dockernymous: create a whonix like gateway/workstation environment
Dockernymous is a start script for Docker that runs and configures two individual Linux containers in order act as an anonymization workstation-gateway set up. It’s aimed towards experienced Linux/Docker users, security professionals, and penetration testers!
The gateway container acts as an Anonymizing Middlebox (see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy) and routes ALL traffic from the workstation container through the Tor Network.
The idea was to create a whonix-like setup (see https://www.whonix.org) that runs on systems which aren’t able to efficiently run two hardware virtualized machines or don’t have virtualization capacities at all.
Warning: Dockernymous is in a very early stage of development. Only use it for educational purposes. DON’T use it if you rely on strong anonymity!
I completely changed the overall function logic of the script hence there are improvements in usability and stability. The look of the menu was improved.
These NEW functions were added:
- Option to keep the containers running and restore them later: You now have the choice to keep the containers running on exiting. This, of course, will speed up the start time of the whole script. For privacy reasons I keep the containers “self-destroyable”, so if you manually stop them or reboot your system they are gone nevertheless.
- (Re)start TOR from the menu
- Stop TOR from the menu
To clone the dockernymous repository type:
git clone https://github.com/bcapptain/dockernymous.git
Dockernymous needs an up and running Docker environment and a non-default docker network. Let’s create one:
docker network create --driver=bridge --subnet=192.168.0.0/24 docker_internal
2. Gateway (Alpine):
Get a lightweight gateway Image! For example Alpine:
docker pull alpine
Run the image, update the package list, install iptables & tor:
docker run -it alpine /bin/sh apk add --update tor iptables iproute2 exit
Feel free to further customize the gateway for your needs before you exit.
To make this permanent you have to create a new image from the gateway container we just set up. Each time you run dockernymous a new container is created from that image and disposed on exit:
docker commit [Container ID] my_gateway
Get the container ID by running:
docker ps -a
3. Workstation (Kali Linux):
Get an image for the Workstation. For example, Kali Linux for penetration testing:
docker pull kalilinux/kali-linux-docker
Update and install the tools you would like to use (see https://www.kali.org/news/kali-linux-metapackages/).
docker run -it kalilinux/kali-linux-docker /bin/bash apt-get update apt-get dist-upgrade apt install kali-linux-top10
Make sure the tightvncserver and curl packages are installed which is the case with most Kali metapackages.
apt-get install tightvncserver apt-get install curl
Install xfce4 for a minimal graphical Desktop:
$ apt-get install xfce4 $ apt-get clean $ exit
As with the Gateway, to make this permanent you have to create an image from that customized container. Each time you run dockernymous a new container is created and disposed on exit.
$ docker commit [Container ID] my_workstation
Get the container ID by running:
$ docker ps -a
4. Run dockernymous In case you changed the names for the images to something different (defaults are: “docker_internal” (network), “my_gateway” (gateway), “my_workstation” (you guessed it)) open dockernymous.sh with your favorite editor and update the actual names in the configuration section.
Everything should be set up by now, let’s give it a try! Run Dockernymus (don’t forget to ‘cd’ into the cloned folder):
or mark it executable once:
chmod +x dockernymous.sh
and always run it with: