Docker for pentest
Docker for pentest is an image with the more used tools to create a pentest environment easily and quickly.
Features
- OS, networking, developing and pentesting tools installed.
- Connection to HTB (Hack the Box) vpn to access HTB machines.
- Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou.
- Proxy service to send traffic from any browsers and burp suite installed in your local directory.
- Exploit database installed.
- Tool for cracking a password.
- Linux enumeration tools installed.
- Tools installed to discovery services running.
- Tools installed to directory fuzzing.
- Monitor for Linux processes without root permissions
- Zsh shell installed.
Tools installed
Operative system tools
- rdate
- vim
- zsh
- oh-my-zsh
- locate
- cifs-utils
- htop
- gotop
Network tools
- traceroute
- telnet
- net-tools
- iputils-ping
- tcpdump
- openvpn
- whois
- host
- prips
- dig
Developer tools
- git
- curl
- wget
- ruby
- go
- python
- python-pip
- python3
- python3-pip
- php
- aws-cli
- tojson
- nodejs
🔪 Pentest tools
Port scanning
🔍 Recon
- Subdomains
- Subdomain takeover
- DNS Lookups
- 📷 Screenshot
- 🕸️ Crawler
- 📁 Search directories
- Fuzzer
- Web Scanning
- CMS
- Search JS
Wordlist
Git repositories
OWASP
Brute force
Cracking
OS Enumeration
- htbenum
- linux-smart-enumeration
- linenum
- enum4linux
- ldapdomaindump
- PEASS – Privilege Escalation Awesome Scripts SUITE
- Windows Exploit Suggester – Next Generation
- smbmap
- pspy – unprivileged Linux process snooping
- smbclient
- ftp
Exploits
Windows
- evil-winrm
- impacket
- CrackMapExec
- Nishang
- Juicy Potato
- PowerSploit
- pass-the-hash
- mimikatz
- gpp-decrypt
Reverse shell
Other resources
- pentest-tools from @gwen001
- qsreplace from @tomnomnom
Custom functions
- NmapExtractPorts from @s4vitar
Other services
- apache2
- squid
Changelog v0.3.3
- feat: dd enum4linx-ng
- feat: update enum4linux github repo.
- feat: add sqlite3.
- feat: upgrade pip for python3.
