├── .github └── FUNDING.yml ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── Dockerfile ├── LICENSE ├── README.md └── configs ├── amass └── config.ini └── subfinder └── config.yaml /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | 2 | # These are supported funding model platforms 3 | 4 | # github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] 5 | # patreon: # Replace with a single Patreon username 6 | # open_collective: # Replace with a single Open Collective username 7 | # ko_fi: # Replace with a single Ko-fi username 8 | # tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 9 | # community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 10 | # liberapay: # Replace with a single Liberapay username 11 | # issuehunt: # Replace with a single IssueHunt username 12 | # otechie: # Replace with a single Otechie username 13 | custom: ['https://www.buymeacoffee.com/aaaguirrep'] 14 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and expression, 9 | level of experience, education, socio-economic status, nationality, personal 10 | appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | * Trolling, insulting/derogatory comments, and personal or political attacks 28 | * Public or private harassment 29 | * Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | * Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at a_aguirre117@hotmail.com. All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at 72 | 73 | [homepage]: https://www.contributor-covenant.org 74 | 75 | For answers to common questions about this code of conduct, see 76 | 77 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to Pentest image 2 | 3 | Want to contribute to docker image? We provide the next guide to help you get started. 4 | 5 | ## Reporting Issues 6 | 7 | A great way to contribute to the project is to send a detailed report when you encounter an issue. To make things easier for contributors and maintainers, we use github issues option. 8 | 9 | Please make sure to include a reproduction repository so that bugs can be reproduced without great efforts. The better a bug can be reproduced, the faster we can start fixing it! 10 | 11 | ## Pull Requests 12 | 13 | We'd love to see your pull requests, even if it's just to fix a typo! 14 | 15 | However, any significant improvement should be associated to an existing feature request or bug report. 16 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aaaguirrep/offensive-docker 2 | 3 | LABEL maintainer "Arsenio Aguirre" \ 4 | email "a_aguirre117@hotmail.com" 5 | 6 | # WPSCAN - wpvulndb TOKEN 7 | ENV WPSCAN_API_TOKEN ENTER_TOKEN_HERE 8 | 9 | # aws access keys 10 | ENV AWS_ACCESS_KEY_ID ENTER_AWS_ACCESS_KEY_HERE 11 | ENV AWS_SECRET_ACCESS_KEY ENTER_AWS_SECRET_ACCESS_KEY_HERE 12 | 13 | # load command history 14 | RUN \ 15 | sed -i '1i export HISTFILE="/path/to/.zsh_history"' /root/.zshrc && \ 16 | # Gitrob configuration 17 | sed -i '4i export GITROB_ACCESS_TOKEN=ENTER_TOKEN_HERE' /root/.zshrc && \ 18 | # Gitgraber configuration 19 | sed -i "1s/.*/GITHUB_TOKENS = ['ENTER_TOKEN_HERE', 'ENTER_TOKEN_HERE']/" /tools/gitRepositories/gitGraber/config.py && \ 20 | sed -i 's/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ENTER_TOKEN_HERE/' /tools/gitRepositories/gitGraber/config.py && \ 21 | sed -i 's/-999999999999999/ENTER_CHANNEL_NAME_HERE/' /tools/gitRepositories/gitGraber/config.py && \ 22 | sed -i 's|TXXXXXXXX/BXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXX|TOKEN_HERE/TOKEN_HERE/TOKEN_HERE|' /tools/gitRepositories/gitGraber/config.py && \ 23 | mkdir -p /root/.config/subfinder 24 | 25 | # Subfinder configuration 26 | COPY configs/subfinder/config.yaml /root/.config/subfinder/config.yaml 27 | 28 | # Findomain configuration 29 | ENV findomain_fb_token="ENTER_TOKEN_HERE" 30 | ENV findomain_virustotal_token="ENTER_TOKEN_HERE" 31 | ENV findomain_securitytrails_token="ENTER_TOKEN_HERE" 32 | ENV findomain_spyse_token="ENTER_TOKEN_HERE" 33 | 34 | # shortcuts 35 | RUN \ 36 | echo "alias vpnhtb=\"openvpn /path/to/vpnfile\"" >> /root/.zshrc && \ 37 | echo "alias vpnthm=\"openvpn /path/to/vpnfile\"" >> /root/.zshrc 38 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Arsenio Aguirre 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 |

Offensive Docker custom configurations

4 | 5 |

6 | 7 | Offensive Docker 12 | 13 |

14 |
15 |

16 | GitHub code size in bytes 17 | GitHub repo size 18 | GitHub last commit 19 | GitHub issues 20 | Docker Cloud Build Status 21 | Docker Automated build 22 | Docker Pulls 23 | Docker Image Size (latest by date) 24 | Docker Image Version (latest by date) 25 | Docker Stars 26 | GitHub 27 |

28 | 29 | Dockerfile with advanced configurations for Offensive Docker. 30 | 31 | ### Table of contents 32 | 33 | - [Features](#features) 34 | - [Tools](#tools) 35 | - [:hammer_and_wrench: Usage](#hammer_and_wrench-usage) 36 | - [Prerequisites](#prerequisites) 37 | - [Github repository](#github-repository) 38 | - [Considerations to run the container](#considerations-to-run-the-container) 39 | - [:white_check_mark: Environment tested](#white_check_mark-environment-tested) 40 | - [:coffee: Donations](#coffee-donations) 41 | - [Contributing](#contributing) 42 | - [License](#license) 43 | 44 | ## Features 45 | 46 | - Provide the api keys, tokens, etc, for different offensive tools. 47 | 48 | ## Tools 49 | 50 | - [gitrob](https://github.com/michenriksen/gitrob) 51 | - [gitGraber](https://github.com/hisxo/gitGraber) 52 | - [Amass](https://github.com/OWASP/Amass) 53 | - [findomain](https://github.com/Edu4rdSHL/findomain) 54 | - [subfinder](https://github.com/projectdiscovery/subfinder) 55 | - VPN alias for start VPN's profiles. 56 | - Persistent history file. 57 | 58 | ## :hammer_and_wrench: Usage 59 | 60 | ### Prerequisites 61 | 62 | - Docker service installed 63 | 64 | Use the docker image by the next option: 65 | 66 | ### Github repository 67 | 68 | git clone --depth 1 https://github.com/aaaguirrep/offensive-docker-custom.git offensive-docker 69 | cd offensive-docker 70 | # Copy and paste the tokens or api keys in the dockerfile and build the docker 71 | docker build -t offensive-docker . 72 | docker run --rm -it --name my-offensive-docker offensive-docker /bin/zsh 73 | 74 | ### Considerations to run the container 75 | 76 | There are differents use cases for use the image and you should know how to run the container properly. 77 | 78 | 1. Use the container to access HTB (Hack the Box) machines by HTB vpn. 79 | 80 | docker run --rm -it --cap-add=NET_ADMIN --device=/dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 --name my-offensive-docker offensive-docker /bin/zsh 81 | 82 | 2. Share information from your local directory to container directory and save information on your local directory. You should save information under /offensive directory. 83 | 84 | docker run --rm -it -v /path/to/local/directory:/offensive --name my-offensive-docker offensive-docker /bin/zsh 85 | 86 | 3. Mount directories by umount command. 87 | 88 | docker run --rm -it --privileged --name my-offensive-docker offensive-docker /bin/zsh 89 | 90 | ## :white_check_mark: Environment tested 91 | 92 | The image was tested in the following environments: 93 | 94 | - Docker service for Mac: Docker version 19.03.5, build 633a0ea 95 | 96 | - Docker service for Linux instance on Google Cloud Platform: Docker version 19.03.6, build 369ce74a3c 97 | 98 | - Docker service for Linux droplet on Digital Ocean: Docker version 19.03.6, build 369ce74a3c 99 | 100 | ## :coffee: Donations 101 | 102 | Thanks for your donations, are always appreciated. 103 | 104 | While I drink the coffee I check more tools to add in the docker image. 105 | 106 | [![Buy me a coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/aaaguirrep) 107 | 108 | ## Contributing 109 | 110 | [Contributing Guide](CONTRIBUTING.md) 111 | 112 | ## License 113 | 114 | [MIT](LICENSE) 115 | 116 | Copyright (c) 2020, Arsenio Aguirre 117 | -------------------------------------------------------------------------------- /configs/amass/config.ini: -------------------------------------------------------------------------------- 1 | # Copyright 2017 Jeff Foley. All rights reserved. 2 | # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 | 4 | # Should only passive data sources be used without DNS resolution? 5 | #mode = passive 6 | # Would you like to use more active techniques, such as pulling 7 | # certificates from discovered IP addresses? 8 | #mode = active 9 | 10 | # The directory that stores the Cayley graph database and other output files 11 | # The default is $HOME/amass 12 | #output_directory = amass 13 | 14 | # The maximum number of concurrent DNS queries that can be performed during the enumeration. 15 | #maximum_dns_queries = 1000 16 | 17 | # Would you like unresolved names to be included in the output? 18 | #include_unresolvable = true 19 | 20 | [network_settings] 21 | # Single IP address or range (e.g. a.b.c.10-245) 22 | #address = 192.168.1.1 23 | #cidr = 192.168.1.0/24 24 | #asn = 26808 25 | #port = 80 26 | port = 443 27 | #port = 8080 28 | 29 | # Root domain names used in the enumeration 30 | #[domains] 31 | #domain = owasp.org 32 | #domain = appsecusa.org 33 | #domain = appsec.eu 34 | #domain = appsec-labs.com 35 | 36 | # DNS resolvers used globally by the amass package 37 | #[resolvers] 38 | #public_dns_resolvers = false 39 | #score_resolvers = true 40 | #monitor_resolver_rate = true 41 | #resolver = 1.1.1.1 ; Cloudflare 42 | #resolver = 8.8.8.8 ; Google 43 | #resolver = 64.6.64.6 ; Verisign 44 | #resolver = 74.82.42.42 ; Hurricane Electric 45 | #resolver = 1.0.0.1 ; Cloudflare Secondary 46 | #resolver = 8.8.4.4 ; Google Secondary 47 | #resolver = 64.6.65.6 ; Verisign Secondary 48 | #resolver = 77.88.8.1 ; Yandex.DNS Secondary 49 | 50 | # Are there any subdomains that are out of scope? 51 | #[blacklisted] 52 | #subdomain = education.appsec-labs.com 53 | #subdomain = 2012.appsecusa.org 54 | 55 | # Are there any data sources that should not be utilized? 56 | #[disabled_data_sources] 57 | #data_source = Ask 58 | #data_source = Exalead 59 | #data_source = IPv4Info 60 | 61 | # Configure Amass to use a TinkerPop Server as the graph database 62 | # For an example of Gremlin settings see: https://docs.microsoft.com/en-us/azure/cosmos-db/create-graph-gremlin-console 63 | #[gremlin] 64 | #url = wss://localhost:8182 65 | #username = 66 | #password = 67 | 68 | # Settings related to brute forcing 69 | #[bruteforce] 70 | #enabled = true 71 | #recursive = true 72 | # Number of discoveries made in a subdomain before performing recursive brute forcing 73 | # Default is 0 74 | #minimum_for_recursive = 0 75 | #wordlist_file = /usr/share/wordlists/all.txt 76 | #wordlist_file = /usr/share/wordlists/all.txt # multiple lists can be used 77 | 78 | # Would you like to permute resolved names? 79 | #[alterations] 80 | #enabled = true 81 | # minimum_for_word_flip specifies the number of times a word must be seen before 82 | # using it for future word flips and word additions 83 | #minimum_for_word_flip = 2 84 | # edit_distance specifies the number of times a primitive edit operation will be 85 | # performed on a name sample during fuzzy label searching 86 | #edit_distance = 1 87 | #flip_words = true # test-dev.owasp.org -> test-prod.owasp.org 88 | #flip_numbers = true # test1.owasp.org -> test2.owasp.org 89 | #add_words = true # test.owasp.org -> test-dev.owasp.org 90 | #add_numbers = true # test.owasp.org -> test1.owasp.org 91 | #wordlist_file = /usr/share/wordlists/all.txt 92 | #wordlist_file = /usr/share/wordlists/all.txt # multiple lists can be used 93 | 94 | # Provide API key information for a data source 95 | #[AlienVault] 96 | #apikey = 97 | 98 | #[BinaryEdge] 99 | #apikey = 100 | 101 | [Censys] 102 | apikey = ENTER_APIKEY_HERE 103 | secret = ENTER_SECRET_HERE 104 | 105 | #[CIRCL] 106 | #username = 107 | #password = 108 | 109 | #[DNSDB] 110 | #apikey = 111 | 112 | #[GitHub] 113 | #apikey = 114 | 115 | #[NetworksDB] 116 | #apikey = 117 | 118 | [PassiveTotal] 119 | username = ENTER_USERNAME_HERE 120 | apikey = ENTER_APIKEY_HERE 121 | 122 | [SecurityTrails] 123 | apikey = ENTER_APIKEY_HERE 124 | 125 | [Shodan] 126 | apikey = ENTER_APIKEY_HERE 127 | 128 | [Spyse] 129 | apikey = ENTER_APIKEY_HERE 130 | 131 | # Provide your Twitter App Consumer API key and Consumer API secrety key 132 | #[Twitter] 133 | #apikey = 134 | #secret = 135 | 136 | # The apikey must be an API access token created through the Investigate management UI 137 | #[Umbrella] 138 | #apikey = 139 | 140 | # URLScan can be used without an API key, but the key allows new submissions to be made 141 | [URLScan] 142 | apikey = ENTER_APIKEY_HERE 143 | 144 | [VirusTotal] 145 | apikey = ENTER_APIKEY_HERE 146 | 147 | #[WhoisXML] 148 | #apikey= -------------------------------------------------------------------------------- /configs/subfinder/config.yaml: -------------------------------------------------------------------------------- 1 | resolvers: 2 | - 1.1.1.1 3 | - 1.0.0.1 4 | - 8.8.8.8 5 | - 8.8.4.4 6 | - 9.9.9.9 7 | - 9.9.9.10 8 | - 77.88.8.8 9 | - 77.88.8.1 10 | - 208.67.222.222 11 | - 208.67.220.220 12 | sources: 13 | - archiveis 14 | - binaryedge 15 | - bufferover 16 | - censys 17 | - certspotter 18 | - certspotterold 19 | - commoncrawl 20 | - crtsh 21 | - digicert 22 | - dnsdumpster 23 | - entrust 24 | - hackertarget 25 | - ipv4info 26 | - passivetotal 27 | - securitytrails 28 | - shodan 29 | - sitedossier 30 | - threatcrowd 31 | - threatminer 32 | - urlscan 33 | - virustotal 34 | - waybackarchive 35 | binaryedge: [] 36 | censys: 37 | - ENTER_APIKEY_HERE 38 | certspotter: [] 39 | passivetotal: 40 | - ENTER_APIKEY_HERE 41 | securitytrails: 42 | - ENTER_APIKEY_HERE 43 | shodan: 44 | - ENTER_APIKEY_HERE 45 | urlscan: 46 | - ENTER_APIKEY_HERE 47 | virustotal: 48 | - ENTER_APIKEY_HERE 49 | --------------------------------------------------------------------------------