├── .gitignore
├── LICENSE
├── MANIFEST.in
├── Makefile
├── README.md
├── THANKS.md
├── dwn
├── __init__.py
├── assets
│ └── Dockerfile
├── cli
│ ├── __init__.py
│ ├── cli.py
│ └── commands
│ │ ├── __init__.py
│ │ ├── base.py
│ │ ├── network.py
│ │ └── plans.py
├── config.py
└── plan.py
├── plans
├── altdns.yml
├── amass.yml
├── arjun.yml
├── binwalk.yml
├── cewl.yml
├── chisel.yml
├── cme.yml
├── commix.yml
├── dnsgen.yml
├── empire.yml
├── ffuf.yml
├── gau.yml
├── gobuster.yml
├── gowitness-report.yml
├── gowitness.yml
├── impacket.yml
├── metasploit.yml
├── netcat-reverse.yml
├── nginx.yml
├── searchsploit.yml
├── semgrep-sec.yml
├── sqlmap.yml
└── wpscan.yml
├── requirements.txt
└── setup.py
/.gitignore:
--------------------------------------------------------------------------------
1 | # Byte-compiled / optimized / DLL files
2 | __pycache__/
3 | *.py[cod]
4 | *$py.class
5 |
6 | # C extensions
7 | *.so
8 |
9 | # Distribution / packaging
10 | .Python
11 | build/
12 | develop-eggs/
13 | dist/
14 | downloads/
15 | eggs/
16 | .eggs/
17 | lib/
18 | lib64/
19 | parts/
20 | sdist/
21 | var/
22 | wheels/
23 | pip-wheel-metadata/
24 | share/python-wheels/
25 | *.egg-info/
26 | .installed.cfg
27 | *.egg
28 | MANIFEST
29 |
30 | # PyInstaller
31 | # Usually these files are written by a python script from a template
32 | # before PyInstaller builds the exe, so as to inject date/other infos into it.
33 | *.manifest
34 | *.spec
35 |
36 | # Installer logs
37 | pip-log.txt
38 | pip-delete-this-directory.txt
39 |
40 | # Unit test / coverage reports
41 | htmlcov/
42 | .tox/
43 | .nox/
44 | .coverage
45 | .coverage.*
46 | .cache
47 | nosetests.xml
48 | coverage.xml
49 | *.cover
50 | *.py,cover
51 | .hypothesis/
52 | .pytest_cache/
53 |
54 | # Translations
55 | *.mo
56 | *.pot
57 |
58 | # Django stuff:
59 | *.log
60 | local_settings.py
61 | db.sqlite3
62 | db.sqlite3-journal
63 |
64 | # Flask stuff:
65 | instance/
66 | .webassets-cache
67 |
68 | # Scrapy stuff:
69 | .scrapy
70 |
71 | # Sphinx documentation
72 | docs/_build/
73 |
74 | # PyBuilder
75 | target/
76 |
77 | # Jupyter Notebook
78 | .ipynb_checkpoints
79 |
80 | # IPython
81 | profile_default/
82 | ipython_config.py
83 |
84 | # pyenv
85 | .python-version
86 |
87 | # pipenv
88 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
89 | # However, in case of collaboration, if having platform-specific dependencies or dependencies
90 | # having no cross-platform support, pipenv may install dependencies that don't work, or not
91 | # install all needed dependencies.
92 | #Pipfile.lock
93 |
94 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow
95 | __pypackages__/
96 |
97 | # Celery stuff
98 | celerybeat-schedule
99 | celerybeat.pid
100 |
101 | # SageMath parsed files
102 | *.sage.py
103 |
104 | # Environments
105 | .env
106 | .venv
107 | env/
108 | venv/
109 | ENV/
110 | env.bak/
111 | venv.bak/
112 |
113 | # Spyder project settings
114 | .spyderproject
115 | .spyproject
116 |
117 | # Rope project settings
118 | .ropeproject
119 |
120 | # mkdocs documentation
121 | /site
122 |
123 | # mypy
124 | .mypy_cache/
125 | .dmypy.json
126 | dmypy.json
127 |
128 | # Pyre type checker
129 | .pyre/
130 | .idea/
131 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 3, 29 June 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU General Public License is a free, copyleft license for
11 | software and other kinds of works.
12 |
13 | The licenses for most software and other practical works are designed
14 | to take away your freedom to share and change the works. By contrast,
15 | the GNU General Public License is intended to guarantee your freedom to
16 | share and change all versions of a program--to make sure it remains free
17 | software for all its users. We, the Free Software Foundation, use the
18 | GNU General Public License for most of our software; it applies also to
19 | any other work released this way by its authors. You can apply it to
20 | your programs, too.
21 |
22 | When we speak of free software, we are referring to freedom, not
23 | price. Our General Public Licenses are designed to make sure that you
24 | have the freedom to distribute copies of free software (and charge for
25 | them if you wish), that you receive source code or can get it if you
26 | want it, that you can change the software or use pieces of it in new
27 | free programs, and that you know you can do these things.
28 |
29 | To protect your rights, we need to prevent others from denying you
30 | these rights or asking you to surrender the rights. Therefore, you have
31 | certain responsibilities if you distribute copies of the software, or if
32 | you modify it: responsibilities to respect the freedom of others.
33 |
34 | For example, if you distribute copies of such a program, whether
35 | gratis or for a fee, you must pass on to the recipients the same
36 | freedoms that you received. You must make sure that they, too, receive
37 | or can get the source code. And you must show them these terms so they
38 | know their rights.
39 |
40 | Developers that use the GNU GPL protect your rights with two steps:
41 | (1) assert copyright on the software, and (2) offer you this License
42 | giving you legal permission to copy, distribute and/or modify it.
43 |
44 | For the developers' and authors' protection, the GPL clearly explains
45 | that there is no warranty for this free software. For both users' and
46 | authors' sake, the GPL requires that modified versions be marked as
47 | changed, so that their problems will not be attributed erroneously to
48 | authors of previous versions.
49 |
50 | Some devices are designed to deny users access to install or run
51 | modified versions of the software inside them, although the manufacturer
52 | can do so. This is fundamentally incompatible with the aim of
53 | protecting users' freedom to change the software. The systematic
54 | pattern of such abuse occurs in the area of products for individuals to
55 | use, which is precisely where it is most unacceptable. Therefore, we
56 | have designed this version of the GPL to prohibit the practice for those
57 | products. If such problems arise substantially in other domains, we
58 | stand ready to extend this provision to those domains in future versions
59 | of the GPL, as needed to protect the freedom of users.
60 |
61 | Finally, every program is threatened constantly by software patents.
62 | States should not allow patents to restrict development and use of
63 | software on general-purpose computers, but in those that do, we wish to
64 | avoid the special danger that patents applied to a free program could
65 | make it effectively proprietary. To prevent this, the GPL assures that
66 | patents cannot be used to render the program non-free.
67 |
68 | The precise terms and conditions for copying, distribution and
69 | modification follow.
70 |
71 | TERMS AND CONDITIONS
72 |
73 | 0. Definitions.
74 |
75 | "This License" refers to version 3 of the GNU General Public License.
76 |
77 | "Copyright" also means copyright-like laws that apply to other kinds of
78 | works, such as semiconductor masks.
79 |
80 | "The Program" refers to any copyrightable work licensed under this
81 | License. Each licensee is addressed as "you". "Licensees" and
82 | "recipients" may be individuals or organizations.
83 |
84 | To "modify" a work means to copy from or adapt all or part of the work
85 | in a fashion requiring copyright permission, other than the making of an
86 | exact copy. The resulting work is called a "modified version" of the
87 | earlier work or a work "based on" the earlier work.
88 |
89 | A "covered work" means either the unmodified Program or a work based
90 | on the Program.
91 |
92 | To "propagate" a work means to do anything with it that, without
93 | permission, would make you directly or secondarily liable for
94 | infringement under applicable copyright law, except executing it on a
95 | computer or modifying a private copy. Propagation includes copying,
96 | distribution (with or without modification), making available to the
97 | public, and in some countries other activities as well.
98 |
99 | To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies. Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 |
103 | An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License. If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 |
112 | 1. Source Code.
113 |
114 | The "source code" for a work means the preferred form of the work
115 | for making modifications to it. "Object code" means any non-source
116 | form of a work.
117 |
118 | A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 |
123 | The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form. A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 |
134 | The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities. However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work. For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 |
147 | The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 |
151 | The Corresponding Source for a work in source code form is that
152 | same work.
153 |
154 | 2. Basic Permissions.
155 |
156 | All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met. This License explicitly affirms your unlimited
159 | permission to run the unmodified Program. The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work. This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 |
164 | You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force. You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright. Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 |
175 | Conveying under any other circumstances is permitted solely under
176 | the conditions stated below. Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 |
179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 |
181 | No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 |
187 | When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 |
195 | 4. Conveying Verbatim Copies.
196 |
197 | You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 |
205 | You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 |
208 | 5. Conveying Modified Source Versions.
209 |
210 | You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 |
214 | a) The work must carry prominent notices stating that you modified
215 | it, and giving a relevant date.
216 |
217 | b) The work must carry prominent notices stating that it is
218 | released under this License and any conditions added under section
219 | 7. This requirement modifies the requirement in section 4 to
220 | "keep intact all notices".
221 |
222 | c) You must license the entire work, as a whole, under this
223 | License to anyone who comes into possession of a copy. This
224 | License will therefore apply, along with any applicable section 7
225 | additional terms, to the whole of the work, and all its parts,
226 | regardless of how they are packaged. This License gives no
227 | permission to license the work in any other way, but it does not
228 | invalidate such permission if you have separately received it.
229 |
230 | d) If the work has interactive user interfaces, each must display
231 | Appropriate Legal Notices; however, if the Program has interactive
232 | interfaces that do not display Appropriate Legal Notices, your
233 | work need not make them do so.
234 |
235 | A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit. Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 |
245 | 6. Conveying Non-Source Forms.
246 |
247 | You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 |
252 | a) Convey the object code in, or embodied in, a physical product
253 | (including a physical distribution medium), accompanied by the
254 | Corresponding Source fixed on a durable physical medium
255 | customarily used for software interchange.
256 |
257 | b) Convey the object code in, or embodied in, a physical product
258 | (including a physical distribution medium), accompanied by a
259 | written offer, valid for at least three years and valid for as
260 | long as you offer spare parts or customer support for that product
261 | model, to give anyone who possesses the object code either (1) a
262 | copy of the Corresponding Source for all the software in the
263 | product that is covered by this License, on a durable physical
264 | medium customarily used for software interchange, for a price no
265 | more than your reasonable cost of physically performing this
266 | conveying of source, or (2) access to copy the
267 | Corresponding Source from a network server at no charge.
268 |
269 | c) Convey individual copies of the object code with a copy of the
270 | written offer to provide the Corresponding Source. This
271 | alternative is allowed only occasionally and noncommercially, and
272 | only if you received the object code with such an offer, in accord
273 | with subsection 6b.
274 |
275 | d) Convey the object code by offering access from a designated
276 | place (gratis or for a charge), and offer equivalent access to the
277 | Corresponding Source in the same way through the same place at no
278 | further charge. You need not require recipients to copy the
279 | Corresponding Source along with the object code. If the place to
280 | copy the object code is a network server, the Corresponding Source
281 | may be on a different server (operated by you or a third party)
282 | that supports equivalent copying facilities, provided you maintain
283 | clear directions next to the object code saying where to find the
284 | Corresponding Source. Regardless of what server hosts the
285 | Corresponding Source, you remain obligated to ensure that it is
286 | available for as long as needed to satisfy these requirements.
287 |
288 | e) Convey the object code using peer-to-peer transmission, provided
289 | you inform other peers where the object code and Corresponding
290 | Source of the work are being offered to the general public at no
291 | charge under subsection 6d.
292 |
293 | A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 |
297 | A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling. In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage. For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product. A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 |
310 | "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source. The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 |
318 | If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information. But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 |
329 | The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed. Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 |
337 | Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 |
343 | 7. Additional Terms.
344 |
345 | "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law. If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 |
354 | When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it. (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.) You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 |
361 | Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 |
365 | a) Disclaiming warranty or limiting liability differently from the
366 | terms of sections 15 and 16 of this License; or
367 |
368 | b) Requiring preservation of specified reasonable legal notices or
369 | author attributions in that material or in the Appropriate Legal
370 | Notices displayed by works containing it; or
371 |
372 | c) Prohibiting misrepresentation of the origin of that material, or
373 | requiring that modified versions of such material be marked in
374 | reasonable ways as different from the original version; or
375 |
376 | d) Limiting the use for publicity purposes of names of licensors or
377 | authors of the material; or
378 |
379 | e) Declining to grant rights under trademark law for use of some
380 | trade names, trademarks, or service marks; or
381 |
382 | f) Requiring indemnification of licensors and authors of that
383 | material by anyone who conveys the material (or modified versions of
384 | it) with contractual assumptions of liability to the recipient, for
385 | any liability that these contractual assumptions directly impose on
386 | those licensors and authors.
387 |
388 | All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10. If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term. If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 |
398 | If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 |
403 | Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 |
407 | 8. Termination.
408 |
409 | You may not propagate or modify a covered work except as expressly
410 | provided under this License. Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 |
415 | However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 |
422 | Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 |
429 | Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License. If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 |
435 | 9. Acceptance Not Required for Having Copies.
436 |
437 | You are not required to accept this License in order to receive or
438 | run a copy of the Program. Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance. However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work. These actions infringe copyright if you do
443 | not accept this License. Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 |
446 | 10. Automatic Licensing of Downstream Recipients.
447 |
448 | Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License. You are not responsible
451 | for enforcing compliance by third parties with this License.
452 |
453 | An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations. If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 |
463 | You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License. For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 |
471 | 11. Patents.
472 |
473 | A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based. The
475 | work thus licensed is called the contributor's "contributor version".
476 |
477 | A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version. For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 |
487 | Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 |
492 | In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement). To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 |
499 | If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients. "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 |
513 | If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 |
521 | A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License. You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 |
536 | Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 |
540 | 12. No Surrender of Others' Freedom.
541 |
542 | If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License. If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all. For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 |
552 | 13. Use with the GNU Affero General Public License.
553 |
554 | Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work. The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 |
563 | 14. Revised Versions of this License.
564 |
565 | The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time. Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 |
570 | Each version is given a distinguishing version number. If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation. If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 |
579 | If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 |
584 | Later license versions may give you additional or different
585 | permissions. However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 |
589 | 15. Disclaimer of Warranty.
590 |
591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 |
600 | 16. Limitation of Liability.
601 |
602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 |
612 | 17. Interpretation of Sections 15 and 16.
613 |
614 | If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 |
621 | END OF TERMS AND CONDITIONS
622 |
623 | How to Apply These Terms to Your New Programs
624 |
625 | If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 |
629 | To do so, attach the following notices to the program. It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 |
634 |
635 | Copyright (C)
636 |
637 | This program is free software: you can redistribute it and/or modify
638 | it under the terms of the GNU General Public License as published by
639 | the Free Software Foundation, either version 3 of the License, or
640 | (at your option) any later version.
641 |
642 | This program is distributed in the hope that it will be useful,
643 | but WITHOUT ANY WARRANTY; without even the implied warranty of
644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
645 | GNU General Public License for more details.
646 |
647 | You should have received a copy of the GNU General Public License
648 | along with this program. If not, see .
649 |
650 | Also add information on how to contact you by electronic and paper mail.
651 |
652 | If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 |
655 | Copyright (C)
656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 | This is free software, and you are welcome to redistribute it
658 | under certain conditions; type `show c' for details.
659 |
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License. Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 |
664 | You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | .
668 |
669 | The GNU General Public License does not permit incorporating your program
670 | into proprietary programs. If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library. If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License. But first, please read
674 | .
675 |
--------------------------------------------------------------------------------
/MANIFEST.in:
--------------------------------------------------------------------------------
1 | include requirements.txt
2 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | DIST_DIR := dist
2 |
3 | default: clean sdist
4 |
5 | clean:
6 | $(RM) $(DIST_DIR)/*
7 |
8 | sdist:
9 | python setup.py sdist
10 |
11 | testupload:
12 | twine upload dist/* -r testpypi
13 |
14 | upload:
15 | twine upload dist/*
16 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | 🥽 dwn
4 |
5 |
6 |
7 |
8 | d(ockerp)wn - a docker attack tool manager
9 |
10 | 
11 | 
12 |
13 |
14 |
15 | ## introduction
16 |
17 | `dwn` is a "docker-compose for hackers". Using a simple YAML "plan" format similar to `docker-compose`, image names, versions and volume / port mappings are defined to setup a tool for use.
18 |
19 | ## features
20 |
21 | With `dwn` you can:
22 |
23 | - Configure common pentest tools for use in a docker container
24 | - Have context aware volume mounts
25 | - Dynamically modify port bindings without container restarts
26 | - And more!
27 |
28 | ## installation
29 |
30 | Simply run `pip3 install dwn`.
31 |
32 | ## usage
33 |
34 | `dwn` is actually really simple. The primary concept is that of "plans" where information about a tool (such as name, version, mounts and binds) are defined. There are a few [built-in plans](plans/) already available, but you can also roll your own. Without arguments, just running `dwn` would look like this.
35 |
36 | ```text
37 | ❯ dwn
38 | Usage: dwn [OPTIONS] COMMAND [ARGS]...
39 |
40 | __
41 | ___/ / _____
42 | / _ / |/|/ / _ \
43 | \_,_/|__,__/_//_/
44 | docker pwn tool manager
45 | by @leonjza / @sensepost
46 |
47 | Options:
48 | --debug enable debug logging
49 | --help Show this message and exit.
50 |
51 | Commands:
52 | check Check plans and Docker environment
53 | network Work with networks
54 | plans Work with plans
55 | run Run a plan
56 | show Show running plans
57 | stop Stop a plan
58 | ```
59 |
60 | To list the available plans, run `dwn plans show`.
61 |
62 | ```text
63 | ❯ dwn plans show
64 | dwn plans
65 | ┏━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
66 | ┃ name ┃ path ┃
67 | ┡━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
68 | │ sqlmap │ /tools/dwn/plans/sqlmap.yml │
69 | │ wpscan │ /tools/dwn/plans/wpscan.yml │
70 | │ gowitness-report │ /tools/dwn/plans/gowitness-report.yml │
71 | │ msfconsole │ /tools/dwn/plans/msfconsole.yml │
72 | │ gowitness │ /tools/dwn/plans/gowitness.yml │
73 | │ nginx │ /tools/dwn/plans/nginx.yml │
74 | │ cme │ /tools/dwn/plans/cme.yml │
75 | │ netcat-reverse │ /tools/dwn/plans/netcat-reverse.yml │
76 | │ semgrep-sec │ /tools/dwn/plans/semgrep-sec.yml │
77 | │ semgrep-ci │ ~/.dwn/plans/semgrep-ci.yml │
78 | │ neo4j │ ~/.dwn/plans/neo4j.yml │
79 | └──────────────────┴───────────────────────────────────────┘
80 | 11 plans
81 | ```
82 |
83 | To run a plan such as `gowitness` screenshotting , run `dwn run gowitness --disable-db single https://www.google.com`. This plan will exit when done, so you don’t have to `dwn stop gowitness`.
84 |
85 | ```text
86 | ❯ dwn run gowitness --disable-db single https://www.google.com
87 | (i) found plan for gowitness
88 | (i) volume: ~/scratch -> /data
89 | (i) streaming container logs
90 | 08 Feb 2021 10:46:18 INF preflight result statuscode=200 title=Google url=https://www.google.com
91 | ❯
92 | ❯ ls screenshots
93 | https-www.google.com.png
94 | ```
95 |
96 | A plan such as `netcat-reverse` however will stay alive. You can connect to the plans TTY after it is started to interact with any shells you may receive. Example usage would be:
97 |
98 | ```text
99 | ❯ dwn run netcat-reverse
100 | (i) found plan for netcat-reverse
101 | (i) port: 4444<-4444
102 | (i) container booted! attach & detach commands are:
103 | (i) attach: docker attach dwn_wghz_netcat-reverse
104 | (i) detach: ctrl + p, ctrl + q
105 | ```
106 |
107 | Attaching to the plan (and executing `nc -e` somewhere else)
108 |
109 | ```text
110 | ❯ docker attach dwn_wghz_netcat-reverse
111 | connect to [::ffff:172.19.0.2]:4444 from dwn_wghz_netcat-reverse_net_4444_4444.dwn:46318 ([::ffff:172.19.0.3]:46318)
112 |
113 | env | grep -i shell
114 | SHELL=/bin/zsh
115 |
116 | read escape sequence
117 | ```
118 |
119 | You can get a running plan report too
120 |
121 | ```text
122 | ❯ dwn show
123 | running plan report
124 | ┏━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━┓
125 | ┃ plan ┃ container(s) ┃ port(s) ┃ volume(s) ┃
126 | ┡━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━┩
127 | │ netcat-reverse │ dwn_wghz_netcat-reverse_net_4444_4444 │ 4444<-4444 │ │
128 | │ │ dwn_wghz_netcat-reverse │ │ │
129 | └────────────────┴───────────────────────────────────────┴────────────┴───────────┘
130 | ```
131 |
132 | And finally, stop a plan.
133 |
134 | ```text
135 | ❯ dwn stop netcat-reverse -y
136 | (i) stopping 2 containers for plan netcat-reverse
137 | ```
138 |
139 | ## networking
140 |
141 | `dwn` lets you dynamically map ports to plans without any container restarts. Networking commands live under the `dwn network` subcommand. Taking the [nginx](plans/nginx.yml) plan as an example, we can add a port mapping dynamically. First, start the `nginx` plan.
142 |
143 | ```text
144 | ❯ dwn run nginx
145 | (i) found plan for nginx
146 | (i) volume: ~/scratch -> /usr/share/nginx/html
147 | (i) port: 80<-8888
148 | (i) container dwn_wghz_nginx started for plan nginx, detaching
149 | ```
150 |
151 | Next, test the communication with cURL
152 |
153 | ```text
154 | ❯ curl localhost:8888/poo.txt
155 | haha, you touched it!
156 |
157 | ❯ curl localhost:9000/poo.txt
158 | curl: (7) Failed to connect to localhost port 9000: Connection refused
159 | ```
160 |
161 | Port 9000 is not open, so let's add a new port binding and test connectivity
162 |
163 | ```text
164 | ❯ dwn network add nginx -i 80 -o 9000
165 | (i) port binding for 9000->nginx:80 created
166 | ❯
167 | ❯ curl localhost:9000/poo.txt
168 | haha, you touched it!
169 | ```
170 |
171 | ## updating plans
172 |
173 | The `dwn plans pull` command can be used to update the `images` defined in plans. To only update a single plan, add the plan name after `pull`. Eg: `dwn plans pull nginx`.
174 |
175 | ## writing plans
176 |
177 | A `dwn plans new` command exists to quickly scaffold a new plan. While only a few options are needed to get a plan up and running, all of the options that exist in the Python Docker SDK for the [run](https://docker-py.readthedocs.io/en/stable/containers.html#docker.models.containers.ContainerCollection.run) call are valid tags that can be used.
178 |
179 | ## license
180 |
181 | `dwn` is licensed under a [GNU General Public v3 License](https://www.gnu.org/licenses/gpl-3.0.en.html). Permissions beyond the scope of this license may be available at .
182 |
--------------------------------------------------------------------------------
/THANKS.md:
--------------------------------------------------------------------------------
1 | - Anubis (@AnubisOnSec)
2 |
--------------------------------------------------------------------------------
/dwn/__init__.py:
--------------------------------------------------------------------------------
1 | __version__ = "1.1.1"
2 |
--------------------------------------------------------------------------------
/dwn/assets/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM alpine
2 |
3 | # This dockerfile is used for network forwarding to services.
4 |
5 | ENV REMOTE_HOST=localhost
6 | ENV REMOTE_PORT=80
7 | ENV LOCAL_PORT=80
8 |
9 | RUN apk add --update --no-cache \
10 | socat \
11 | && rm -rf /var/cache/apk/
12 |
13 | CMD socat -d -d tcp-listen:$LOCAL_PORT,reuseaddr,fork tcp:$REMOTE_HOST:$REMOTE_PORT & pid=$! && \
14 | trap "kill $pid" SIGINT && \
15 | trap "kill $pid" SIGTERM && \
16 | echo "forwarding $LOCAL_PORT to $REMOTE_HOST:$REMOTE_PORT ($pid)" && \
17 | wait $pid
18 |
--------------------------------------------------------------------------------
/dwn/cli/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/dwn/26c307630baba208fe982a1b3fa2c479a3a17523/dwn/cli/__init__.py
--------------------------------------------------------------------------------
/dwn/cli/cli.py:
--------------------------------------------------------------------------------
1 | import click
2 |
3 | from dwn import __version__
4 | from dwn.cli.commands.base import check, run, stop, show
5 | from dwn.cli.commands.network import network
6 | from dwn.cli.commands.plans import plans
7 | from dwn.config import console
8 |
9 |
10 | @click.command()
11 | def version():
12 | console.print(f'dwn version [cyan]{__version__}[/]')
13 |
14 |
15 | @click.group()
16 | @click.option('--debug', is_flag=True, default=False, help='enable debug logging')
17 | def cli(debug):
18 | """
19 | \b
20 | __
21 | ___/ / _____
22 | / _ / |/|/ / _ \\
23 | \\_,_/|__,__/_//_/
24 | docker pwn tool manager \b
25 | by @leonjza / @sensepost
26 |
27 | """
28 | if debug:
29 | console.debug_enabled = True
30 |
31 |
32 | cli.add_command(version)
33 |
34 | # base
35 | cli.add_command(check)
36 | cli.add_command(run)
37 | cli.add_command(show)
38 | cli.add_command(stop)
39 |
40 | # groups
41 | cli.add_command(plans)
42 | cli.add_command(network)
43 |
44 | if __name__ == '__main__':
45 | cli()
46 |
--------------------------------------------------------------------------------
/dwn/cli/commands/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/dwn/26c307630baba208fe982a1b3fa2c479a3a17523/dwn/cli/commands/__init__.py
--------------------------------------------------------------------------------
/dwn/cli/commands/base.py:
--------------------------------------------------------------------------------
1 | import click
2 | import docker
3 | from docker.errors import DockerException, ImageNotFound, NotFound
4 | from rich.table import Table
5 |
6 | from dwn.config import config, console
7 | from dwn.plan import Loader
8 |
9 |
10 | @click.command()
11 | def check():
12 | """
13 | Check plans and Docker environment
14 | """
15 |
16 | # plans
17 | loader = Loader()
18 | console.info(f'loaded [bold]{len(loader.valid_plans())}[/] valid plans')
19 |
20 | # docker
21 | try:
22 | client = docker.from_env()
23 | info = client.info()
24 | console.info(f'docker server version: [bold]{info.get("ServerVersion")}[/]')
25 |
26 | # network container
27 | client.images.get(config.net_container_name())
28 | console.info(f'network image [bold]\'{config.net_container_name()}\'[/] exists')
29 |
30 | # dwn docker network
31 | client.networks.get(config.net_name())
32 | console.info(f'docker network [bold]\'{config.net_name()}\'[/] exists')
33 |
34 | except ImageNotFound as _:
35 | console.warn(f'network image [bold]\'{config.net_container_name()}\'[/] does not exist. '
36 | f'build it with the [bold]\'network build-container\'[/] command')
37 |
38 | except NotFound as _:
39 | console.warn(f'docker network [bold]\'{config.net_name()}\'[/] not found.'
40 | f'use [bold]\'docker network create {config.net_name()}\'[/] to should solve that.')
41 |
42 | except DockerException as e:
43 | console.error(f'docker client error type [dim]{type(e)}[/]: [bold]{e}[/]')
44 |
45 | console.info('[green]everything seems to be ok to use dwn![/]')
46 |
47 |
48 | @click.command(context_settings=dict(
49 | ignore_unknown_options=True,
50 | )) # allow passing through options to the docker command
51 | @click.argument('name')
52 | @click.argument('extra_args', nargs=-1)
53 | def run(name, extra_args):
54 | """
55 | Run a plan
56 | """
57 |
58 | loader = Loader()
59 | if not (plan := loader.get_plan(name)):
60 | console.error(f'unable to find plan [bold]{name}[/]')
61 | return
62 |
63 | console.info(f'found plan for [cyan]{name}[/]')
64 | if (c := len(plan.container.containers())) > 0:
65 | console.error(f'plan [bold]{name}[/] already has [b]{c}[/] containers running')
66 | console.info(f'use [bold]dwn show[/] to see running plans. [bold]dwn stop [/] to stop')
67 | return
68 |
69 | plan.add_commands(extra_args) if extra_args else None
70 |
71 | for v, o in plan.volumes.items():
72 | console.info(f'volume: {v} -> {o["bind"]}')
73 |
74 | for m in plan.exposed_ports:
75 | console.info(f'port: {m[0]}<-{m[1]}')
76 |
77 | service = plan.container.run()
78 |
79 | if plan.detach:
80 | console.info(f'container [bold]{service.name}[/] started for plan [cyan]{plan.name}[/], detaching')
81 | return
82 |
83 | if plan.tty:
84 | console.info('container booted! attach & detach commands are:')
85 | console.info(f'attach: [bold]docker attach [cyan]{plan.container.get_container_name()}[/][/]')
86 | console.info(f'detach: [bold]ctrl + [red]p[/], ctrl + [red]q[/][/]')
87 | return
88 |
89 | console.info('streaming container logs')
90 | try:
91 | for log in service.attach(stdout=True, stderr=True, stream=True, logs=True):
92 | click.echo(log.rstrip())
93 | except docker.errors.NotFound:
94 | console.warn(f'unable to stream logs. service container '
95 | f'[bold]{service.name}[/] may have already stopped')
96 | plan.container.stop()
97 | return
98 |
99 | # if log streaming is done, we're assuming the container exited too,
100 | # so cleanup anything else.
101 | plan.container.stop()
102 |
103 |
104 | @click.command()
105 | def show():
106 | """
107 | Show running plans
108 | """
109 |
110 | loader = Loader()
111 |
112 | table = Table(title='running plan report')
113 | table.add_column('plan')
114 | table.add_column('container(s)')
115 | table.add_column('port(s)')
116 | table.add_column('volume(s)')
117 |
118 | for plan in loader.valid_plans():
119 | if not len(plan.container.containers()) > 0:
120 | continue
121 |
122 | table.add_row(f'[bold]{plan.name}[/]',
123 | '\n'.join(f'[cyan]{c.name}[/]' for c in plan.container.containers()),
124 | '\n'.join(f'[blue]{p[1]}<-{p[0]}[/]' for p in plan.container.ports()),
125 | f"[green]{','.join(f'{v[0]}->{v[1]}' for v in plan.volumes.items())}[/]",
126 | )
127 |
128 | console.print(table)
129 |
130 |
131 | @click.command()
132 | @click.argument('name')
133 | @click.option('--yes', '-y', is_flag=True, default=False, help='do not prompt for confirmation')
134 | def stop(name, yes):
135 | """
136 | Stop a plan
137 | """
138 |
139 | if not yes:
140 | if not click.confirm(f'are you sure you want to stop containers for plan {name}?'):
141 | console.info('not stopping any plans')
142 | return
143 |
144 | loader = Loader()
145 | if not (plan := loader.get_plan(name)):
146 | console.error(f'unable to find plan [bold]{name}[/]')
147 | return
148 |
149 | console.info(f'stopping [bold]{len(plan.container.containers())}[/] containers for plan [cyan]{name}[/]')
150 | plan.container.stop()
151 |
--------------------------------------------------------------------------------
/dwn/cli/commands/network.py:
--------------------------------------------------------------------------------
1 | import click
2 | import docker
3 | from docker.errors import DockerException
4 |
5 | from dwn.config import config, console, NETWORK_CONTAINER_PATH
6 | from dwn.plan import Loader
7 |
8 |
9 | @click.group()
10 | def network():
11 | """
12 | Work with networks
13 | """
14 |
15 | pass
16 |
17 |
18 | @network.command()
19 | def build_container():
20 | """
21 | Builds the network container
22 | """
23 |
24 | console.info('building network container')
25 |
26 | try:
27 | client = docker.from_env()
28 | except DockerException as e:
29 | console.error(f'docker client failed: [bold]{e}[/]')
30 | return
31 |
32 | console.debug(f'path to docker context is: [bold]{NETWORK_CONTAINER_PATH}[/]')
33 | console.debug(f'network container will be called [bold]\'{config.net_container_name()}\'[/]')
34 |
35 | image, logs = client.images.build(
36 | path=str(NETWORK_CONTAINER_PATH), pull=True, tag=config.net_container_name())
37 |
38 | for log in logs:
39 | console.debug(log)
40 |
41 | console.info(f'network container \'{config.net_container_name()}\' built')
42 |
43 |
44 | @network.command()
45 | @click.argument('name')
46 | @click.option('--outside', '-o', required=True, help='the outside, host port to open')
47 | @click.option('--inside', '-i', required=True, help='the inside, container port to forward to')
48 | def add(name, outside, inside):
49 | """
50 | Add a port to a plan
51 | """
52 |
53 | loader = Loader()
54 | if not (plan := loader.get_plan(name)):
55 | console.error(f'unable to find plan [bold]{name}[/]')
56 | return
57 |
58 | plan.container.run_net(outside, inside)
59 | console.info(f'port binding for {outside}->{plan.name}:{inside} created')
60 |
61 |
62 | @network.command()
63 | @click.argument('name')
64 | @click.option('--outside', '-o', required=True, help='the outside, host port to open')
65 | @click.option('--inside', '-i', required=True, help='the inside, container port to forward to')
66 | def remove(name, outside, inside):
67 | """
68 | Removes a port mapping from a plan
69 | """
70 |
71 | loader = Loader()
72 | if not (plan := loader.get_plan(name)):
73 | console.error(f'unable to find plan [bold]{name}[/]')
74 | return
75 |
76 | plan.container.stop_net(outside, inside)
77 | console.info(f'port binding for {outside}->{plan.name}:{inside} removed')
78 |
--------------------------------------------------------------------------------
/dwn/cli/commands/plans.py:
--------------------------------------------------------------------------------
1 | from io import BytesIO
2 |
3 | import click
4 | import docker
5 | import yaml
6 | from docker.errors import DockerException, ImageNotFound
7 | from rich.table import Table
8 |
9 | from dwn.config import console
10 | from dwn.plan import Loader
11 |
12 |
13 | @click.group()
14 | def plans():
15 | """
16 | Work with plans
17 | """
18 |
19 | pass
20 |
21 |
22 | @plans.command()
23 | @click.option('--detail', is_flag=True, default=False)
24 | def show(detail):
25 | """
26 | Shows all of the available plans
27 | """
28 |
29 | loader = Loader()
30 |
31 | if detail:
32 | table = Table(title='dwn plans', show_lines=True, caption=f'{len(loader.valid_plans())} plans')
33 | table.add_column('name')
34 | table.add_column('path', overflow='fold')
35 | table.add_column('volumes', overflow='fold')
36 | table.add_column('ports')
37 | table.add_column('yaml', no_wrap=True)
38 |
39 | for p in loader.valid_plans():
40 | table.add_row(
41 | f'[bold]{p.name}[/]',
42 | f'[dim]{p.plan_path}[/]',
43 | f"[green]{','.join(f'{v[0]}->{v[1]}' for v in p.volumes.items())}[/]",
44 | f"[blue]{','.join(f'{o[0]}<-{o[1]}' for o in p.exposed_ports)}[/]",
45 | f'{open(p.plan_path).read()}',
46 | )
47 |
48 | console.print(table)
49 |
50 | return
51 |
52 | table = Table(title='dwn plans', caption=f'{len(loader.valid_plans())} plans')
53 | table.add_column('name')
54 | table.add_column('path', overflow='fold')
55 |
56 | for p in loader.valid_plans():
57 | table.add_row(
58 | f'[bold]{p.name}[/]',
59 | f'[dim]{p.plan_path}[/]',
60 | )
61 |
62 | console.print(table)
63 |
64 |
65 | @plans.command()
66 | @click.argument('name')
67 | def info(name):
68 | """
69 | Displays detailed information about a plan.
70 | """
71 |
72 | loader = Loader()
73 |
74 | if not (plan := loader.get_plan(name)):
75 | console.error(f'unable to find plan: [bold]{name}[/]')
76 | return
77 |
78 | table = Table(title=f'plan info for [bold]{name}[/]')
79 | table.add_column('section')
80 | table.add_column('values')
81 |
82 | table.add_row('plan name', f'[bold]{plan.name}[/]')
83 | table.add_row('plan image', f'[bold]{plan.image}[/]')
84 | table.add_row('plan version', f'[bold]{plan.version}[/]')
85 | table.add_row('')
86 | table.add_row('detach', f'[bold]{plan.detach}[/]')
87 | table.add_row('command', f'[bold]{plan.command}[/]')
88 | table.add_row('port maps', f"[blue]{','.join(f'{o[0]}<-{o[1]}' for o in plan.exposed_ports)}[/]")
89 | table.add_row('volume maps', f"[green]{','.join(f'{v[0]}->{v[1]}' for v in plan.volumes.items())}[/]")
90 |
91 | console.print(table)
92 |
93 | table = Table(title=f'docker image info for plan [bold]{name}[/]')
94 | table.add_column('section')
95 | table.add_column('values')
96 |
97 | try:
98 | client = docker.from_env()
99 | image = client.images.get(name=plan.image_version())
100 | except ImageNotFound as e:
101 | table.add_row('docker image', f'[red]local docker image not found: [bold]{e}[/][/]')
102 | console.print(table)
103 | return
104 | except DockerException as e:
105 | table.add_row('docker image', f'[red]failed to connect to docker: [bold]{e}[/][/]')
106 | console.print(table)
107 | return
108 |
109 | table.add_row('docker author', f'{image.attrs.get("Author")}')
110 | table.add_row('docker created', f'{image.attrs.get("Created")}')
111 | table.add_row('docker repo tags', f'{",".join(image.attrs.get("RepoTags"))}')
112 | if image.attrs.get('Config').get('Labels'):
113 | for k, v in image.attrs.get('Config').get('Labels').items():
114 | table.add_row('docker label', f'{k}={v}')
115 |
116 | console.print(table)
117 |
118 |
119 | @plans.command()
120 | @click.argument('name', required=False)
121 | def update(name):
122 | """
123 | Update plan images.
124 | """
125 |
126 | plan_targets = []
127 |
128 | if not name and not click.confirm('> a plan name was not specified, '
129 | 'pull all valid plan images?'):
130 | return
131 |
132 | try:
133 | client = docker.from_env()
134 | except DockerException as e:
135 | console.error(f'failed to connect to docker: [bold]{e}[/e]')
136 | return
137 |
138 | loader = Loader()
139 |
140 | if name:
141 | plan_targets.append(loader.get_plan(name))
142 | else:
143 | [plan_targets.append(n) for n in loader.valid_plans()]
144 |
145 | for p in plan_targets:
146 | if p is None:
147 | continue
148 |
149 | try:
150 | # build the image if we have an inline dockerfile
151 | if p.has_dockerfile():
152 | console.info(f'building image [bold]{p.image_version()}[/]')
153 | dockerfile = BytesIO(p.dockerfile.encode('utf-8'))
154 |
155 | _, logs = client.images.build(fileobj=dockerfile, pull=True, tag=p.image_version(), rm=True,
156 | forcerm=True, nocache=True)
157 | for log in logs:
158 | console.debug(log)
159 |
160 | console.info(f'container for [bold]{p.image_version()}[/] built')
161 |
162 | # pull the image instead
163 | else:
164 | console.info(f'pulling image [bold]{p.image_version()}[/]')
165 | client.images.pull(p.image, tag=p.version)
166 |
167 | except ImageNotFound as e:
168 | console.error(f'failed to pull image: [bold]{e}[/]')
169 | continue
170 | except DockerException as e:
171 | console.error(f'a docker exception occurred: [bold]{e}[/]')
172 | continue
173 |
174 | console.info(f'image [bold]{p.image_version()}[/] for plan [cyan]{p.name}[/] updated')
175 |
176 |
177 | @plans.command()
178 | @click.argument('name', required=False)
179 | def new(name):
180 | p = {
181 | 'name': name if name else 'name',
182 | 'image': f'{name}/{name}' if name else 'vendor/image',
183 | 'command': 'gowitness report serve',
184 | 'detach': True,
185 | 'tty': False,
186 | 'dockerfile': None,
187 | 'volumes': {
188 | '.': {'bind': '/data'}
189 | },
190 | 'ports': [
191 | {7171: 7171}
192 | ]
193 | }
194 |
195 | out = f'[dim]# example plan\n' \
196 | f'#\n' \
197 | f'# name & image keys are required\n' \
198 | f'#\n' \
199 | f'# volume format it host:container\n' \
200 | f'# port binding format is container:host\n' \
201 | f'\n' \
202 | f'---\n' \
203 | f'\n' \
204 | f'{yaml.dump(p, sort_keys=False)}\n[/]'
205 |
206 | console.print(out)
207 |
--------------------------------------------------------------------------------
/dwn/config.py:
--------------------------------------------------------------------------------
1 | import inspect
2 | import random
3 | import string
4 | from pathlib import Path
5 |
6 | import yaml
7 | from rich.console import Console as RichConsole
8 |
9 | BASE = Path('~/.dwn').expanduser()
10 |
11 | USER_PLAN_DIRECTORY = BASE / 'plans'
12 | DIST_PLAN_DIRECTORY = Path(__file__).parent.parent / 'plans'
13 | CONFIG_PATH = BASE / 'config.yml'
14 | NETWORK_CONTAINER_PATH = Path(__file__).parent / 'assets'
15 |
16 | # ensure basic files & directories exist
17 | USER_PLAN_DIRECTORY.mkdir(parents=True, exist_ok=True)
18 | CONFIG_PATH.touch(exist_ok=True)
19 |
20 |
21 | class Config(object):
22 | """
23 | Config is a dwn configuration class
24 | """
25 |
26 | config: dict
27 |
28 | def __init__(self):
29 | with CONFIG_PATH.open() as f:
30 | self.config = yaml.load(f, Loader=yaml.SafeLoader)
31 |
32 | # init an empty dict
33 | if not self.config:
34 | self.config = {}
35 |
36 | self.ensure_defaults()
37 |
38 | def ensure_defaults(self):
39 | if 'object_prefix' not in self.config:
40 | self.config['object_prefix'] = \
41 | 'dwn_' + ''.join([random.choice(string.ascii_lowercase) for _ in range(4)])
42 | self.write()
43 |
44 | if 'network_name' not in self.config:
45 | self.config['network_name'] = 'dwn'
46 | self.write()
47 |
48 | if 'network_container_name' not in self.config:
49 | self.config['network_container_name'] = 'dwn-network:local'
50 | self.write()
51 |
52 | def write(self):
53 | """
54 | Writes the current config option to disk.
55 | """
56 |
57 | with CONFIG_PATH.open(mode='w') as f:
58 | f.write(yaml.dump(self.config))
59 |
60 | def object_name(self, p: str):
61 | return f'{self.object_prefix()}_{p}'
62 |
63 | def object_prefix(self):
64 | return self.config['object_prefix']
65 |
66 | def net_name(self):
67 | return self.config['network_name']
68 |
69 | def net_container_name(self):
70 | return self.config['network_container_name']
71 |
72 |
73 | class Console(object):
74 | """
75 | Console is a wrapper around the Rich Console object to
76 | provide some simple convenience methods
77 | """
78 |
79 | rich: RichConsole
80 | debug_enabled: bool
81 |
82 | def __init__(self):
83 | self.rich = RichConsole()
84 | self.debug_enabled = False
85 |
86 | def info(self, m: str):
87 | self.rich.print(f'(i) {m}')
88 |
89 | def warn(self, m: str):
90 | self.rich.print(f'(w) [yellow]{m}[/]')
91 |
92 | def error(self, m: str):
93 | self.rich.print(f'(e) [red]{m}[/]')
94 |
95 | def debug(self, m: str):
96 | if not self.debug_enabled:
97 | return
98 |
99 | # context!
100 | frame = inspect.currentframe().f_back
101 | func = frame.f_code
102 | module = inspect.getmodule(frame).__name__
103 |
104 | self.rich.print(f'(d) [dim]{module}.{func.co_name}:{frame.f_lineno} - {m}[/]')
105 |
106 | def __getattr__(self, item):
107 | return getattr(self.rich, item)
108 |
109 |
110 | config = Config()
111 | console = Console()
112 |
--------------------------------------------------------------------------------
/dwn/plan.py:
--------------------------------------------------------------------------------
1 | from io import BytesIO
2 | from pathlib import Path
3 | from typing import Union, Set, List, Dict, Any
4 |
5 | import docker
6 | import yaml
7 | from docker import DockerClient, models
8 | from docker.errors import NotFound, ImageNotFound
9 |
10 | from dwn.config import config, console, \
11 | USER_PLAN_DIRECTORY, DIST_PLAN_DIRECTORY, NETWORK_CONTAINER_PATH
12 |
13 |
14 | class Plan:
15 | """
16 | A Plan is a tool plan
17 | """
18 |
19 | plan_path: Path
20 | required_keys: Set[str]
21 | valid: bool
22 | name: str
23 | dockerfile: str
24 | volumes: Dict[Any, Any]
25 | ports: Union[Dict[int, int]]
26 | exposed_ports: List[Any]
27 | environment: List[str]
28 | detach: bool
29 | tty: bool
30 | image: str
31 | version: str
32 | command: Union[str, list]
33 | container: 'Container'
34 |
35 | def __init__(self, p: Path):
36 | self.plan_path = p
37 | self.name = ''
38 | self.image = ''
39 | self.dockerfile = ''
40 | self.command = ''
41 | self.volumes = {}
42 | self.ports = {}
43 | self.exposed_ports = []
44 | self.environment = []
45 | self.detach = False
46 | self.tty = False
47 | self.version = 'latest'
48 |
49 | self.container = Container(self)
50 | self.valid = True
51 |
52 | self.required_keys = {'name', 'image'}
53 |
54 | def has_required_keys(self, d: dict) -> bool:
55 | """
56 | Check that d has all of the keys needed to be able to
57 | start up a plan.
58 |
59 | :param d:
60 | :return:
61 | """
62 |
63 | return self.required_keys.issubset(d)
64 |
65 | def from_dict(self, d: dict):
66 | """
67 | Populate properties for this plan, sourced from a dict which will
68 | be sourced from the plan yaml.
69 |
70 | Many of these will end up in docker.client.containers.run(), meaning
71 | that even if we dont explicitly validate/expect an option, one can
72 | still add arbitrary options to a container from a plan.
73 |
74 | ref: https://docker-py.readthedocs.io/en/stable/containers.html#docker.models.containers.ContainerCollection.run
75 |
76 | :param d:
77 | :return:
78 | """
79 |
80 | # warn if a plan appears to be invalid
81 | if not self.has_required_keys(d):
82 | console.warn(f'incomplete plan format for [bold]{self.plan_path}[/]')
83 | self.valid = False
84 |
85 | for k, v in d.items():
86 | setattr(self, k, v) if k in dir(self) else None
87 |
88 | self.validate_volumes()
89 | self.populate_ports()
90 | self.check_host_ports()
91 |
92 | # once we have validated ports, unset the property.
93 | # we make use of a network proxy container for port mappings.
94 | self.ports = {}
95 |
96 | def validate_volumes(self):
97 | """
98 | Check if the volumes we have are valid.
99 | Additionally, expand stuff like ~
100 | """
101 |
102 | if not bool(self.volumes):
103 | return
104 |
105 | for v in list(self.volumes):
106 | console.debug(f'processing plan [cyan]{self.name}[/] volume [bold]{v}[/]')
107 |
108 | if 'bind' not in self.volumes[v]:
109 | console.warn(f'plan [cyan]{self.name}[/] volume [bold]{v}[/] does not have a bind')
110 | self.valid = False
111 | return
112 |
113 | nv = str(Path(v).expanduser().resolve())
114 | console.debug(f'normalised plan [cyan]{self.name}[/] host volume [bold]{v}[/] is [bold]{nv}[/]')
115 | self.volumes[nv] = self.volumes.pop(v)
116 |
117 | def populate_ports(self):
118 | """
119 | Translates the ports property to a list of
120 | tuples in the exposed_ports property.
121 | """
122 |
123 | if not self.ports:
124 | return
125 |
126 | if isinstance(self.ports, int):
127 | console.debug(f'adding plan [cyan]{self.name}[/] port map for single '
128 | f'port: [bold]{self.ports}<-{self.ports}[/]')
129 | self.exposed_ports.append((self.ports, self.ports))
130 | return
131 |
132 | if isinstance(self.ports, dict):
133 | for inside, outside in self.ports.items():
134 | console.debug(f'adding plan [cyan]{self.name}[/] port map for port '
135 | f'pair [bold]{inside}<-{outside}[/]')
136 | self.exposed_ports.append((inside, outside))
137 | return
138 |
139 | # if we got a list, recursively validate & map
140 | if isinstance(self.ports, list):
141 | console.debug(f'processing plan [cyan]{self.name}[/] port map list '
142 | f'({self.ports}) recursively')
143 | o = self.ports
144 | for mapping in o:
145 | self.ports = mapping
146 | self.populate_ports()
147 |
148 | def check_host_ports(self):
149 | """
150 | Check that a plan is not trying to expose the same port
151 | more than once.
152 | """
153 |
154 | h = []
155 |
156 | for p in self.exposed_ports:
157 | inside, outside = p
158 | if outside in h:
159 | console.warn(f'plan [cyan]{self.name}[/] is trying to expose host '
160 | f'port [bold]{outside}[/ more than once')
161 | self.valid = False
162 | h.append(outside)
163 |
164 | def has_dockerfile(self) -> bool:
165 | """
166 | Check if the plan has a valid dockerfile key.
167 |
168 | This would indicate that the plan needs to be built
169 | using that and not using a prebuilt image.
170 | """
171 |
172 | if len(self.dockerfile) <= 0:
173 | return False
174 |
175 | # silly sanity check
176 | if 'FROM' not in self.dockerfile.upper():
177 | console.warn(f'dockerfile key invalid for plan [cyan]{self.name}[/]')
178 | return False
179 |
180 | return True
181 |
182 | def add_commands(self, c: Union[str, list]):
183 | """
184 | Adds a command to the plan
185 |
186 | :param c:
187 | :return:
188 | """
189 |
190 | console.debug(f'adding commands {c} to plan {self.name}')
191 | self.command = self.command + ' ' + ' '.join(c)
192 |
193 | def image_version(self) -> str:
194 | """
195 | Return the image:version of a plan
196 |
197 | If the plan has an inline dockerfile, override the version to
198 | dwnlocal
199 | """
200 |
201 | return f'{self.image}:{"dwnlocal" if self.has_dockerfile() else self.version}'
202 |
203 | def run_options(self) -> dict:
204 | """
205 | Returns the **kwargs used in docker.client.containers.run()
206 | """
207 |
208 | return {
209 | 'name': self.name,
210 | 'stdout': True,
211 | 'stderr': True,
212 | 'command': self.command,
213 | 'remove': True,
214 | 'volumes': self.volumes,
215 | 'ports': self.ports,
216 | 'tty': self.tty,
217 | 'stdin_open': self.tty if self.tty else False,
218 | 'environment': self.environment,
219 | 'detach': True # it's up to the caller to re-attach after launch for logs
220 | }
221 |
222 | def __repr__(self):
223 | return f'name={self.name} image={self.image} version={self.version} valid={self.valid}'
224 |
225 |
226 | class Container(object):
227 | """
228 | Container is a Plan's container helper
229 | """
230 |
231 | plan: Plan
232 | client: Union[DockerClient, None]
233 |
234 | def __init__(self, plan):
235 | self.plan = plan
236 | self.client = None
237 |
238 | def get_client(self):
239 | """
240 | Get a fresh docker client, if needed.
241 | """
242 |
243 | if not self.client:
244 | self.client = docker.from_env()
245 |
246 | return self.client
247 |
248 | def get_container_name(self):
249 | """
250 | Returns a well formatted object name
251 | """
252 |
253 | return config.object_name(self.plan.name)
254 |
255 | def get_net_container_name(self):
256 | """
257 | Returns a well formatted net object name
258 | """
259 |
260 | return f'{config.object_name(self.plan.name)}_net_'
261 |
262 | def get_net_container_name_with_ports(self, outside: int, inside: int):
263 | """
264 | Returns a well formatted net object name with ports
265 | """
266 |
267 | return f'{self.get_net_container_name()}{outside}_{inside}'
268 |
269 | def _ensure_net_exists(self):
270 | """
271 | Ensures that the network image and docker network exists.
272 | """
273 |
274 | try:
275 | self.get_client().images.get(config.net_container_name())
276 | self.get_client().networks.get(config.net_name())
277 | except ImageNotFound as _:
278 | console.info(f'network image [bold]{config.net_container_name()}[/] does not exist, quickly building it')
279 | _, logs = self.get_client().images.build(
280 | path=str(NETWORK_CONTAINER_PATH), pull=True, tag=config.net_container_name(), rm=True, forcerm=True)
281 |
282 | for log in logs:
283 | console.debug(log)
284 |
285 | console.info(f'network image [bold]{config.net_container_name()}[/] built')
286 | self._ensure_net_exists()
287 |
288 | except NotFound as _:
289 | console.info(f'docker network [bold]{config.net_name()}[/] does not exist, creating it')
290 | self.get_client().networks.create(name=config.net_name(), check_duplicate=True)
291 | self._ensure_net_exists()
292 |
293 | def _ensure_image_exists(self):
294 | """
295 | Ensures that an image exists if a plan has an inline
296 | dockerfile.
297 | """
298 |
299 | # if the plan does not have an inline dockerfile, then we can rely on
300 | # the call to run() later to pull the image instead.
301 | if not self.plan.has_dockerfile():
302 | return
303 |
304 | console.debug(f'checking if {self.plan.image_version()} is available')
305 |
306 | try:
307 | self.get_client().images.get(self.plan.image_version())
308 | except ImageNotFound as _:
309 | console.warn(f'image for plan [cyan]{self.plan.name}[/] does not exist, quickly building it')
310 |
311 | dockerfile = BytesIO(self.plan.dockerfile.encode('utf-8'))
312 | console.debug(f'building dockerfile:\n{self.plan.dockerfile}')
313 |
314 | _, logs = self.get_client().images.build(
315 | fileobj=dockerfile, pull=True, tag=self.plan.image_version(), rm=True, forcerm=True)
316 |
317 | for log in logs:
318 | console.debug(log)
319 |
320 | console.info(f'container for [bold]{self.plan.image_version()}[/] built')
321 | self._ensure_net_exists()
322 |
323 | def containers(self) -> list:
324 | """
325 | Returns containers relevant to this plan.
326 | """
327 |
328 | c = []
329 |
330 | for container in self.get_client().containers.list():
331 | if not container.name == self.get_container_name():
332 | if not container.name.startswith(self.get_net_container_name()):
333 | continue
334 |
335 | c.append(container)
336 |
337 | return c
338 |
339 | def ports(self) -> list:
340 | """
341 | Get's the live port mapping for a plan. This is done
342 | by parsing the container names for the plan and extracting
343 | it from that.
344 | """
345 |
346 | p = []
347 | for container in self.containers():
348 | if '_net_' not in container.name:
349 | continue
350 |
351 | candidate = container.name.split('_')
352 | port_map = candidate[-2:]
353 |
354 | if not len(port_map) == 2:
355 | continue
356 |
357 | outside, inside = port_map[0], port_map[1]
358 | p.append((outside, inside))
359 |
360 | return p
361 |
362 | def run(self) -> models.containers.Container:
363 | """
364 | Run the containers for a plan
365 | """
366 |
367 | self._ensure_net_exists()
368 | self._ensure_image_exists() # inline dockerfiles
369 | console.debug(f'starting service container [bold]{self.get_container_name()}[/]'
370 | f' for plan [bold]{self.plan.name}[/]')
371 |
372 | opts = self.plan.run_options()
373 | opts['name'] = self.get_container_name()
374 |
375 | console.debug(f'using image tag [bold]{self.plan.image_version()}[/] for plan')
376 |
377 | container = self.get_client(). \
378 | containers.run(self.plan.image_version(), network=config.net_name(), **opts)
379 |
380 | if not self.plan.exposed_ports:
381 | return container
382 |
383 | for port_map in self.plan.exposed_ports:
384 | inside, outside = port_map[0], port_map[1]
385 | self.run_net(outside, inside)
386 |
387 | return container
388 |
389 | def run_net(self, outside: int, inside: int):
390 | """
391 | Run a network container for a plan
392 | """
393 |
394 | self._ensure_net_exists()
395 |
396 | console.debug(f'starting network proxy [green]{inside}[/]<-{self.get_container_name()}<-'
397 | f'[red]{outside}[/] for plan [bold]{self.plan.name}[/]')
398 |
399 | self.get_client(). \
400 | containers.run(config.net_container_name(), detach=True,
401 | environment={
402 | 'REMOTE_HOST': self.get_container_name(),
403 | 'REMOTE_PORT': inside, 'LOCAL_PORT': outside,
404 | }, stderr=True, stdout=True, remove=True,
405 | network=config.net_name(), ports={outside: outside},
406 | name=self.get_net_container_name_with_ports(outside, inside))
407 |
408 | def stop(self):
409 | """
410 | Stops containers
411 | """
412 |
413 | for container in self.containers():
414 | console.debug(f'stopping container [bold]{container.name}[/] for plan [cyan]{self.plan.name}[/]')
415 | try:
416 | container.stop()
417 | except NotFound as _:
418 | # if the container is not found, it may already be gone (exited?)
419 | pass
420 | except Exception as e:
421 | console.warn(f'failed to stop container with error [dim]{type(e)}[/]: [bold]{e}[/]')
422 |
423 | def stop_net(self, outside: int, inside: int):
424 | """
425 | Stops a specific network container
426 | """
427 |
428 | for container in self.containers():
429 | if container.name == self.get_net_container_name_with_ports(outside, inside):
430 | console.info(f'stopping network container for [green]{inside}[/]<-[red]{outside}[/]')
431 | container.stop()
432 |
433 |
434 | class Loader(object):
435 | """
436 | Loader handles plan loading and record keeping of valid plans
437 | """
438 |
439 | plans: List[Plan]
440 |
441 | def __init__(self):
442 | self.plans = []
443 |
444 | self.load_dist_plans()
445 | self.load_user_plans()
446 |
447 | def load_dist_plans(self):
448 | """
449 | Load .yml files from the plans/ directory
450 |
451 | """
452 |
453 | for p in DIST_PLAN_DIRECTORY.glob('**/*.yml'):
454 | console.debug(f'processing dist plan [bold]{p}[/]')
455 |
456 | with p.open() as f:
457 | d = yaml.load(f, Loader=yaml.SafeLoader)
458 |
459 | p = Plan(p)
460 | p.from_dict(d)
461 |
462 | self.plans.append(p)
463 |
464 | def load_user_plans(self):
465 | """
466 | Load .yml files from the ~/.dwn/plans directory
467 |
468 | :return:
469 | """
470 |
471 | for p in USER_PLAN_DIRECTORY.glob('**/*.yml'):
472 | console.debug(f'processing plan [bold]{p}[/]')
473 |
474 | with p.open() as f:
475 | d = yaml.load(f, Loader=yaml.SafeLoader)
476 |
477 | if not d:
478 | continue
479 |
480 | if self.get_plan(d['name'], valid_only=False):
481 | console.debug(f'possible duplicate plan called {d["name"]} from {p}')
482 |
483 | p = Plan(p)
484 | p.from_dict(d)
485 |
486 | self.plans.append(p)
487 |
488 | def valid_plans(self):
489 | """
490 | Returns all valid plans
491 |
492 | :return:
493 | """
494 |
495 | return [p for p in self.plans if p.valid]
496 |
497 | def get_plan(self, name: str, valid_only=True) -> Plan:
498 | """
499 | Get's a plan by name.
500 |
501 | :param name:
502 | :param valid_only:
503 | :return:
504 | """
505 |
506 | for p in self.plans:
507 | if p.name == name:
508 | if not valid_only:
509 | return p
510 |
511 | if p.valid:
512 | return p
513 |
--------------------------------------------------------------------------------
/plans/altdns.yml:
--------------------------------------------------------------------------------
1 | # https://github.com/infosec-au/altdns
2 | ---
3 | name: altdns
4 | image: altdns
5 | dockerfile: |
6 | FROM python:2-alpine
7 |
8 | RUN pip install py-altdns && mkdir /data
9 |
10 | WORKDIR /data
11 |
12 | ENTRYPOINT [ "altdns" ]
13 | volumes:
14 | .:
15 | bind: /data
16 |
17 |
--------------------------------------------------------------------------------
/plans/amass.yml:
--------------------------------------------------------------------------------
1 | name: amass
2 | image: caffix/amass
3 | volumes:
4 | ./amass:
5 | bind: /.config/amass
6 |
7 |
--------------------------------------------------------------------------------
/plans/arjun.yml:
--------------------------------------------------------------------------------
1 | name: arjun
2 | image: arjun
3 | dockerfile: |
4 | FROM python:3-alpine
5 |
6 | RUN apk add --no-cache git && \
7 | git clone https://github.com/s0md3v/Arjun.git && \
8 | cd Arjun && \
9 | python3 setup.py install && \
10 | mkdir /data
11 |
12 | WORKDIR /data
13 |
14 | ENTRYPOINT [ "arjun" ]
15 | volumes:
16 | .:
17 | bind: /data
18 |
19 |
--------------------------------------------------------------------------------
/plans/binwalk.yml:
--------------------------------------------------------------------------------
1 | name: binwalk
2 | image: binwalk
3 | dockerfile: |
4 | FROM alpine
5 |
6 | RUN apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing binwalk && \
7 | mkdir -p /binwalk
8 |
9 | VOLUME /binwalk
10 | WORKDIR /binwalk
11 |
12 | ENTRYPOINT ["binwalk"]
13 | volumes:
14 | .:
15 | bind: /binwalk
16 |
17 |
--------------------------------------------------------------------------------
/plans/cewl.yml:
--------------------------------------------------------------------------------
1 | # dockerfile adapted from: https://github.com/digininja/CeWL/blob/master/Dockerfile
2 | ---
3 |
4 | name: cewl
5 | image: cewl
6 | dockerfile: |
7 | FROM ruby:2.5-alpine
8 |
9 | ENV RUBYOPT "rubygems"
10 |
11 | RUN set -ex \
12 | && apk add --no-cache --virtual .build-deps build-base git
13 |
14 | RUN git clone https://github.com/digininja/CeWL /usr/src/CeWL \
15 | && cd /usr/src/CeWL \
16 | && gem install bundler \
17 | && bundle install \
18 | && apk del .build-deps
19 |
20 | WORKDIR /host
21 | ENTRYPOINT ["/usr/src/CeWL/cewl.rb"]
22 | volumes:
23 | .:
24 | bind: /host
25 |
26 |
--------------------------------------------------------------------------------
/plans/chisel.yml:
--------------------------------------------------------------------------------
1 | name: chisel
2 | image: jpillora/chisel
3 | volumes:
4 | .:
5 | bind: /data
6 | ports:
7 | - 8080: 8080
8 |
9 |
--------------------------------------------------------------------------------
/plans/cme.yml:
--------------------------------------------------------------------------------
1 | name: cme
2 | image: byt3bl33d3r/crackmapexec
3 | volumes:
4 | cme:
5 | bind: /root/.cme
6 |
--------------------------------------------------------------------------------
/plans/commix.yml:
--------------------------------------------------------------------------------
1 | name: commix
2 | image: commix
3 | dockerfile: |
4 | FROM python:3-alpine
5 |
6 | ENV VERSION v3.1
7 |
8 | RUN apk add --no-cache git && \
9 | cd /usr/src
10 |
11 | RUN git clone https://github.com/commixproject/commix && \
12 | cd commix && \
13 | git checkout $VERSION && \
14 | python setup.py install && \
15 | rm -Rf /usr/src/commix
16 |
17 | ENTRYPOINT [ "commix" ]
18 |
19 |
--------------------------------------------------------------------------------
/plans/dnsgen.yml:
--------------------------------------------------------------------------------
1 | name: dnsgen
2 | image: dnsgen
3 | dockerfile: |
4 | FROM python:3-alpine
5 |
6 | RUN pip3 install dnsgen && \
7 | mkdir /data
8 |
9 | WORKDIR /data
10 |
11 | ENTRYPOINT [ "dnsgen" ]
12 | volumes:
13 | .:
14 | bind: /data
15 |
16 |
--------------------------------------------------------------------------------
/plans/empire.yml:
--------------------------------------------------------------------------------
1 | name: empire
2 | image: bcsecurity/empire
3 | tty: true
4 | ports:
5 | - 1337
6 |
--------------------------------------------------------------------------------
/plans/ffuf.yml:
--------------------------------------------------------------------------------
1 | name: ffuf
2 | image: ffuf
3 | dockerfile: |
4 | FROM golang:1-alpine
5 |
6 | RUN apk --no-cache add git && \
7 | go get github.com/ffuf/ffuf && \
8 | mkdir -p /data
9 |
10 | ENV PATH="/go/bin:${PATH}"
11 |
12 | WORKDIR /data
13 | VOLUME /data
14 |
15 | ENTRYPOINT [ "ffuf" ]
16 | detach: false
17 | volumes:
18 | .:
19 | bind: /data
20 |
--------------------------------------------------------------------------------
/plans/gau.yml:
--------------------------------------------------------------------------------
1 | name: gau
2 | image: gau
3 | dockerfile: |
4 | FROM golang:1-alpine
5 |
6 | RUN apk --no-cache add git && \
7 | go get github.com/lc/gau && \
8 | mkdir -p /data
9 |
10 | ENV PATH="/go/bin:${PATH}"
11 |
12 | WORKDIR /data
13 | VOLUME /data
14 |
15 | ENTRYPOINT [ "gau" ]
16 | detach: false
17 | volumes:
18 | .:
19 | bind: /data
20 |
--------------------------------------------------------------------------------
/plans/gobuster.yml:
--------------------------------------------------------------------------------
1 | name: gobuster
2 | image: gobuster
3 | dockerfile: |
4 | FROM golang:1-alpine
5 | RUN apk --no-cache add git && \
6 | mkdir -p /data && \
7 | go get github.com/OJ/gobuster
8 |
9 | ENV PATH="/go/bin:${PATH}"
10 |
11 | WORKDIR /data
12 | VOLUME /data
13 |
14 | ENTRYPOINT [ "gobuster" ]
15 | detach: false
16 | volumes:
17 | .:
18 | bind: /data
19 |
--------------------------------------------------------------------------------
/plans/gowitness-report.yml:
--------------------------------------------------------------------------------
1 | name: gowitness-report
2 | image: leonjza/gowitness
3 | detach: true
4 | command: gowitness report serve -a 0.0.0.0:7171
5 | volumes:
6 | .:
7 | bind: /data
8 | ports:
9 | 7171
10 |
--------------------------------------------------------------------------------
/plans/gowitness.yml:
--------------------------------------------------------------------------------
1 | name: gowitness
2 | image: leonjza/gowitness
3 | command: gowitness
4 | volumes:
5 | .:
6 | bind: /data
7 |
--------------------------------------------------------------------------------
/plans/impacket.yml:
--------------------------------------------------------------------------------
1 | name: impacket
2 | image: impacket
3 | # https://github.com/SecureAuthCorp/impacket/blob/master/Dockerfile
4 | dockerfile: |
5 | FROM python:2-alpine as compile
6 | WORKDIR /opt
7 | RUN apk add --no-cache git gcc openssl-dev libffi-dev musl-dev
8 | RUN pip install virtualenv
9 | RUN virtualenv -p python venv
10 | ENV PATH="/opt/venv/bin:$PATH"
11 | RUN git clone --depth 1 https://github.com/SecureAuthCorp/impacket.git
12 | RUN pip install impacket/
13 |
14 | FROM python:2-alpine
15 | COPY --from=compile /opt/venv /opt/venv
16 | ENV PATH="/opt/venv/bin:$PATH"
17 |
18 |
--------------------------------------------------------------------------------
/plans/metasploit.yml:
--------------------------------------------------------------------------------
1 | name: metasploit
2 | image: metasploitframework/metasploit-framework
3 | tty: true
4 | volumes:
5 | .:
6 | bind: /data
7 | ports:
8 | - 4444
9 |
--------------------------------------------------------------------------------
/plans/netcat-reverse.yml:
--------------------------------------------------------------------------------
1 | name: netcat-reverse
2 | image: alpine
3 | tty: true
4 | command: /usr/bin/nc -lvkp 4444
5 | ports:
6 | 4444: 4444
7 |
--------------------------------------------------------------------------------
/plans/nginx.yml:
--------------------------------------------------------------------------------
1 | name: nginx
2 | image: nginx
3 | detach: true
4 | volumes:
5 | .:
6 | bind: /usr/share/nginx/html
7 | ports:
8 | - 80: 8888
9 |
--------------------------------------------------------------------------------
/plans/searchsploit.yml:
--------------------------------------------------------------------------------
1 | name: searchsploit
2 | image: searchsploit
3 | dockerfile: |
4 | FROM alpine
5 |
6 | RUN apk add --no-cache git bash ncurses file
7 |
8 | RUN git clone --depth 1 https://github.com/offensive-security/exploitdb.git /exploitdb && \
9 | sed 's|path_array+=(.*)|path_array+=("/exploitdb")|g' /exploitdb/.searchsploit_rc > ~/.searchsploit_rc
10 |
11 | ENV PATH="${PATH}:/exploitdb"
12 | ENV TERM=xterm
13 |
14 | ENTRYPOINT [ "searchsploit" ]
15 |
--------------------------------------------------------------------------------
/plans/semgrep-sec.yml:
--------------------------------------------------------------------------------
1 | name: semgrep-sec
2 | image: returntocorp/semgrep
3 | command: --config=p/r2c-security-audit
4 | volumes:
5 | .:
6 | bind: /src
7 |
--------------------------------------------------------------------------------
/plans/sqlmap.yml:
--------------------------------------------------------------------------------
1 | name: sqlmap
2 | image: googlesky/sqlmap
3 | version: latest
4 | volumes:
5 | sqlmap:
6 | bind: /root/.sqlmap
7 |
--------------------------------------------------------------------------------
/plans/wpscan.yml:
--------------------------------------------------------------------------------
1 | name: wpscan
2 | image: wpscanteam/wpscan
3 | version: latest
4 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | click~=7.1
2 | docker~=4.4
3 | pyyaml~=5.4
4 | icecream~=2.1
5 | rich~=9.10
6 |
--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 | from setuptools import setup, find_packages
4 |
5 | from dwn import __version__
6 |
7 |
8 | def _package_files(directory: str, suffix: str = None) -> list:
9 | """
10 | Get all of the file paths in the directory specified by suffix.
11 | :param directory:
12 | :return:
13 | """
14 |
15 | paths = []
16 |
17 | for (path, directories, filenames) in os.walk(directory):
18 | for filename in filenames:
19 | if suffix is not None:
20 | if filename.endswith(suffix):
21 | paths.append(os.path.join('..', path, filename))
22 | else:
23 | paths.append(os.path.join('..', path, filename))
24 |
25 | return paths
26 |
27 |
28 | # here - where we are.
29 | here = os.path.abspath(os.path.dirname(__file__))
30 |
31 | # read the package requirements for install_requires
32 | with open(os.path.join(here, 'requirements.txt'), 'r') as f:
33 | requirements = f.readlines()
34 |
35 | # setup!
36 | setup(
37 | name='dwn',
38 |
39 | author='Leon Jacobs',
40 | author_email='leon@sensepost.com',
41 |
42 | description='dwn, a docker pwn tool manager',
43 | license='GPL v3',
44 | packages=find_packages(),
45 | install_requires=requirements,
46 | python_requires='>=3.8',
47 |
48 | url='https://github.com/sensepost/dwn',
49 | download_url='https://github.com/sensepost/dwn/archive/' + __version__ + '.tar.gz',
50 |
51 | keywords=['docker', 'tool', 'pentest', 'framework'],
52 | version=__version__,
53 |
54 | # include other files
55 | package_data={
56 | '': _package_files(os.path.join(here, 'dwn/assets')) +
57 | _package_files(os.path.join(here, 'plans/'))
58 | },
59 |
60 | classifiers=[
61 | 'Operating System :: OS Independent',
62 | 'Natural Language :: English',
63 | 'Programming Language :: Python :: 3 :: Only',
64 | ],
65 | entry_points={
66 | 'console_scripts': [
67 | 'dwn = dwn.cli.cli:cli',
68 | ],
69 | },
70 | )
71 |
--------------------------------------------------------------------------------