How To

Docker for Pentester: Pentesting Framework

As we all know, now that we live in the world of Virtualization, most of the organizations are completely reliable on virtual services to fulfil their hardware and software requirements, such as cloud and Container. Containers like Docker are also quite famous techniques used by organizations to build a virtual application environment.

Today in this post we are setting up a docker-based Penetration testing environment for the pentesters to make the installation and configuration for various pentesting tools simple and fast.

Table of Content

  • WPScan
  • Sqlmap
  • Dirbuster
  • Nmap
  • Python HTTP Server
  • John the Ripper
  • Metasploit
  • Powershell Empire
  • Impacket

WPScan

Now let’s continue with our first pentest tool which is used to scan the WordPress CMS-designed website known as WPScan. Open the terminal on your local machine and execute the following command as a superuser, it downloads and builds the docker package.

So we have a WordPress pentestlab, you can create your own wordpress pentestlab and learn more from here.

To use the WPScan docker image you just need to run following command and start pentesting your WordPress.

SQLmap

As we have already told you how to develop your own docking penetration assessment platform, this is SQLMAP for SQL injection testing on our website as our next import pentesting tool. Run the next command, which pulls the SQLMAP docker image.

Assuming testpphp.vulnweb.com is the target website I would like to use sqlmap to test SQL Injection for.

For use the SQLMAP docker image only you need to run the following command and start sql injection testing.

Dirbuster

Move to our next pentest tool “Dirbuster”, which digs out the web directories and pages to reveal the sensitive data stored in the web application. Therefore, run the following command to pull the Dirbuster docker image.

To use Dirbuster’s docker image only you need to run the following command and start testing for enumeration of web directories.

Nmap

How can we leave the network scanning’s most effective tool, my favourite NMAP penetration testing tool 😊? So, run the command below without waste of time and follow the steps

Hopefully, you people know about nmap and its command, I’m just showing you how to use nmap docker image for network scanning.

HTTP Python Server

File transfer is another big part of penetration testing and we should not ignore that, so here I’m going to pull the python server docker image for HTTP.

Execute the following command to run the docker image on port 5555

Now open the server IP over port 5555 and start downloading the file 😊.

John the Ripper

Without a password cracking tool, the penetration testing framework would not be considered an ideal pentest system, so by executing the following command I pull the Johntheripper docker file.

Now, if you have a hash file in your machine, then run the following to make use of the docker image for john ripper to crack the password from inside the hash file.

Metasploit

Metasploit is the most relevant and delegated tool for penetration testing. The manual installations of Metasploit often pose problems for a pentester. Run the following command to drag the Metasploit docker image to your local machine.

To run the Metasploit docker file, execute the command given and proceed using the console in Metasploit.

It functions exactly the same as we have Kali Linux as you can see from the picture below.

PowerShell Empire

Last but not least penetration testing tools are PowerShell Empire whose docker image we ‘re going to install, and to do this, just run the command below to pull the docker image out of the docker hub.

To run the Empire docker image to access the console, execute the given command and continue the way you use it.

It functions exactly the same as we have Kali Linux as you can see from the picture below.

Impacket Toolkit

The most important tool for our Red Teamers is the Impacket and how we can neglect this tool in a pentest framework. Therefore, just execute the following without wasting time to pull the impacket docker image.

As you know, there are so many python libraries within the impacket and here we use docker image to illustrate one of those libraries.

Author: Chiragh Arora is a passionate Researcher and Technical Writer at Hacking Articles. He is a hacking enthusiast. Contact here

You Might Also Like