The write-up for this video can be found on our blog at: hsploit.com/docker-for-penetration-testing/

For docker pentesting image, I recommend *parrotsec/security:latest* docker image. It comes with most of the mainstream pentesting tools, unlike Kali docker image. Parrot docker image even comes with metasploit and postgresql. The image size is 4.7GB which is the only downside. Here's a short guide: docker image pull parrotsec/security:latest docker run --rm -ti --network host parrotsec/security # now you are inside the running container, notice the usual parrot security PS1 prompt? # to run metasploit... /etc/init.d/postgresql start msfdb init msfconsole # you get the msf console now!

Thanks for sharing the details. This is one of the rare video for people like us. I will surely use your docker image. Keep posting 🙂

Love this. I have used docker for software defined radio tools before personally, the juice-shop image looks sweet. FYI you can mount the X11 socket and get native GUI tools from your container working on X compatible hosts without using SSH.

Awesome video! Glad others are pushing docker for pen-testing. Containers are the way to go for throw away environments.

Thank You!!! I added fish and oh-my-fish to my docker container! Your Awesome and god bless you! 😉

Great video. Thanks for sharing.. My 2 cents.. Its a little easier when you think the docker image as a class and the container as an instantiated object of the class

I really wanted a pentesting with docker video... Thanks a lot man 🤘

Great set of videos and pleasure to follow along. Many thanks!

First off, thanks for making such awesome content for everyone! This channel really seems to have a lot of amazing topics 🙂 So, while I concede that this video was made over a year ago now, I think your comment about "the only thing they are packaging is the repositories" is kind of missing the point about why people use container in the first place. I will admit I dislike how the kali linux crew package their containers as well, but for different reasons. 1st I don't know how the image size was for the official container was back when you were recording this video, but you were using a deprecated image in the first place. They tell you the official image is kalilinux/kali-rolling at the top of the image's readme/overview section. So, that might be why the image was so big in the first place or why it wasn't as optimized ( I can't say this with certainty, but it is a potential ). I would suggest that you use the official image next time instead of one that says deprecated when you make a video about it ( not trying to sound like a jerk, and maybe they deprecated as soon as you went to make the video but just a constructive comment ). 2nd addressing your comment I mentioned above "the only thing they are....", yes you are correct. The docker image they are trying to give you is a minimal image, and it is the same as the official ubuntu, debian, and alpine images in that sense. The point of a container is to have a minimal base image and then everyone can build their own off of that and customize it however they want. Plus it is always easier to add things to a small container compared to trying to rebuild it with their dockerfile and strip things out. Think of it as a building block, and at least they are making one for the community to use compared to not having an official one. Although, I do agree with you though they could offer a better variety of images... which leads me to my 3rd point. while yes I agree they could ( and probably should ) offer a variety of images. and instead of only a latest tag ( & different architecture types ( which are the only options they have while I am writing this comment ) ) they could offer a tag of :latest-top10 ( which could have the top 10 tools installed ) or a :latest-full ( which would have a lot more things installed ). Or even at the bare minimum a versioning of the different kali version ( 2020.1, 2020.2, etc.. ). In the end though I feel I have no right to complain... While yes I would love and hope that they would have all the things I mentioned above, everything ( to my knowledge ) that the kali linux team does is open source. Their gitlab repo is here: gitlab.com/kalilinux their docker image repo is here: gitlab.com/kalilinux/build-scripts/kali-docker . Since I haven't attempted to submit any issues or pull requests I don't feel as though I have a right to complain since I am not contributing to the solution when I do that ( granted that is my opinion, and everyone has different ones ). I do appreciate hearing other peoples view and perceptions of things though, so thank you for explaining your 🙂 So, in conclusion thank you for this awesome video and I hope you make more awesome content! I also hope that my words don't come off as hurtful or mean spirited, because I am simply just trying to add some context/color/information to the situation. I hope you have a great day and keep up the awesome work 😁

All quality content from this channel. Clear explanation.

This video really helped me to decide weather I was going to run a hypervisor OS for my cybersecurity lab. Now I will run Docker on top of a Windows Pro for the machine I am building will help with multiple storage options

Great video. I’m try out docker. Thanks making the bug bounty tool kit.

Really great container image for pentesting great job buddy

Congrats man for an amazing explanation. Is very helpful for me. Please keep it up doing more interesting videos. Thanks a lot.

This is helps out massively, since Kali VMs are so sluggish thanks 🙌

Bro please make a playlist on Prevelage escalation.Also a list of ctfs for oscp preparation

Am new to infosec but Man! you have clearly mapped my way.. Thank you.!

I've been waiting for this!

Nice stuff bro! really love your vids. And you are right about kali-docker. Still have to install the basic tools...... 😱

Man you are the Steven Spielberg of linux thinking ahead , thanks for this i will be using it a lot ,

Great job you really solve lots of issues. I will use it soon.

I knew this video would help me someday, thanks for doing such good content

Parrot OS now has a Docker image that is phenomenal.

I found this channel a couple of days ago and I'm loving it so far! HackerSploit delivers some quality videos for the community. A question regarding using Docker for pentesting: What do you think about using a Debian or Alpine image to run each tool individually? That way, one could have more control over the images' size, faster container startup and maybe do some fancy workflows with Kubernetes orchestration

you just need to run "apt -y install kali-linux-large" once logged in the kali container in order to install the tools

Thank you very much for this!

Thanks a lot for clearly explaining about dockers ✌🏼

Love ur videos always

LOVE YOUR CHANNEL

Great video, Thanks a lot.

Good ! and I like it alot, BTW it will be great if you could include all the OpenSource tools in the Image which are very useful and not installed by default in Kali or Parrot for both Pentesting and BugBounty. And GIT can be used to update them in the image.

Great Bro

Thanks for the video

today I was wondering what docker is and why do I see it in every tool on github. the video has been sent to me from the universe 😂 thank you 👍

Another great tutorial;-)

Awesome 👏🏻

maybe you want to include step 'cleaning the apt cache'. so your image can be smaller. also, is it possible to use alpine os ?

Hi Alex ! First thanx for all videos and very good job . I have one question: How update your docker container hackersploit/bugbountytoolkit ? I have one where are't all tools and in repository github is new one with more tools . Is possible just update or must install again new for new tools ?

absolute legend !

superb

great video m8 ;)

Thank you Sir. I am just a noob. Have been thrashing around with docker and kali-Linux with no success. I thought I was an idiot but you explained why I was failing; NO TOOLS Included. That is like buying a car with no wheels, no engine and no brakes. It is just a shell. Thank for restoring my self belief. I am off to install your bug bounty tools in docker. I am trying to use docker on a disposable cloud machine for maximum anonymity. My thinking is to start an instance or droplet, spin up a Linux machine, run my docker container, do stuff and when done delete...all gone no trace.

Nice Video docker is awesome

Hey dude what distro do you use in this video? btw, great video.

docker is amazing

Great video, can I use docker with say aircraft-ng for WiFi pen ?

what you coudl is, created a shared folder on your network or host machine (sadly woudl have to mount it manually everytime but heh) and have a script in that share to install all your most commonly used tool. Or just make all the install, and do a docker commit, to save a new machine state.

Nice

Please make a video on the How to install "L3mon" in Kali Linux...and use..it practically....,🙏🙏

Can u please upload a video about the hydra ????

But here's the question. Is it more secure than a vm if it's using the kernel of the host? How secure is docker for penetration testing? Thanks!

How to install Kali Linux docker with GUI ? Also will the built-in wifi adapter will be accessible in docker ?

This is great for enumeration and brute-forcing/directory fuzzing, but does docker offer anything more than a VM that would make it worth the time of install? I may be completely wrong and please correct me if I am but I feel like its a whole lot of time and effort for less agility and compatibility than you would get for a VM.

how does this work with looking at vulnerabilities in code? like source code reviews?

I'm completely new to Docker and containerization, so I'm still trying to understand some things. Let's say my host system is Windows and I have Kali installed in a VirtualBox VM. Does that mean that using Docker inside this Kali VM is completely redundant, or pointless? Or is there an actual use case for this type of setup? Second. I noticed Docker in Linux is CLI-based, but in Windows it's a desktop app. What would be the ideal way to use Docker? I have a PC at home with a dual boot Windows/Ubuntu. So I'm trying to figure out if there are any major pros and cons about either method.

How to Persist the data... I mean if I've installed any tools within Docker's linux image... and I exit from that image... How can i use that tools while running same image? Waiting for your response

How about GUI aplications?? can we run within docker??

How can I update the existing tools, and/or add new tools to this container?

Hello sir, Can I ask you a question? my macOS have IP 172.30.20.0/27 that have docker running on. How to setup my Kali that running on Docker get IP 172.30.20.0/27?

I really like docker. I really want to use it but the only thing that keeps me on using it for pentest is the use of gui apps. How would you, for example, use BurpSuite on docker? Thanks.

Can we run gui apps with docker, like dirbuster?

hey can u make a video on andrx its an android pentesting framework

what is image in docker ?

Can I Use proxmox for pentest?

Is there a way to convert it to arm64 version using docker buildx???

when i created a file on the container after restarting the docker the files was not there. How to save files and folder?

why does it only work under windows 10 pro or enterprise?

Hello, bro I wanna try vulnlab inside docker in windows. Do you know how?

how can we exit a started container

how can i open linux ports on the docker?

I need a video about sockets, I tried to make one with python by creating a tcp server and a client but I couldn't connect each other

Is the docker container able to access network interface of the host?

what about opsec?..without it..the docker is no good. for e.g whonix> kali..can that be done?..doesn't look like it.

What is your os on host computer? And which vertion? Please answer

not able to access apache or pythonSimpleHttpServer from the localhost. While doing "ufw allow 'Apache' " its giving error iptables cant be modified. how to achieve this. i want to setup apache to see the screenshot from aquatone on my localhost. any alternative to this(view aquatone ss on localhost), or just a solution to iptables error. please assist.

isn't in working on kali linux?

why did you use ubuntu as base image and not kali ? It would be easy in kali to install something which isn't already there

I have a question

Hurray Docker \^.^/

Bro your system config please

#hackersploitsquad

First

Would you help me

You can easily commit the change you want they provide a barebones so you can start with a clean base container and build from that template don’t understand your issue

Hlo bro

damn 45s late

Please

Sir how to make dangerous virus script Please make a videos

If docker is good then why the hell the kali image is so big.. It's almost the same size as iso file.. How to reduce the size of docker image? Also, the bug bounty toolkit can be installed on windows through docker?

Bro PUBG mobile games how to hack android phone 📱 please help me

it's useful as basic intro for beginners, but claiming it's counter intuitive, or that base images are lacking is ridiculous, you're missing the point of docker. and point of docker is to get your app up and running in a no time, to start your app from clean start every time something hangs or gets bugged, and NOT having huge images with loads of stuff you app won't use all the time. also, docker does NOT save your data, unless you add DATA volume for docker to save data to it... what is wrong with docker images, is that ubuntu images (images containing apt tools, NOT images FOR ubuntu) are actually centos images with apt tools added, and their apt is broken once you start the image, you can only rely on dockerfile to add stuff to them. centos and alpine image are the ones which are functional all the time.

Hello sir docker pull hackersploit/bugbountytoolkit This is not working can you pls help Error Error response from darmon pull access denied from hackersploit