├── .dockerignore ├── .github ├── FUNDING.yml └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── .gitignore ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── Dockerfile ├── LICENSE ├── README.md ├── img └── banner.jpg ├── requirements_pip.txt └── shell ├── alias ├── banner └── customFunctions /.dockerignore: -------------------------------------------------------------------------------- 1 | .gitignore 2 | README.md -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | # github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] 4 | # patreon: # Replace with a single Patreon username 5 | # open_collective: # Replace with a single Open Collective username 6 | # ko_fi: # Replace with a single Ko-fi username 7 | # tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | # community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | # liberapay: # Replace with a single Liberapay username 10 | # issuehunt: # Replace with a single IssueHunt username 11 | # otechie: # Replace with a single Otechie username 12 | custom: ['https://www.buymeacoffee.com/aaaguirrep'] 13 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 16 | 1. Go to '...' 17 | 2. Click on '....' 18 | 3. Scroll down to '....' 19 | 4. See error 20 | 21 | **Expected behavior** 22 | A clear and concise description of what you expected to happen. 23 | 24 | **Screenshots** 25 | If applicable, add screenshots to help explain your problem. 26 | 27 | **Desktop (please complete the following information):** 28 | 29 | - OS: [e.g. Win, Lin, macOS] 30 | - Docker version [e.g. 22] 31 | 32 | **Additional context** 33 | Add any other context about the problem here. 34 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aaaguirrep/offensive-docker/05f049fda05d258469293c9f2886c4fef38829d7/.gitignore -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog for Docker image 2 | 3 | 4 | ## 0.3.4 5 | 6 | * update hashcat and PEASS 7 | 8 | ## 0.3.3 9 | 10 | * Add sqlite3 11 | * Upgrade pip for python3 12 | * Merge requeriments.txt file 13 | * Update repo for enum4linux 14 | * Add enum4linux-ng 15 | 16 | ## 0.3.2 17 | 18 | * feat: add rsyslog and fcrackzip 19 | * feat: add texlive-full and latexmk 20 | 21 | ## 0.3.1 22 | 23 | * feat: add ssh service. 24 | * feat: add plink and netcat executables. 25 | * fix: change crowbar installation 26 | 27 | ## 0.3.0 28 | 29 | * feat: update amass and change wafw00f installation mode 30 | 31 | ## 0.2.9 32 | 33 | * feat: update amass 34 | 35 | ## 0.2.8 36 | 37 | * feat: add Bo0om wordlist 38 | 39 | ## 0.2.7 40 | 41 | * feat: update packages 42 | 43 | ## 0.2.6 44 | 45 | * feat: add tree and jaeles 46 | 47 | ## 0.2.5 48 | 49 | * feat: add naabu 50 | 51 | ## 0.2.4 52 | 53 | * feat: add httpx 54 | 55 | ## 0.2.3 56 | 57 | * feat: add apktool 58 | 59 | ## 0.2.2 60 | 61 | * feat: add jwt_tool 62 | 63 | ## 0.2.1.1 64 | 65 | * fix: dalfox installation 66 | 67 | ## 0.2.1 68 | 69 | * feat: add GitTools 70 | 71 | ## 0.2.0 72 | 73 | * feat: add aws-cli and php 74 | * feat: add all.txt wordlist, gau, otxurls, node and zsh plugins 75 | * feat: add subjs 76 | 77 | ## 0.1.9 78 | 79 | * feat: add gotop, kxss and dalfox 80 | * refactor: change go env variables 81 | * docs: fix README.md file 82 | * feat: add hakcheckurl and haktldextract 83 | * feat: add dig and tojson 84 | * feat: add SubOver and tko-subs 85 | 86 | ## 0.1.8 87 | 88 | * refactor: apply dockerfile best practices 89 | 90 | ## 0.1.7 91 | 92 | * feat: add strike, httprobe and cmseek 93 | * feat: add spyse, getJS, sublist3r, findomain and subfinder 94 | * feat: add spiderfoot 95 | 96 | ## 0.1.6 97 | 98 | * feat: add LinkFinder, chromium-browser, gowitness and aquatone 99 | * feat: add subjack and droopescan 100 | * refactor: merge discovery tools on recon folder 101 | 102 | ## 0.1.5 103 | 104 | * feat: add xsstriker, gitgraber, gospider, pentest-tools and qsreplace 105 | * feat: add wpscan and joomscan 106 | * feat: add amass, knock, altdns, massdns, github-search and gobuster 107 | * refactor: change folder /tool organization according to readme file 108 | * refactor: use multi-stage to build the docker image 109 | 110 | ## 0.1.4 111 | 112 | * feat: add prips, ffuf, hakrevdns and arjun 113 | * feat: add photon and waybackurls 114 | * docs: change readme file 115 | * feat: add go language and hakrawler 116 | * feat: add whatweb and wafw00f 117 | * refactor: use env variable for version 118 | 119 | ## 0.1.3 120 | 121 | * feat: add cracking password tools 122 | 123 | ## 0.1.2 124 | 125 | * feat: add nikto, masscan and host packages 126 | * docs: add bagdes on readme file 127 | 128 | ## 0.1.1 129 | 130 | * refactor: use scanPorts by github repository 131 | * feat: add gitrob and gitleaks 132 | * refactor: change repos by packages in dockerfile 133 | * feat: Add whois, shell folder 134 | 135 | ## 0.1.0 136 | 137 | * refactor: Add file for shell alias. 138 | * feat: Add banner for shell container. 139 | * docs: Add [contributing](CONTRIBUTING.md) file. 140 | * docs: Add docker shell image to [readme](README.md) file. 141 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and expression, 9 | level of experience, education, socio-economic status, nationality, personal 10 | appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | * Trolling, insulting/derogatory comments, and personal or political attacks 28 | * Public or private harassment 29 | * Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | * Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at a_aguirre117@hotmail.com. All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at 72 | 73 | [homepage]: https://www.contributor-covenant.org 74 | 75 | For answers to common questions about this code of conduct, see 76 | 77 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to Offensive Docker image 2 | 3 | Want to contribute to docker image? We provide the next guide to help you get started. 4 | 5 | ## Reporting Issues 6 | 7 | A great way to contribute to the project is to send a detailed report when you encounter an issue. To make things easier for contributors and maintainers, we use github issues option. 8 | 9 | Please make sure to include a reproduction repository so that bugs can be reproduced without great efforts. The better a bug can be reproduced, the faster we can start fixing it! 10 | 11 | ## Pull Requests 12 | 13 | We'd love to see your pull requests, even if it's just to fix a typo! 14 | 15 | However, any significant improvement should be associated to an existing feature request or bug report. 16 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu as baseline 2 | 3 | LABEL maintainer="Arsenio Aguirre" \ 4 | email="a_aguirre117@hotmail.com" 5 | 6 | RUN apt-get update && \ 7 | DEBIAN_FRONTEND="noninteractive" apt-get -y install tzdata 8 | 9 | # Install packages 10 | RUN \ 11 | apt-get update && \ 12 | apt-get install -y \ 13 | traceroute \ 14 | whois \ 15 | host \ 16 | htop \ 17 | dnsutils \ 18 | net-tools \ 19 | figlet \ 20 | tcpdump \ 21 | telnet \ 22 | prips \ 23 | cifs-utils \ 24 | rlwrap \ 25 | iputils-ping \ 26 | git \ 27 | xsltproc \ 28 | rdate \ 29 | zsh \ 30 | curl \ 31 | unzip \ 32 | p7zip-full \ 33 | locate \ 34 | tree \ 35 | openvpn \ 36 | vim \ 37 | wget \ 38 | ftp \ 39 | apache2 \ 40 | squid \ 41 | python3 \ 42 | python3-pip \ 43 | jq \ 44 | libcurl4-openssl-dev \ 45 | libssl-dev \ 46 | nmap \ 47 | masscan \ 48 | nikto \ 49 | netcat \ 50 | cewl \ 51 | crunch \ 52 | hydra \ 53 | medusa \ 54 | pocl-opencl-icd \ 55 | libwww-perl \ 56 | chromium-browser \ 57 | dos2unix \ 58 | openjdk-8-jdk \ 59 | ssh \ 60 | rsyslog \ 61 | fcrackzip \ 62 | texlive-full \ 63 | latexmk \ 64 | exiftool \ 65 | steghide \ 66 | binwalk \ 67 | foremost \ 68 | sqlite3 \ 69 | # patator dependencies 70 | libmysqlclient-dev \ 71 | # evil-winrm dependencies 72 | ruby-full \ 73 | # enum4linux dependencies 74 | ldap-utils \ 75 | smbclient \ 76 | # john dependencies 77 | build-essential \ 78 | libssl-dev \ 79 | zlib1g-dev \ 80 | yasm \ 81 | pkg-config \ 82 | libgmp-dev \ 83 | libpcap-dev \ 84 | libbz2-dev \ 85 | # crackmapexec dependencies 86 | libffi-dev \ 87 | python-dev && \ 88 | DEBIAN_FRONTEND=noninteractive apt-get install -y php \ 89 | libapache2-mod-php && \ 90 | gem install \ 91 | gpp-decrypt \ 92 | addressable \ 93 | wpscan \ 94 | # Install evil-winrm 95 | evil-winrm && \ 96 | apt-get update 97 | 98 | RUN python3 -m pip install --upgrade pip 99 | 100 | FROM baseline as builder 101 | # SERVICES 102 | 103 | # Apache configuration 104 | RUN \ 105 | sed -i 's/It works!/It works form container!/g' /var/www/html/index.html && \ 106 | # Squid configuration 107 | echo "http_access allow all" >> /etc/squid/squid.conf && \ 108 | sed -i 's/http_access deny all/#http_access deny all/g' /etc/squid/squid.conf && \ 109 | # OS TOOLS 110 | # Install oh-my-zsh 111 | sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended && \ 112 | sed -i '1i export LC_CTYPE="C.UTF-8"' /root/.zshrc && \ 113 | sed -i '2i export LC_ALL="C.UTF-8"' /root/.zshrc && \ 114 | sed -i '3i export LANG="C.UTF-8"' /root/.zshrc && \ 115 | sed -i '3i export LANGUAGE="C.UTF-8"' /root/.zshrc && \ 116 | git clone --depth 1 https://github.com/zsh-users/zsh-autosuggestions /root/.oh-my-zsh/custom/plugins/zsh-autosuggestions && \ 117 | git clone --depth 1 https://github.com/zsh-users/zsh-syntax-highlighting.git /root/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting && \ 118 | git clone --depth 1 https://github.com/zsh-users/zsh-history-substring-search /root/.oh-my-zsh/custom/plugins/zsh-history-substring-search && \ 119 | sed -i 's/plugins=(git)/plugins=(git aws golang nmap node pip pipenv python ubuntu zsh-autosuggestions zsh-syntax-highlighting zsh-history-substring-search)/g' /root/.zshrc && \ 120 | sed -i '78i autoload -U compinit && compinit' /root/.zshrc 121 | 122 | # Install python dependencies 123 | COPY requirements_pip.txt /tmp 124 | RUN \ 125 | pip install -r /tmp/requirements_pip.txt 126 | 127 | # DEVELOPER TOOLS 128 | 129 | # Install go 130 | WORKDIR /tmp 131 | RUN \ 132 | # Update from 1.15.5 to 1.16.2 133 | # wget -q https://dl.google.com/go/go1.15.5.linux-amd64.tar.gz -O go.tar.gz && \ 134 | wget -q https://dl.google.com/go/go1.16.2.linux-amd64.tar.gz -O go.tar.gz && \ 135 | tar -C /usr/local -xzf go.tar.gz && \ 136 | # Install aws-cli 137 | curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip && \ 138 | unzip awscliv2.zip && \ 139 | ./aws/install && \ 140 | # Install node 141 | curl -sL https://deb.nodesource.com/setup_14.x | bash && \ 142 | apt install -y nodejs 143 | ENV GOROOT "/usr/local/go" 144 | ENV GOPATH "/root/go" 145 | ENV PATH "$PATH:$GOPATH/bin:$GOROOT/bin" 146 | 147 | # PORT SCANNING 148 | RUN mkdir -p /tools/portScanning 149 | WORKDIR /tools/portScanning 150 | 151 | RUN \ 152 | # Download naabu 153 | mkdir -p /tools/portScanning/naabu 154 | WORKDIR /tools/portScanning/naabu 155 | RUN \ 156 | wget --quiet https://github.com/projectdiscovery/naabu/releases/download/v1.1.4/naabu_1.1.4_linux_amd64.tar.gz -O naabu.tar.gz && \ 157 | tar -xzf naabu.tar.gz && \ 158 | rm naabu.tar.gz && \ 159 | ln -s /tools/portScanning/naabu/naabu /usr/bin/naabu 160 | 161 | # BUILDER RECON 162 | FROM baseline as recon 163 | RUN mkdir /temp 164 | WORKDIR /temp/ 165 | 166 | # Download whatweb 167 | RUN \ 168 | git clone --depth 1 https://github.com/urbanadventurer/WhatWeb.git && \ 169 | # Install dirsearch 170 | git clone --depth 1 https://github.com/maurosoria/dirsearch.git && \ 171 | # Download arjun 172 | git clone --depth 1 https://github.com/s0md3v/Arjun.git && \ 173 | # Download joomscan 174 | git clone --depth 1 https://github.com/rezasp/joomscan.git && \ 175 | # Install massdns 176 | git clone --depth 1 https://github.com/blechschmidt/massdns.git && \ 177 | # Install striker 178 | git clone --depth 1 https://github.com/s0md3v/Striker.git && \ 179 | # Install Photon 180 | git clone --depth 1 https://github.com/s0md3v/Photon.git && \ 181 | # Download linkfinder 182 | git clone --depth 1 https://github.com/GerbenJavado/LinkFinder.git && \ 183 | # Downlado CMSeeK 184 | git clone --depth 1 https://github.com/Tuhinshubhra/CMSeeK.git && \ 185 | # Install aquatone 186 | wget --quiet https://github.com/michenriksen/aquatone/releases/download/v1.7.0/aquatone_linux_amd64_1.7.0.zip -O aquatone.zip && \ 187 | unzip aquatone.zip -d aquatone && \ 188 | rm aquatone.zip && \ 189 | # Install amass 190 | wget --quiet https://github.com/OWASP/Amass/releases/download/v3.10.5/amass_linux_amd64.zip -O amass.zip && \ 191 | unzip amass.zip -d amass && \ 192 | rm amass.zip && \ 193 | # Download Sublist3r 194 | git clone --depth 1 https://github.com/aboul3la/Sublist3r.git && \ 195 | # Download spiderfoot 196 | git clone --depth 1 https://github.com/smicallef/spiderfoot && \ 197 | mkdir /temp/gowitness && \ 198 | mkdir /temp/subfinder && \ 199 | mkdir /temp/findomain && \ 200 | mkdir /temp/gau && \ 201 | mkdir /temp/subjs 202 | 203 | WORKDIR /temp/Photon 204 | RUN \ 205 | chmod +x photon.py && \ 206 | dos2unix photon.py 207 | 208 | WORKDIR /temp/CMSeeK 209 | RUN \ 210 | mkdir Result && \ 211 | chmod +x cmseek.py 212 | 213 | # Download gowitness 214 | WORKDIR /temp/gowitness 215 | RUN \ 216 | wget --quiet https://github.com/sensepost/gowitness/releases/download/1.3.4/gowitness-linux-amd64 -O gowitness && \ 217 | chmod +x gowitness 218 | 219 | # Download findomain 220 | WORKDIR /temp/findomain 221 | RUN \ 222 | wget --quiet https://github.com/Edu4rdSHL/findomain/releases/download/2.1.1/findomain-linux -O findomain && \ 223 | chmod +x findomain 224 | 225 | # Download subfinder 226 | WORKDIR /temp/subfinder 227 | RUN \ 228 | wget --quiet https://github.com/projectdiscovery/subfinder/releases/download/v2.4.5/subfinder_2.4.5_linux_amd64.tar.gz -O subfinder.tar.gz && \ 229 | tar -xzf subfinder.tar.gz && \ 230 | rm subfinder.tar.gz 231 | 232 | # Download gau 233 | WORKDIR /temp/gau 234 | RUN \ 235 | wget --quiet https://github.com/lc/gau/releases/download/v1.0.3/gau_1.0.3_linux_amd64.tar.gz -O gau.tar.gz && \ 236 | tar -xzf gau.tar.gz && \ 237 | rm gau.tar.gz 238 | 239 | # Download subjs 240 | WORKDIR /temp/subjs 241 | RUN \ 242 | wget --quiet https://github.com/lc/subjs/releases/download/v1.0.1/subjs_1.0.1_linux_amd64.tar.gz -O subjs.tar.gz && \ 243 | tar -xzf subjs.tar.gz && \ 244 | rm subjs.tar.gz 245 | 246 | # Download httpx 247 | WORKDIR /temp/httpx 248 | RUN \ 249 | wget --quiet https://github.com/projectdiscovery/httpx/releases/download/v1.0.1/httpx_1.0.1_linux_amd64.tar.gz -O httpx.tar.gz && \ 250 | tar -xzf httpx.tar.gz && \ 251 | rm httpx.tar.gz 252 | 253 | # RECON 254 | FROM builder as builder2 255 | COPY --from=recon /temp/ /tools/recon/ 256 | WORKDIR /tools/recon 257 | 258 | # Install gobuster 259 | RUN \ 260 | go get github.com/OJ/gobuster && \ 261 | # Install tojson 262 | go get -u github.com/tomnomnom/hacks/tojson && \ 263 | # Install gowitness 264 | ln -s /tools/recon/gowitness/gowitness /usr/bin/gowitness && \ 265 | # Install subjack 266 | go get github.com/haccer/subjack && \ 267 | # Install SubOver 268 | go get github.com/Ice3man543/SubOver && \ 269 | # Install tko-subs 270 | go get github.com/anshumanbh/tko-subs && \ 271 | # Install hakcheckurl 272 | go get github.com/hakluke/hakcheckurl && \ 273 | # Install haktldextract 274 | go get github.com/hakluke/haktldextract && \ 275 | # Install gotop 276 | go get github.com/cjbassi/gotop && \ 277 | # Install aquatone 278 | ln -s /tools/recon/aquatone/aquatone /usr/bin/aquatone && \ 279 | # Install knock 280 | git clone --depth 1 https://github.com/guelfoweb/knock.git && \ 281 | # Install whatweb 282 | ln -s /tools/recon/WhatWeb/whatweb /usr/bin/whatweb && \ 283 | # Install CMSeek 284 | ln -s /tools/recon/CMSeeK/cmseek.py /usr/bin/cmseek && \ 285 | # Install Photon 286 | ln -s /tools/recon/Photon/photon.py /usr/bin/photon && \ 287 | # Install gau 288 | ln -s /tools/recon/gau/gau /usr/bin/getallurls && \ 289 | # Install subjs 290 | ln -s /tools/recon/subjs/subjs /usr/bin/subjs && \ 291 | # Install otxurls 292 | go get github.com/lc/otxurls && \ 293 | # Install amass 294 | ln -s /tools/recon/amass/amass_linux_amd64/amass /usr/bin/amass && \ 295 | # Install hakrevdns 296 | go get github.com/hakluke/hakrevdns && \ 297 | # Install ffuf 298 | go get github.com/ffuf/ffuf && \ 299 | # Install httprobe 300 | go get -u github.com/tomnomnom/httprobe && \ 301 | # Install hakrawler 302 | go get github.com/hakluke/hakrawler && \ 303 | # Install waybackurls 304 | go get github.com/tomnomnom/waybackurls && \ 305 | # Download gospider 306 | go get -u github.com/jaeles-project/gospider && \ 307 | # Download getJS 308 | go get github.com/003random/getJS && \ 309 | # Install findomain 310 | ln -s /tools/recon/findomain/findomain /usr/bin/findomain && \ 311 | # Install subfinder 312 | ln -s /tools/recon/subfinder/subfinder /usr/bin/subfinder && \ 313 | # Install sublist3r 314 | ln -s /tools/recon/Sublist3r/sublist3r.py /usr/bin/sublist3r && \ 315 | # Install httpx 316 | ln -s /tools/recon/httpx/httpx /usr/bin/httpx 317 | 318 | WORKDIR /tools/recon/knock 319 | RUN python3 setup.py install 320 | 321 | # Install linkfinder 322 | WORKDIR /tools/recon/LinkFinder 323 | RUN \ 324 | python3 setup.py install && \ 325 | pip install -r requirements.txt 326 | 327 | # Install spiderfoot 328 | WORKDIR /tools/recon/spiderfoot 329 | RUN pip install -r requirements.txt 330 | 331 | # BUILDER WORDLIST 332 | FROM baseline as wordlist 333 | RUN mkdir /temp 334 | WORKDIR /temp 335 | 336 | # Download wordlists 337 | RUN \ 338 | git clone --depth 1 https://github.com/xmendez/wfuzz.git && \ 339 | git clone --depth 1 https://github.com/danielmiessler/SecLists.git && \ 340 | git clone --depth 1 https://github.com/fuzzdb-project/fuzzdb.git && \ 341 | git clone --depth 1 https://github.com/daviddias/node-dirbuster.git && \ 342 | git clone --depth 1 https://github.com/v0re/dirb.git && \ 343 | curl -L -o rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt && \ 344 | curl -L -o all.txt https://gist.githubusercontent.com/jhaddix/86a06c5dc309d08580a018c66354a056/raw/96f4e51d96b2203f19f6381c8c545b278eaa0837/all.txt && \ 345 | curl -L -o fuzz.txt https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/fuzz.txt 346 | 347 | # WORDLIST 348 | FROM builder2 as builder3 349 | COPY --from=wordlist /temp/ /tools/wordlist/ 350 | 351 | # BUILDER GIT REPOSITORIES 352 | FROM baseline as gitrepositories 353 | RUN mkdir /temp 354 | WORKDIR /temp 355 | 356 | # Download gitGrabber 357 | RUN \ 358 | git clone --depth 1 https://github.com/hisxo/gitGraber.git && \ 359 | # Install gitrob 360 | wget --quiet https://github.com/michenriksen/gitrob/releases/download/v2.0.0-beta/gitrob_linux_amd64_2.0.0-beta.zip -O gitrob.zip && \ 361 | unzip gitrob.zip -d gitrob && \ 362 | rm gitrob.zip && \ 363 | # Install gitleaks 364 | wget --quiet https://github.com/zricethezav/gitleaks/releases/download/v6.1.1/gitleaks-linux-amd64 -O gitleaks && \ 365 | chmod +x gitleaks && \ 366 | # Download github-search 367 | git clone --depth 1 https://github.com/gwen001/github-search.git && \ 368 | # Download GitTools 369 | git clone --depth 1 https://github.com/internetwache/GitTools.git 370 | 371 | # GIT REPOSITORIES 372 | FROM builder3 as builder4 373 | COPY --from=gitrepositories /temp/ /tools/gitRepositories/ 374 | 375 | # BUILDER OWASP 376 | FROM baseline as owasp 377 | RUN mkdir /temp 378 | WORKDIR /temp 379 | 380 | # Install sqlmap 381 | RUN \ 382 | git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap && \ 383 | # Download XSStrike 384 | git clone --depth 1 https://github.com/s0md3v/XSStrike.git && \ 385 | # Download jwt_tool 386 | git clone --depth 1 https://github.com/ticarpi/jwt_tool.git 387 | # Download dalfox 388 | WORKDIR /temp/dalfox 389 | RUN \ 390 | wget --quiet https://github.com/hahwul/dalfox/releases/download/v2.0.2/dalfox_2.0.2_linux_amd64.tar.gz -O dalfox.tar.gz && \ 391 | tar -xzf dalfox.tar.gz && \ 392 | rm dalfox.tar.gz 393 | # Download jaeles 394 | WORKDIR /temp/jaeles 395 | RUN \ 396 | wget --quiet https://github.com/jaeles-project/jaeles/releases/download/beta-v0.12/jaeles-v0.12-linux-amd64.zip -O jaeles.zip && \ 397 | unzip jaeles.zip && \ 398 | rm jaeles.zip && \ 399 | mv jaeles-v0.12-linux-amd64 jaeles 400 | 401 | # OWASP 402 | FROM builder4 as builder5 403 | COPY --from=owasp /temp/ /tools/owasp/ 404 | # Install kxss 405 | RUN \ 406 | go get github.com/tomnomnom/hacks/kxss && \ 407 | # Install dalfox 408 | ln -s /tools/owasp/dalfox/dalfox /usr/bin/dalfox && \ 409 | # Install jaeles 410 | ln -s /tools/owasp/jaeles/jaeles /usr/bin/jaeles 411 | 412 | # BUILDER BRUTE FORCE 413 | FROM baseline as bruteForce 414 | RUN mkdir /temp 415 | WORKDIR /temp 416 | 417 | # Download crowbar 418 | RUN \ 419 | git clone --depth 1 https://github.com/galkan/crowbar.git && \ 420 | # Download patator 421 | git clone --depth 1 https://github.com/lanjelot/patator.git 422 | 423 | # BRUTE FORCE 424 | FROM builder5 as builder6 425 | COPY --from=bruteForce /temp/ /tools/bruteForce/ 426 | 427 | WORKDIR /tools/bruteForce/crowbar 428 | RUN pip install -r requirements.txt 429 | 430 | # BUILDER CRACKING 431 | FROM baseline as cracking 432 | RUN mkdir /temp 433 | WORKDIR /temp 434 | RUN \ 435 | # Download hashcat 436 | wget --quiet https://hashcat.net/files/hashcat-6.1.1.7z -O hashcat.7z && \ 437 | 7z x hashcat.7z && \ 438 | rm hashcat.7z && \ 439 | mv hashcat-6.1.1 hashcat && \ 440 | # Download john the ripper 441 | git clone --depth 1 https://github.com/magnumripper/JohnTheRipper -b bleeding-jumbo john 442 | 443 | # CRACKING 444 | FROM builder6 as builder7 445 | COPY --from=cracking /temp/ /tools/cracking/ 446 | RUN \ 447 | # Install hashcat 448 | ln -s /tools/cracking/hashcat/hashcat.bin /usr/bin/hashcat 449 | # Install john the ripper 450 | WORKDIR /tools/cracking/john/src 451 | RUN ./configure && make -s clean && make -sj4 452 | 453 | # BUILDER OS ENUMERATION 454 | FROM baseline as osEnumeration 455 | RUN mkdir /temp 456 | WORKDIR /temp 457 | 458 | # Download htbenum 459 | RUN git clone --depth 1 https://github.com/SolomonSklash/htbenum.git 460 | WORKDIR /temp/htbenum 461 | RUN \ 462 | chmod +x htbenum.sh && \ 463 | ./htbenum.sh -u 464 | 465 | # Download linux smart enumeration 466 | WORKDIR /temp 467 | RUN git clone --depth 1 https://github.com/diego-treitos/linux-smart-enumeration.git 468 | WORKDIR /temp/linux-smart-enumeration 469 | RUN chmod +x lse.sh 470 | 471 | # Download linenum 472 | WORKDIR /temp 473 | RUN git clone --depth 1 https://github.com/rebootuser/LinEnum.git 474 | WORKDIR /temp/LinEnum 475 | RUN chmod +x LinEnum.sh 476 | 477 | # Download enum4linux 478 | WORKDIR /temp 479 | RUN \ 480 | git clone --depth 1 https://github.com/CiscoCXSecurity/enum4linux.git && \ 481 | # Download enum4linx-ng 482 | git clone https://github.com/cddmp/enum4linux-ng.git && \ 483 | # Download PEASS - Privilege Escalation Awesome Scripts SUITE 484 | mkdir -p /temp/peass 485 | 486 | WORKDIR /temp/peass 487 | 488 | RUN \ 489 | latest_release_url=$(curl --silent --head https://github.com/carlospolop/PEASS-ng/releases/latest | grep "location:" | cut -d" " -f2- | sed "s/tag/download/" | tr -d '\r') && \ 490 | wget -q "${latest_release_url}/winPEASany.exe" && \ 491 | wget -q "${latest_release_url}/winPEASx64.exe" && \ 492 | wget -q "${latest_release_url}/winPEASx86.exe" && \ 493 | wget -q "${latest_release_url}/winPEAS.bat" && \ 494 | wget -q "${latest_release_url}/linpeas.sh" 495 | 496 | # Install smbmap 497 | WORKDIR /temp 498 | RUN \ 499 | git clone --depth 1 https://github.com/ShawnDEvans/smbmap.git && \ 500 | # Download pspy 501 | mkdir -p /temp/pspy 502 | 503 | WORKDIR /temp/pspy 504 | RUN \ 505 | wget -q https://github.com/DominicBreuker/pspy/releases/download/v1.2.0/pspy32 && \ 506 | wget -q https://github.com/DominicBreuker/pspy/releases/download/v1.2.0/pspy64 && \ 507 | chmod +x * 508 | 509 | # OS ENUMERATION 510 | FROM builder7 as builder8 511 | COPY --from=osEnumeration /temp/ /tools/osEnumeration/ 512 | WORKDIR /tools/osEnumeration 513 | 514 | # Download Windows Exploit Suggester - Next Generation 515 | RUN git clone --depth 1 https://github.com/bitsadmin/wesng.git 516 | WORKDIR /tools/osEnumeration/wesng 517 | RUN python3 wes.py --update 518 | 519 | # BUILDER EXPLOITS 520 | FROM baseline as exploits 521 | RUN mkdir /temp 522 | WORKDIR /temp 523 | 524 | # Downlaod MS17-010 525 | RUN \ 526 | git clone --depth 1 https://github.com/worawit/MS17-010.git && \ 527 | # Downlaod AutoBlue-MS17-010 528 | git clone --depth 1 https://github.com/3ndG4me/AutoBlue-MS17-010.git && \ 529 | # Download privexchange 530 | git clone --depth 1 https://github.com/dirkjanm/PrivExchange.git 531 | 532 | # EXPLOITS 533 | FROM builder8 as builder9 534 | COPY --from=exploits /temp/ /tools/exploits/ 535 | WORKDIR /tools/exploits 536 | 537 | # Install searchsploit 538 | RUN \ 539 | git clone --depth 1 https://github.com/offensive-security/exploitdb.git /opt/exploitdb && \ 540 | sed 's|path_array+=(.*)|path_array+=("/opt/exploitdb")|g' /opt/exploitdb/.searchsploit_rc > ~/.searchsploit_rc && \ 541 | ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit && \ 542 | # Install metasploit 543 | curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ 544 | chmod 755 msfinstall && \ 545 | ./msfinstall && \ 546 | msfupdate 547 | 548 | # BUILDER WINDOWS 549 | FROM baseline as windows 550 | RUN mkdir /temp 551 | WORKDIR /temp 552 | 553 | # Download crackmapexec 554 | RUN \ 555 | git clone --recursive https://github.com/byt3bl33d3r/CrackMapExec && \ 556 | # Download Nishang 557 | git clone --depth 1 https://github.com/samratashok/nishang.git && \ 558 | # Download juicy-potato 559 | git clone --depth 1 https://github.com/ohpe/juicy-potato.git && \ 560 | # Download powersploit 561 | git clone --depth 1 https://github.com/PowerShellMafia/PowerSploit.git && \ 562 | # Download Pass-the-Hash 563 | git clone --depth 1 https://github.com/byt3bl33d3r/pth-toolkit.git && \ 564 | # Download Mimikatz 565 | latest_release_url=$(curl --silent --head https://github.com/gentilkiwi/mimikatz/releases/latest | grep "location:" | cut -d" " -f2- | sed "s/tag/download/" | tr -d '\r') && \ 566 | wget -q "${latest_release_url}/mimikatz_trunk.zip" -O mimikatz.zip && \ 567 | unzip mimikatz.zip -d mimikatz && \ 568 | rm mimikatz.zip && \ 569 | mkdir netcat && \ 570 | mkdir plink 571 | WORKDIR /temp/netcat 572 | # Download netcat 573 | RUN \ 574 | wget --quiet https://github.com/int0x33/nc.exe/raw/master/nc64.exe -O nc64.exe && \ 575 | wget --quiet https://github.com/int0x33/nc.exe/raw/master/nc.exe -O nc32.exe 576 | WORKDIR /temp/plink 577 | # Download plink 578 | RUN \ 579 | wget --quiet https://the.earth.li/\~sgtatham/putty/latest/w32/plink.exe -O plink32.exe && \ 580 | wget --quiet https://the.earth.li/\~sgtatham/putty/latest/w64/plink.exe -O plink64.exe 581 | 582 | # WINDOWS 583 | FROM builder9 as builder10 584 | RUN mkdir -p /tools/windows 585 | COPY --from=windows /temp/ /tools/windows/ 586 | 587 | # BUILDER MOBILE 588 | FROM baseline as mobile 589 | RUN mkdir /temp 590 | WORKDIR /temp 591 | 592 | RUN \ 593 | # Download APKTOOL 594 | wget --quiet https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool -O apktool && \ 595 | chmod +x apktool && \ 596 | wget --quiet https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.4.1.jar -O apktool.jar && \ 597 | chmod +x apktool.jar 598 | 599 | # Mobile 600 | FROM builder10 as builder11 601 | COPY --from=mobile /temp/ /usr/local/bin 602 | 603 | # OTHER RESOURCES 604 | RUN mkdir -p /tools/otherResources 605 | WORKDIR /tools/otherResources 606 | 607 | # Download pentest-tools 608 | RUN \ 609 | git clone --depth 1 https://github.com/gwen001/pentest-tools.git && \ 610 | # Download qsreplace 611 | go get -u github.com/tomnomnom/qsreplace 612 | 613 | # Install nuclei 614 | RUN \ 615 | go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest && \ 616 | nuclei -update-templates 617 | 618 | # OS TUNNING 619 | 620 | COPY shell/ /tmp 621 | # Copy banner 622 | RUN \ 623 | cat /tmp/banner >> /root/.zshrc && \ 624 | # Create shortcuts 625 | cat /tmp/alias >> /root/.zshrc && \ 626 | # Copy custom function 627 | cat /tmp/customFunctions >> /root/.zshrc && \ 628 | # Create or update a database used by locate 629 | updatedb 630 | 631 | # Change workdir 632 | WORKDIR / 633 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Arsenio Aguirre 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 |

4 | 5 | Offensive Docker 10 | 11 |

12 |
13 |

14 | GitHub code size in bytes 15 | GitHub repo size 16 | GitHub last commit 17 | GitHub issues 18 | GitHub contributors 19 | GitHub 20 |

21 |

22 | Docker Cloud Build Status 23 | Docker Automated build 24 | Docker Pulls 25 | Docker Image Size (latest by date) 26 | Docker Image Version (latest by date) 27 | Docker Stars 28 |

29 |

30 | Discord 31 |

32 | 33 | Offensive Docker is an image with the more used tools to create an pentest environment easily and quickly. 34 | 35 | :arrow_right: **Note:** Check out the next repo to know how to launch offensive docker in a VPS in Google Cloud Platform or Digital Ocean (free credit included). [Offensive Docker VPS](https://github.com/aaaguirrep/offensive-docker-vps) 36 | 37 | ### Table of Contents 38 | 39 | - [Links](#links) 40 | - [Features](#features) 41 | - [Requirements](#requirements) 42 | - [Tools installed](#tools-installed) 43 | - [Operative system tools](#operative-system-tools) 44 | - [Network tools](#network-tools) 45 | - [Developer tools](#developer-tools) 46 | - [:hocho: Offensive tools](#hocho-offensive-tools) 47 | - [Port scanning](#port-scanning) 48 | - [:mag: Recon](#mag-recon) 49 | - [Subdomains](#subdomains) 50 | - [Subdomain takeover](#subdomain-takeover) 51 | - [DNS Lookups](#dns-lookups) 52 | - [:camera: Screenshot](#camera-screenshot) 53 | - [:spider_web: Crawler](#spider_web-crawler) 54 | - [:file_folder: Search directories](#file_folder-search-directories) 55 | - [Fuzzer](#fuzzer) 56 | - [Web Scanning](#web-scanning) 57 | - [CMS](#cms) 58 | - [Search JS](#search-js) 59 | - [Wordlist](#wordlist) 60 | - [Git repositories](#git-repositories) 61 | - [OWASP](#owasp) 62 | - [:iphone: Mobile](#iphone-mobile) 63 | - [Brute force](#brute-force) 64 | - [Cracking](#cracking) 65 | - [OS Enumeration](#os-enumeration) 66 | - [Exploits](#exploits) 67 | - [Windows](#windows) 68 | - [Reverse shell](#reverse-shell) 69 | - [Other resources](#other-resources) 70 | - [Forensic](#forensic) 71 | - [Custom functions](#custom-functions) 72 | - [Other services](#other-services) 73 | - [Reporting tools](#reporting-tools) 74 | - [:memo: Documentation](#memo-documentation) 75 | - [:hammer_and_wrench: Usage](#hammer_and_wrench-usage) 76 | - [Option 1 - Use the github repository](#option-1---use-the-github-repository) 77 | - [Option 2 - Use the image from docker hub](#option-2---use-the-image-from-docker-hub) 78 | - [Considerations to run the container](#considerations-to-run-the-container) 79 | - [:gear: Nice configurations](#gear-nice-configurations) 80 | - [1. Configure credentials in the docker](#1-configure-credentials-in-the-docker) 81 | - [2. Alias to connect to HTB (Hack the Box) VPN](#2-alias-to-connect-to-htb-hack-the-box-vpn) 82 | - [Option 1 - HTB VPN using github repository](#option-1---htb-vpn-using-github-repository) 83 | - [Option 2 - HTB VPN using docker hub image](#option-2---htb-vpn-using-docker-hub-image) 84 | - [3. Save and load command history in your local environment](#3-save-and-load-command-history-in-your-local-environment) 85 | - [Option 1 - Command history using github repository](#option-1---command-history-using-github-repository) 86 | - [Option 2 - Command history using docker hub image](#option-2---command-history-using-docker-hub-image) 87 | - [:white_check_mark: Environment tested](#white_check_mark-environment-tested) 88 | - [:warning: Warning](#warning-warning) 89 | - [:coffee: Donations](#coffee-donations) 90 | - [Contributors](#contributors) 91 | - [Contributing](#contributing) 92 | - [:chart_with_upwards_trend: Stargazers over time](#chart_with_upwards_trend-stargazers-over-time) 93 | - [License](#license) 94 | 95 | ## Links 96 | 97 | - 🎬 Video: [Demos](https://asciinema.org/~aaaguirrep) 98 | - 💬 Chat: [Discord](https://discord.gg/2uBfu8E) 99 | - 🌟 [VPS Automation](https://github.com/aaaguirrep/offensive-docker-vps) 100 | - 👉 [Advanced configurations](https://github.com/aaaguirrep/offensive-docker-custom) 101 | 102 | ## Features 103 | 104 | - OS, networking, developing and pentesting tools installed. 105 | - Connection to HTB (Hack the Box) vpn to access HTB machines. 106 | - Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou. 107 | - Proxy service to send traffic from any browsers and burp suite installed in your local directory. 108 | - Exploit database installed. 109 | - Tool for cracking password. 110 | - Linux enumeration tools installed. 111 | - Tools installed to discovery services running. 112 | - Tools installed to directory fuzzing. 113 | - Monitor for linux processes without root permissions 114 | - Zsh shell installed. 115 | 116 | ## Requirements 117 | 118 | - Docker service installed 119 | 120 | ## Tools installed 121 | 122 | ### Operative system tools 123 | 124 | - rdate 125 | - vim 126 | - zsh 127 | - oh-my-zsh 128 | - locate 129 | - cifs-utils 130 | - htop 131 | - tree 132 | - [gotop](https://github.com/cjbassi/gotop) 133 | - fcrackzip 134 | 135 | ### Network tools 136 | 137 | - traceroute 138 | - telnet 139 | - net-tools 140 | - iputils-ping 141 | - tcpdump 142 | - openvpn 143 | - whois 144 | - host 145 | - prips 146 | - dig 147 | 148 | ### Developer tools 149 | 150 | - git 151 | - curl 152 | - wget 153 | - ruby 154 | - go 155 | - python 156 | - python-pip 157 | - python3 158 | - python3-pip 159 | - php 160 | - aws-cli 161 | - [tojson](https://github.com/tomnomnom/hacks/tree/master/tojson) 162 | - nodejs 163 | 164 | ### :hocho: Offensive tools 165 | 166 | #### Port scanning 167 | 168 | - [nmap](https://github.com/nmap/nmap) 169 | - [masscan](https://github.com/robertdavidgraham/masscan) 170 | - [naabu](https://github.com/projectdiscovery/naabu) 171 | 172 | #### :mag: Recon 173 | 174 | ##### Subdomains 175 | 176 | - [Amass](https://github.com/OWASP/Amass) 177 | - [GoBuster](https://github.com/OJ/gobuster) 178 | - [Knock](https://github.com/guelfoweb/knock) 179 | - [MassDNS](https://github.com/blechschmidt/massdns) 180 | - [Altdns](https://github.com/infosec-au/altdns) 181 | - [spyse](https://github.com/zeropwn/spyse.py) 182 | - [Sublist3r](https://github.com/aboul3la/Sublist3r) 183 | - [findomain](https://github.com/Edu4rdSHL/findomain) 184 | - [subfinder](https://github.com/projectdiscovery/subfinder) 185 | - [spiderfoot](https://github.com/smicallef/spiderfoot) 186 | - [haktldextract](https://github.com/hakluke/haktldextract) 187 | 188 | ##### Subdomain takeover 189 | 190 | - [subjack](https://github.com/haccer/subjack) 191 | - [SubOver](https://github.com/Ice3man543/SubOver) 192 | - [tko-subs](https://github.com/anshumanbh/tko-subs) 193 | 194 | ##### DNS Lookups 195 | 196 | - [hakrevdns](https://github.com/hakluke/hakrevdns) 197 | 198 | ##### :camera: Screenshot 199 | 200 | - [gowitness](https://github.com/sensepost/gowitness) 201 | - [aquatone](https://github.com/michenriksen/aquatone) 202 | 203 | ##### :spider_web: Crawler 204 | 205 | - [hakrawler](https://github.com/hakluke/hakrawler) 206 | - [Photon](https://github.com/s0md3v/Photon) 207 | - [gospider](https://github.com/jaeles-project/gospider) 208 | - [gau](https://github.com/lc/gau) 209 | - [otxurls](https://github.com/lc/otxurls) 210 | - [waybackurls](https://github.com/tomnomnom/waybackurls) 211 | 212 | ##### :file_folder: Search directories 213 | 214 | - [dirsearch](https://github.com/maurosoria/dirsearch) 215 | 216 | ##### Fuzzer 217 | 218 | - [wfuzz](https://github.com/xmendez/wfuzz) 219 | - [ffuf](https://github.com/ffuf/ffuf) 220 | 221 | ##### Web Scanning 222 | 223 | - [whatweb](https://github.com/urbanadventurer/WhatWeb) 224 | - [wafw00z](https://github.com/EnableSecurity/wafw00f) 225 | - [nikto](https://github.com/sullo/nikto) 226 | - [arjun](https://github.com/s0md3v/Arjun) 227 | - [httprobe](https://github.com/tomnomnom/httprobe) 228 | - [striker](https://github.com/s0md3v/Striker) 229 | - [hakcheckurl](https://github.com/hakluke/hakcheckurl) 230 | - [httpx](https://github.com/projectdiscovery/httpx) 231 | 232 | ##### CMS 233 | 234 | - [wpscan](https://github.com/wpscanteam/wpscan) 235 | - [joomscan](https://github.com/rezasp/joomscan) 236 | - [droopescan](https://github.com/droope/droopescan) 237 | - [cmseek](https://github.com/Tuhinshubhra/CMSeeK) 238 | 239 | ##### Search JS 240 | 241 | - [LinkFinder](https://github.com/GerbenJavado/LinkFinder) 242 | - [getJS](https://github.com/003random/getJS) 243 | - [subjs](https://github.com/lc/subjs) 244 | 245 | #### Wordlist 246 | 247 | - [cewl](https://github.com/digininja/CeWL) 248 | - wordlists: 249 | - [wfuzz](https://github.com/xmendez/wfuzz) 250 | - [SecList](https://github.com/danielmiessler/SecLists) 251 | - [Fuzzdb](https://github.com/fuzzdb-project/fuzzdb) 252 | - [Dirbuster](https://github.com/daviddias/node-dirbuster) 253 | - [Dirb](https://github.com/v0re/dirb) 254 | - [Rockyou](https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt) 255 | - [all.txt](https://gist.github.com/jhaddix/f64c97d0863a78454e44c2f7119c2a6a) 256 | - crunch 257 | 258 | #### Git repositories 259 | 260 | - [gitleaks](https://github.com/zricethezav/gitleaks) 261 | - [gitrob](https://github.com/michenriksen/gitrob) 262 | - [gitGraber](https://github.com/hisxo/gitGraber) 263 | - [github-search](https://github.com/gwen001/github-search) 264 | - [GitTools](https://github.com/internetwache/GitTools) 265 | 266 | #### OWASP 267 | 268 | - [sqlmap](https://github.com/sqlmapproject/sqlmap) 269 | - [XSStrike](https://github.com/s0md3v/XSStrike) 270 | - [kxss](https://github.com/tomnomnom/hacks/tree/master/kxss) 271 | - [dalfox](https://github.com/hahwul/dalfox) 272 | - [jwt_tool](https://github.com/ticarpi/jwt_tool) 273 | - [jaeles](https://github.com/jaeles-project/jaeles) 274 | 275 | #### :iphone: Mobile 276 | 277 | - [apktool](https://ibotpeaches.github.io/Apktool/) 278 | 279 | #### Brute force 280 | 281 | - [crowbar](https://github.com/galkan/crowbar) 282 | - [hydra](https://github.com/vanhauser-thc/thc-hydra) 283 | - [patator](https://github.com/lanjelot/patator) 284 | - medusa 285 | 286 | #### Cracking 287 | 288 | - [hashid](https://github.com/psypanda/hashID) 289 | - [john the ripper](https://github.com/magnumripper/JohnTheRipper) 290 | - [hashcat](https://github.com/hashcat/hashcat) 291 | 292 | #### OS Enumeration 293 | 294 | - [htbenum](https://github.com/SolomonSklash/htbenum) 295 | - [linux-smart-enumeration](https://github.com/diego-treitos/linux-smart-enumeration) 296 | - [linenum](https://github.com/rebootuser/LinEnum) 297 | - [enum4linux](https://github.com/portcullislabs/enum4linux) 298 | - [ldapdomaindump](https://github.com/dirkjanm/ldapdomaindump) 299 | - [PEASS - Privilege Escalation Awesome Scripts SUITE](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite) 300 | - [Windows Exploit Suggester - Next Generation](https://github.com/bitsadmin/wesng) 301 | - [smbmap](https://github.com/ShawnDEvans/smbmap) 302 | - [pspy - unprivileged Linux process snooping](https://github.com/DominicBreuker/pspy) 303 | - smbclient 304 | - ftp 305 | 306 | #### Exploits 307 | 308 | - [searchsploit](https://github.com/offensive-security/exploitdb) 309 | - [Metasploit](https://github.com/rapid7/metasploit-framework) 310 | - [MS17-010](https://github.com/worawit/MS17-010) 311 | - [AutoBlue-MS17-010](https://github.com/3ndG4me/AutoBlue-MS17-010) 312 | - [PrivExchange](https://github.com/dirkjanm/PrivExchange) 313 | 314 | #### Windows 315 | 316 | - [evil-winrm](https://github.com/Hackplayers/evil-winrm) 317 | - [impacket](https://github.com/SecureAuthCorp/impacket) 318 | - [CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec) 319 | - [Nishang](https://github.com/samratashok/nishang) 320 | - [Juicy Potato](https://github.com/ohpe/juicy-potato) 321 | - [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) 322 | - [pass-the-hash](https://github.com/byt3bl33d3r/pth-toolkit) 323 | - [mimikatz](https://github.com/gentilkiwi/mimikatz) 324 | - gpp-decrypt 325 | - Netcat executables 326 | - Plink executables 327 | 328 | #### Reverse shell 329 | 330 | - [netcat](https://github.com/diegocr/netcat) 331 | - [rlwrap](https://github.com/hanslub42/rlwrap) 332 | 333 | #### Other resources 334 | 335 | - [pentest-tools](https://github.com/gwen001/offensive-tools) from [@gwen001](https://github.com/gwen001) 336 | - [qsreplace](https://github.com/tomnomnom/qsreplace) from [@tomnomnom](https://github.com/tomnomnom) 337 | 338 | ### Forensic 339 | 340 | - [exiftool](https://github.com/exiftool/exiftool) 341 | - [steghide](https://github.com/StefanoDeVuono/steghide) 342 | - [binwalk](https://github.com/ReFirmLabs/binwalk) 343 | - [foremost](https://github.com/DogFive/foremost) 344 | 345 | ### Custom functions 346 | 347 | - NmapExtractPorts from [@s4vitar](https://github.com/s4vitar) 348 | 349 | ### Other services 350 | 351 | - apache2 352 | - squid 353 | - ssh 354 | - rsyslog 355 | 356 | ### Reporting tools 357 | 358 | - Latex 359 | 360 | ## :memo: Documentation 361 | 362 | See the project's [wiki](https://github.com/aaaguirrep/offensive-docker/wiki) for documentation. 363 | 364 | ## :hammer_and_wrench: Usage 365 | 366 | You can use the docker image by the next two options: 367 | 368 | ### Option 1 - Use the github repository 369 | 370 | git clone --depth 1 https://github.com/aaaguirrep/offensive-docker.git 371 | cd offensive-docker 372 | docker build -t offensive-docker . 373 | docker run --rm -it --name my-offensive-docker offensive-docker /bin/zsh 374 | 375 | ### Option 2 - Use the image from docker hub 376 | 377 | Use image from docker hub: [aaaguirrep/offensive-docker](https://hub.docker.com/r/aaaguirrep/offensive-docker) 378 | 379 | docker pull aaaguirrep/offensive-docker 380 | docker run --rm -it --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh 381 | 382 | ### Considerations to run the container 383 | 384 | There are differents use cases for use the image and you should know how to run the container properly. 385 | 386 | 1. Use the container to access HTB (Hack the Box) machines by HTB vpn. 387 | 388 | docker run --rm -it --cap-add=NET_ADMIN --device=/dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh 389 | 390 | 2. Share information from your local directory to container directory and save information on your local directory. You should save information under /offensive directory. 391 | 392 | docker run --rm -it -v /path/to/local/directory:/offensive --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh 393 | 394 | 3. Expose internal container services (apache, squid) for your local environment. 395 | 396 | docker run --rm -it --name my-offensive-docker -p 80:80 -p 3128:3128 aaaguirrep/offensive-docker /bin/zsh 397 | 398 | Inside the container start apache2 and squid services by the aliases. 399 | 400 | apacheUp 401 | squidUp 402 | 403 | 4. Mount directories by umount command. 404 | 405 | docker run --rm -it --privileged --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh 406 | 407 | 5. Tools are downloaded in /tools directory. 408 | 409 | ## :gear: Nice configurations 410 | 411 | You can set up the docker image with nice configurations like as: 412 | 413 | ### 1. Configure credentials in the docker 414 | 415 | To use access keys, tokens or API Keys in the docker review the next repo [Offensive Docker Custom](https://github.com/aaaguirrep/offensive-docker-custom) 416 | 417 | ### 2. Alias to connect to HTB (Hack the Box) VPN 418 | 419 | To use both options you should use -v option to map local directoty with /offensive container directory. 420 | 421 | #### Option 1 - HTB VPN using github repository 422 | 423 | Add the next line in step "Create shorcuts" in Dockerfile, build a new image and run a new container with the -v option. 424 | 425 | RUN echo "alias vpnhtb=\"openvpn /offensive/path/to/ovpn/file\"" >> /root/.zshrc 426 | 427 | #### Option 2 - HTB VPN using docker hub image 428 | 429 | Create a new Dockerfile with the next steps, build a new image and run a new container with -v option. 430 | 431 | FROM aaaguirrep/offensive-docker 432 | 433 | # Create a shortcut and load the ovpn file from workstation 434 | RUN echo "alias vpnhtb=\"openvpn /offensive/path/to/ovpn/file\"" >> /root/.zshrc 435 | 436 | ### 3. Save and load command history in your local environment 437 | 438 | When you delete a container all information is deleted incluide command history. The next configuration provides you an option for save the command history in your local environment and load it when you run a new container. So, you wont lose your command history when run a new container. 439 | 440 | To use both options you should use -v option to map local directoty with /offensive container directory. 441 | 442 | #### Option 1 - Command history using github repository 443 | 444 | Add the next line in step "Create shorcuts" in Dockerfile, build a new image and run a new container. 445 | 446 | # Save and load command history in your local environment 447 | RUN sed -i '1i export HISTFILE="/history/.zsh_history"' /root/.zshrc 448 | 449 | #### Option 2 - Command history using docker hub image 450 | 451 | Create a new Dockerfile with the next steps, build a new image and run a new container. 452 | 453 | FROM aaaguirrep/offensive-docker 454 | 455 | # Save and load command history in your local environment 456 | RUN sed -i '1i export HISTFILE="/history/.zsh_history"' /root/.zshrc 457 | 458 | ## :white_check_mark: Environment tested 459 | 460 | The image was tested in the following environments: 461 | 462 | - Docker service for Mac 463 | ```Docker version 19.03.13, build 4484c46d9d``` 464 | 465 | - Docker service for Linux instance on Google Cloud Platform 466 | ```Docker version 19.03.6, build 369ce74a3c``` 467 | 468 | - Docker service for Linux droplet on Digital Ocean 469 | ```Docker version 19.03.6, build 369ce74a3c``` 470 | 471 | ## :warning: Warning 472 | 473 | - Do not save information on container directories because it will be lost after delete the container, you should save information in your local environment using the parameter -v when you run the container. For instance: 474 | 475 | docker run --rm -it -v /path/to/local/directory:/offensive --name my-offensive-docker aaaguirrep/offensive-docker /bin/zsh 476 | 477 | The above command specify a path local directory mapped with /offensive container directory. You should save all information under /offensive directory. 478 | 479 | - Use hashcat and john the ripper on controlled environments as CTF. You can experiment issues. 480 | 481 | ## :coffee: Donations 482 | 483 | Thanks for your donations, are always appreciated. 484 | 485 | While I drink the coffee I check more tools to add in the docker image. 486 | 487 | [![Buy me a coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/aaaguirrep) 488 | 489 | ## Contributors 490 | 491 | Thank you to all our [contributors](https://github.com/aaaguirrep/offensive-docker/graphs/contributors)! 492 | 493 | ## Contributing 494 | 495 | [Contributing Guide](CONTRIBUTING.md) 496 | 497 | ## :chart_with_upwards_trend: Stargazers over time 498 | 499 | [![Stargazers over time](https://starchart.cc/aaaguirrep/offensive-docker.svg)](https://starchart.cc/aaaguirrep/offensive-docker) 500 | 501 | ## License 502 | 503 | [MIT](LICENSE) 504 | 505 | Copyright (c) 2020, Arsenio Aguirre 506 | -------------------------------------------------------------------------------- /img/banner.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aaaguirrep/offensive-docker/05f049fda05d258469293c9f2886c4fef38829d7/img/banner.jpg -------------------------------------------------------------------------------- /requirements_pip.txt: -------------------------------------------------------------------------------- 1 | pipenv 2 | py-altdns 3 | dnspython 4 | wfuzz 5 | ldapdomaindump 6 | impacket 7 | hashid 8 | droopescan 9 | spyse.py 10 | #sublist3r dependency 11 | argparse 12 | #photon dependency 13 | tld 14 | #jwt-tool dependency 15 | pycryptodomex 16 | wafw00f 17 | pyyaml -------------------------------------------------------------------------------- /shell/alias: -------------------------------------------------------------------------------- 1 | alias squidUp="service squid start" 2 | alias squidDwUp="service squid restart" 3 | alias squidDown="service squid stop" 4 | alias apacheUp="service apache2 start" 5 | alias apacheDwUp="service apache2 restart" 6 | alias apacheDown="service apache2 stop" 7 | -------------------------------------------------------------------------------- /shell/banner: -------------------------------------------------------------------------------- 1 | export VERSION=v0.3.3 2 | # Colours 3 | greenColour="\e[0;32m\033[1m" 4 | endColour="\033[0m\e[0m" 5 | redColour="\e[0;31m\033[1m" 6 | blueColour="\e[0;34m\033[1m" 7 | yellowColour="\e[0;33m\033[1m" 8 | grayColour="\e[0;37m\033[1m" 9 | # Banner 10 | echo "\t${greenColour}************************************************************************************${yellowColour}" 11 | figlet -c -w 100 Offensive Docker 12 | echo "\t${redColour}Version: ${blueColour}$VERSION${endColour}" 13 | echo "\t${greenColour}------------------------------------------------------------------------------------" 14 | echo "\t${redColour}Creator: ${blueColour}Arsenio Aguirre\t\t\t${redColour}Email: ${blueColour}a_aguirre117@hotmail.com" 15 | echo "\t${grayColour}Repositories links:" 16 | echo "\t${redColour}Docker Hub: ${blueColour}https://hub.docker.com/r/aaaguirrep/offensive-docker" 17 | echo "\t${redColour}Github: ${blueColour}https://github.com/aaaguirrep/offensive-docker" 18 | echo "\t${greenColour}************************************************************************************" 19 | -------------------------------------------------------------------------------- /shell/customFunctions: -------------------------------------------------------------------------------- 1 | function extractPorts(){ 2 | ports="$(cat $1 | grep -oP '\d{1,5}/open' | awk '{print $1}' FS='/' | xargs | tr ' ' ',')" 3 | ip_address="$(cat $1 | grep -oP '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}' | sort -u | head -n 1)" 4 | echo -e "\n[*] Extracting information...\n" > extractPorts.tmp 5 | echo -e "\t[*] IP Address: $ip_address" >> extractPorts.tmp 6 | echo -e "\t[*] Open ports: $ports\n" >> extractPorts.tmp 7 | cat extractPorts.tmp; rm extractPorts.tmp 8 | } 9 | --------------------------------------------------------------------------------