We all know that with the arrival of docker it is no longer necessary to use a virtual machine for some things due to the ease and speed that docker offers. In this publication we will see some basic concepts and the way of use.
Doker is designed for the world of software developers, so you can create an application that can run on any operating system and in addition to that it facilitates the deployment of it.
- Docker installation for windows
- Docker installation for linux
Simple use example:
$ sudo docker pull hello-world
$ sudo docker images hello-world
$ sudo docker run hello-world
As everything is learned with practice then let’s start with a simple ubuntu Linux image.
In this link https://hub.docker.com/ you can find many popular images among those of Linux ubuntu that will be the one we will work with.
After performing a correct docker installation, we open a terminal and type the following command.
$ sudo docker pull ubuntu
$ sudo docker run --name infosecaddicts -it ubuntu
Right now we have our ubuntu linux image running ready to do any kind of tests
We can install any tools such as nmap and use it without any problem.
In the following you can find many interesting images https://hub.docker.com/, I will list some interesting ones that we will be seeing further.
Docker Images for Penetration Testing & Security
docker pull kalilinux/kali-linux-docker official Kali Linux
docker pull owasp/zap2docker-stable – official OWASP ZAP
docker pull wpscanteam/wpscan – official WPScan
docker pull pandrew/metasploit – docker-metasploit
docker pull citizenstig/dvwa – Damn Vulnerable Web Application (DVWA)
docker pull wpscanteam/vulnerablewordpress – Vulnerable WordPress Installation
docker pull hmlio/vaas-cve-2014-6271 – Vulnerability as a service: Shellshock
docker pull hmlio/vaas-cve-2014-0160 – Vulnerability as a service: Heartbleed
docker pull opendns/security-ninjas – Security Ninjas
docker pull usertaken/archlinux-pentest-lxde – Arch Linux Penetration Tester
docker pull diogomonica/docker-bench-security – Docker Bench for Security
docker pull ismisepaul/securityshepherd – OWASP Security Shepherd
docker pull danmx/docker-owasp-webgoat – OWASP WebGoat Project docker image
docker-compose build && docker-compose up – OWASP NodeGoat
docker pull citizenstig/nowasp – OWASP Mutillidae II Web Pen-Test Practice Application
docker pull bkimminich/juice-shop – OWASP Juice Shop