Dr0P - Docker for Pentesting
Owner : Mr. Sup3rN0va | "06-07-2021"
Tags : #docker, #pentest, #mobile, #web, #network, #tool
Table Of Contents
Introduction
"Dr0P"
stands for"Docker for Pentesting"
is a docker image builder for penetration testing- Dockerfile for
"Dr0P"
currently have tools for"Mobile Pentesting"
but we can add more related toNetwork
andWeb
- Current gist includes:
Dockerfile
tools
folder where we need to download latestAndroid Studio
andOWASP ZAP/Burp
. It already has RASEv2 pre-loadedscripts
folder from where all the startup scripts get copied insideDocker
image to ease functionality
Installation
-
Download the repo :
git clone https://github.com/m2sup3rn0va/Dr0P.git
-
Download latest
Android Studio
andOWASP ZAP/Burpsuite
as proxy of your choice. If you are usingZAP
, download the package and not the installer -
Currently
Dockerfile
is configured forZAP
only but you can tweak it as per your requirement -
Make sure that you download and save both
Android Studio
andOWASP ZAP/Burp
intools
folder -
Also, make sure that you have renamed downloaded
Android Studio
asandroid-studio.tar.gz
andZAP
aszap.tar.gz
-
Thus the contents of
tools
folder : -
Now, run :
chmod +x deploy_docker.sh
and./deploy_docker.sh
-
This will install
docker
for you. Once, the script completes, pleaselogoff
andlogin
back and re-run the script -
The script works in two phases:
Phase-1
: Installdocker
and set it for logged in$USER
. It also createsshareDrive
fordocker container
Phase-2
: Buildsdocker
image and createsdocker
container
-
If you want you can save the image locally for future use as :
docker image save <image-id> -o dr0pv1.tar
-
After when you clean the images and docker containers and you want to import back the image you saved locally :
docker load -i dr0pv1.tar
. After that,docker tag <image-id> dr0p:v1
-
Now you can create the container with this image and run it for pentesting
-
Once you are inside the container, the first thing you need to run is :
sudo chown -R user:user /dev/kvm
. Without this you will not be able to runAVD
inside docker. Obviously to run this command successfully, you need to haveVT-x/AMD-V
enabled atBIOS
level -
While running the container,
RASEv2
will help in building and rooting theAVD
created usingAndroid Studio
. So, make sure that you visitGithub-RASEv2
(linked below) to understand how to installAndroid Studio
. Once, installed, justcd RASEv2-Linux
andpython3 RASEv2.py
-
You can refer to RASEv2 for more details