7MS #229: Intro to Docker for Pentesters

Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode!

Intro

I know I'm old and unhip, but I just got turned on to Docker, and today I wanted to share two cool ways to use it to beef up your pentest skills:

Install and run Rainmap

Have you heard of Rainmap? I heard about this from Jerry Gamblin's blog - it's basically a slick Web interface for nmap.

Head to https://hub.docker.com/r/jgamblin/rainmap/ for instructions, but it basically boils down to installing the container with:

docker pull jgamblin/rainmap

Since rainmap stays "open" in the command line, I recommend you first use screen to setup a special session for it. That way you can completely log out via SSH and the docker will stay running.

screen -R rainmapscreen

With the new screen created, you can run rainmap and follow the prompts:

docker run -ti -p 8080:8080 --name rainmap jgamblin/rainmap

Now, just hit Ctrl+a d to exit the screen session, and go to http://ip.of.your.docker:8080/console to login!

Install and run OWASP Juice Shop

Juice Shop, according to OWASP is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

Download it:

docker pull bkimminich/juice-shop

Run it:

docker run -d -p 3000:3000 bkimminich/juice-shop

Now hack it! :-)

Video:

Here's the complementary video content for today's audio podcast: