | -------------------------------------------------------------------------------- /bin/httrack: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest httrack $@ 4 | -------------------------------------------------------------------------------- /bin/joomscan: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest joomscan $@ 4 | -------------------------------------------------------------------------------- /bin/medusa: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest medusa $@ 4 | -------------------------------------------------------------------------------- /bin/msfvenom: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest msfvenom $@ 4 | -------------------------------------------------------------------------------- /bin/patator: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest patator $@ 4 | -------------------------------------------------------------------------------- /bin/sqlmap: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest sqlmap $@ 4 | -------------------------------------------------------------------------------- /bin/sslscan: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest sslscan $@ 4 | -------------------------------------------------------------------------------- /bin/wafw00f: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest wafw00f $@ 4 | -------------------------------------------------------------------------------- /bin/wpscan: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest wpscan $@ 4 | -------------------------------------------------------------------------------- /bin/dotdotpwn: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest dotdotpwn $@ 4 | -------------------------------------------------------------------------------- /bin/enum4linux: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest enum4linux $@ 4 | -------------------------------------------------------------------------------- /bin/setoolkit: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest setoolkit $@ 4 | -------------------------------------------------------------------------------- /bin/snmp-check: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest snmp-check $@ 4 | -------------------------------------------------------------------------------- /bin/theharvester: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest theharvester $@ 4 | -------------------------------------------------------------------------------- /bin/smtp-user-enum: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -it pentest smtp-user-enum $@ 4 | -------------------------------------------------------------------------------- /conf/conf.fish: -------------------------------------------------------------------------------- 1 | /opt/dns/dns_proxy 2 | 3 | alias ne="emacs -nw" 4 | alias reload="source ~/.config/fish/conf.d/conf.fish" 5 | -------------------------------------------------------------------------------- /bin/msfconsole: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker exec -t pentest /etc/init.d/postgresql start 4 | sleep 3 5 | docker exec -it pentest msfconsole $@ 6 | -------------------------------------------------------------------------------- /conf/database.yml: -------------------------------------------------------------------------------- 1 | production: 2 | adapter: postgresql 3 | database: msfdb 4 | username: msf 5 | password: MyS3cr$t 6 | host: 127.0.0.1 7 | port: 5432 8 | pool: 75 9 | timeout: 5 -------------------------------------------------------------------------------- /scripts/rename.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | function usage { 4 | echo "Usage: ./rename.sh PATH SRC DEST" 5 | exit 0 6 | } 7 | 8 | if [ $# != 3 ] 9 | then 10 | usage 11 | fi 12 | 13 | for filename in $1/* 14 | do 15 | sed -i.bu "s/$2/$3/g" $filename 16 | rm "$filename.bu" 17 | done -------------------------------------------------------------------------------- /conf/.tmux.conf: -------------------------------------------------------------------------------- 1 | bind-key C-h split-window -h 2 | bind-key C-v split-window -v 3 | 4 | bind-key C-j select-pane -L 5 | bind-key C-i select-pane -U 6 | bind-key C-l select-pane -R 7 | bind-key C-k select-pane -D 8 | 9 | set-option -g default-shell /usr/bin/fish 10 | 11 | # Design 12 | 13 | set -g status-bg black 14 | set -g status-fg white 15 | 16 | set -g pane-border-bg colour235 17 | set -g pane-border-fg colour238 18 | set -g pane-active-border-bg colour236 19 | set -g pane-active-border-fg colour51 20 | 21 | -------------------------------------------------------------------------------- /conf/database.sql: -------------------------------------------------------------------------------- 1 | update pg_database set datallowconn = TRUE where datname = 'template0'; 2 | \c template0 3 | update pg_database set datistemplate = FALSE where datname = 'template1'; 4 | drop database template1; 5 | create database template1 with template = template0 encoding = 'UTF8'; 6 | update pg_database set datistemplate = TRUE where datname = 'template1'; 7 | \c template1 8 | update pg_database set datallowconn = FALSE where datname = 'template0'; 9 | create user msf; 10 | alter user msf with encrypted password 'MyS3cr$t'; 11 | alter user msf CREATEDB; 12 | \q -------------------------------------------------------------------------------- /conf/dns_proxy.conf: -------------------------------------------------------------------------------- 1 | # set the port of the socks proxy 2 | socks_port = 1337 3 | 4 | # set the address of the socks proxy 5 | socks_addr = 172.17.0.3 6 | 7 | # set the listen address of the dns proxy 8 | listen_addr = 127.0.0.1 9 | 10 | # set the listen port of the dns proxy 11 | listen_port = 53 12 | 13 | # set the username to drop to 14 | set_user = root 15 | 16 | # set the group name to drop to 17 | set_group = root 18 | 19 | # file to read as resolv.conf 20 | resolv_conf = resolv.conf 21 | 22 | # file to log to, should be /dev/null unless debugging 23 | log_file = /dev/null 24 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Nitrax - nitrax@lokisec.fr 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /conf/proxychains.conf: -------------------------------------------------------------------------------- 1 | # proxychains.conf VER 3.1 2 | # 3 | # HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS. 4 | # 5 | 6 | # The option below identifies how the ProxyList is treated. 7 | # only one option should be uncommented at time, 8 | # otherwise the last appearing option will be accepted 9 | # 10 | #dynamic_chain 11 | # 12 | # Dynamic - Each connection will be done via chained proxies 13 | # all proxies chained in the order as they appear in the list 14 | # at least one proxy must be online to play in chain 15 | # (dead proxies are skipped) 16 | # otherwise EINTR is returned to the app 17 | # 18 | strict_chain 19 | # 20 | # Strict - Each connection will be done via chained proxies 21 | # all proxies chained in the order as they appear in the list 22 | # all proxies must be online to play in chain 23 | # otherwise EINTR is returned to the app 24 | # 25 | #random_chain 26 | # 27 | # Random - Each connection will be done via random proxy 28 | # (or proxy chain, see chain_len) from the list. 29 | # this option is good to test your IDS :) 30 | 31 | # Make sense only if random_chain 32 | #chain_len = 2 33 | 34 | # Quiet mode (no output from library) 35 | quiet_mode 36 | 37 | # Proxy DNS requests - no leak for DNS data 38 | proxy_dns 39 | 40 | # Some timeouts in milliseconds 41 | tcp_read_time_out 15000 42 | tcp_connect_time_out 8000 43 | 44 | # ProxyList format 45 | # type host port [user pass] 46 | # (values separated by 'tab' or 'blank') 47 | # 48 | # 49 | # Examples: 50 | # 51 | # socks5 192.168.67.78 1080 lamer secret 52 | # http 192.168.89.3 8080 justu hidden 53 | # socks4 192.168.1.49 1080 54 | # http 192.168.39.93 8080 55 | # 56 | # 57 | # proxy types: http, socks4, socks5 58 | # ( auth types supported: "basic"-http "user/pass"-socks ) 59 | # 60 | [ProxyList] 61 | # add proxy here ... 62 | # meanwile 63 | # defaults set to "tor" 64 | socks4 172.17.0.3 1337 65 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # p0wn-box 2 | 3 | # Purpose 4 | 5 | This Dockerfile builds a Debian-based Docker container with a bunch of pentesting tools installed. 6 | 7 | **A quick and easy way to deploy a pentesting platform on any box, including Linux, MacOS or Windows!** 8 | 9 | Tools installed: 10 | 11 | - dirb 12 | - john 13 | - p0f 14 | - patator 15 | - dotdotpwn 16 | - enum4linux 17 | - dnsenum 18 | - smtp-user-enum 19 | - hydra 20 | - wpscan 21 | - snmpcheck 22 | - wafw00f 23 | - medusa 24 | - hping3 25 | - crunch 26 | - setoolkit 27 | - metasploit 28 | - httrack 29 | - SQLmap 30 | - nmap 31 | - SSLscan 32 | - joomscan 33 | - theharvester 34 | - tcpdump 35 | - openvpn 36 | - nikto 37 | - telnet 38 | - proxychains 39 | - htop 40 | - DNS SOCKS Proxy 41 | 42 | It also includes: 43 | 44 | - Wordlists from Kali Linux 45 | - Webshells from Kali Linux 46 | - A binary folder, allowing to easily run each binary independently 47 | - fish shell & tmux 48 | 49 | # Prebuild image 50 | 51 | You can pull the official image from the dockerhub registry using the following command: 52 | 53 | ```bash 54 | docker pull nitr4x/reversing 55 | ``` 56 | 57 | # Build 58 | 59 | To build the container, just use this command: 60 | 61 | ```bash 62 | docker build -t pentest . 63 | ``` 64 | 65 | Docker will download the Debian image and then execute the installation steps. 66 | 67 | > Be patient, the process can be quite long the first time. 68 | 69 | Note that you may want to: 70 | 71 | - If you wish to change the container name, please, run the script rename.sh in order to update the bin folder. 72 | - To easily access each command, add the bin folder to your environment PATH. 73 | 74 | # Run 75 | 76 | Once the build process is over, get and enjoy your tools as you were on a virtual machine ! 77 | 78 | ```bash 79 | sudo docker run -td -p 0.0.0.0:9990-9999:9990-9999 -v ~/p0wnM3/:/tmp/data --name pentest pentest 80 | ``` 81 | 82 | Explanations: 83 | 84 | - We map the port range from 9990 to 9999 to our host (useful for reverse tcp connexion) 85 | - We mount a shared folder to simplify the data exchange between the container and the host 86 | 87 | Of course, it is up to you to adjust it to your taste or need. 88 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:jessie 2 | 3 | MAINTAINER Nitrax 4 | 5 | # Adding Kali repository 6 | RUN echo 'deb http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list 7 | RUN echo 'deb-src http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list 8 | 9 | RUN gpg --keyserver pgpkeys.mit.edu --recv-key ED444FF07D8D0BF6 10 | RUN gpg -a --export ED444FF07D8D0BF6 | apt-key add - 11 | 12 | # Requirements 13 | RUN apt-get update && apt-get -y install build-essential git libswitch-perl liblwp-useragent-determined-perl wget tmux vim locales emacs python-pip net-tools 14 | 15 | # Installing tools 16 | RUN apt-get -y install dirb john p0f patator dotdotpwn enum4linux dnsenum smtp-user-enum wordlists hydra snmpcheck hping3 wafw00f crunch medusa set wpscan httrack nmap sslscan sqlmap joomscan theharvester webshells tcpdump openvpn nikto proxychains htop telnet 17 | 18 | # Setting and lauching postgresql 19 | ADD ./conf/database.sql /tmp/ 20 | RUN /etc/init.d/postgresql start && su postgres -c "psql -f /tmp/database.sql" 21 | USER root 22 | ADD ./conf/database.yml /usr/share/metasploit-framework/config/ 23 | 24 | # Setting fish shell 25 | RUN echo 'deb http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_8.0/ /' >> /etc/apt/sources.list.d/fish.list 26 | RUN wget -qO - http://download.opensuse.org/repositories/shells:fish:release:2/Debian_8.0/Release.key | apt-key add - 27 | RUN apt update 28 | RUN apt -y install fish 29 | ADD conf/conf.fish /root/.config/fish/conf.d/ 30 | 31 | WORKDIR /opt 32 | 33 | # Install oh-my-fish 34 | RUN git clone https://github.com/oh-my-fish/oh-my-fish omf 35 | RUN /opt/omf/bin/install --offline --noninteractive 36 | RUN echo "omf install godfather" | fish 37 | 38 | # Setting tmux 39 | ADD conf/locale.gen /etc/ 40 | ADD conf/.tmux.conf /root/ 41 | RUN locale-gen 42 | 43 | # Setting proxy dns 44 | RUN git clone https://github.com/jtripper/dns-tcp-socks-proxy.git dns 45 | WORKDIR /opt/dns 46 | RUN make 47 | ADD conf/dns_proxy.conf /opt/dns/ 48 | ADD conf/resolv.conf /opt/dns 49 | 50 | # Setting proxychains 51 | ADD conf/proxychains.conf /etc/ 52 | 53 | # Setting shared folder 54 | VOLUME /tmp/data 55 | 56 | WORKDIR /tmp/data 57 | --------------------------------------------------------------------------------