metasploit-framework/Dockerfile

FROM ruby:2.4.2-alpine
MAINTAINER Rapid7

ARG BUNDLER_ARGS="--jobs=8 --without development test coverage"
ENV APP_HOME /usr/src/metasploit-framework/
ENV MSF_USER msf
ENV NMAP_PRIVILEGED=""
WORKDIR $APP_HOME

COPY Gemfile* m* Rakefile $APP_HOME
COPY lib $APP_HOME/lib

RUN apk update && \
    apk add \
      sqlite-libs \
      nmap \
      nmap-scripts \
      nmap-nselibs \
      postgresql-libs \
      ncurses \
      libcap \
    && apk add --virtual .ruby-builddeps \
      autoconf \
      bison \
      build-base \
      ruby-dev \
      openssl-dev \
      readline-dev \
      sqlite-dev \
      postgresql-dev \
      libpcap-dev \
      libxml2-dev \
      libxslt-dev \
      yaml-dev \
      zlib-dev \
      ncurses-dev \
      git \
    && echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
    && gem update --system \
    && gem install bundler \
    && bundle install --system $BUNDLER_ARGS \
    && apk del .ruby-builddeps \
    && rm -rf /var/cache/apk/*

RUN adduser -g msfconsole -D $MSF_USER

RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)
RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip /usr/bin/nmap

USER $MSF_USER

ADD ./ $APP_HOME

CMD ["./msfconsole", "-r", "docker/msfconsole.rc"]
bump Ruby to 2.4.2, fix security issues 2017-09-24 09:08:12 +08:00			`FROM ruby:2.4.2-alpine`
Dockerfile and Docker Compose for Metasploit Adds a basic Dockerfile and docker-compose config. `docker-compose.yml` adds a named volume for postgres so data should persist. `$HOME/.msf4` will be mounted to `/root/.msf4` by default. port 4444 is exposed by default Basic Usage: docker/bin/msfconsole docker/bin/msfvenom 2016-07-19 02:38:57 +08:00			`MAINTAINER Rapid7`

more docker work 2017-04-22 08:10:00 +08:00			`ARG BUNDLER_ARGS="--jobs=8 --without development test coverage"`
Dockerfile and Docker Compose for Metasploit Adds a basic Dockerfile and docker-compose config. `docker-compose.yml` adds a named volume for postgres so data should persist. `$HOME/.msf4` will be mounted to `/root/.msf4` by default. port 4444 is exposed by default Basic Usage: docker/bin/msfconsole docker/bin/msfvenom 2016-07-19 02:38:57 +08:00			`ENV APP_HOME /usr/src/metasploit-framework/`
run msfconsole as non root user in docker 2017-04-27 16:36:56 +08:00			`ENV MSF_USER msf`
Move ENV command to the top 2017-05-17 23:18:58 +08:00			`ENV NMAP_PRIVILEGED=""`
Dockerfile and Docker Compose for Metasploit Adds a basic Dockerfile and docker-compose config. `docker-compose.yml` adds a named volume for postgres so data should persist. `$HOME/.msf4` will be mounted to `/root/.msf4` by default. port 4444 is exposed by default Basic Usage: docker/bin/msfconsole docker/bin/msfvenom 2016-07-19 02:38:57 +08:00			`WORKDIR $APP_HOME`

			`COPY Gemfile* m* Rakefile $APP_HOME`
			`COPY lib $APP_HOME/lib`

			`RUN apk update && \`
more docker work 2017-04-22 08:10:00 +08:00			`apk add \`
			`sqlite-libs \`
			`nmap \`
Add additional nmap dependencies Packages nmap-nselibs, nmap-scripts 2017-05-18 17:54:53 +08:00			`nmap-scripts \`
			`nmap-nselibs \`
more docker work 2017-04-22 08:10:00 +08:00			`postgresql-libs \`
			`ncurses \`
run msfconsole as non root user in docker 2017-04-27 16:36:56 +08:00			`libcap \`
more docker work 2017-04-22 08:10:00 +08:00			`&& apk add --virtual .ruby-builddeps \`
			`autoconf \`
			`bison \`
			`build-base \`
			`ruby-dev \`
			`openssl-dev \`
			`readline-dev \`
			`sqlite-dev \`
			`postgresql-dev \`
			`libpcap-dev \`
			`libxml2-dev \`
			`libxslt-dev \`
			`yaml-dev \`
			`zlib-dev \`
			`ncurses-dev \`
git is really needed in docker too 2017-07-17 22:41:47 +08:00			`git \`
more docker work 2017-04-22 08:10:00 +08:00			`&& echo "gem: --no-ri --no-rdoc" > /etc/gemrc \`
update rubygems 2017-08-28 23:14:46 +08:00			`&& gem update --system \`
update bundler before installing gems 2017-08-09 21:34:23 +08:00			`&& gem install bundler \`
more docker work 2017-04-22 08:10:00 +08:00			`&& bundle install --system $BUNDLER_ARGS \`
			`&& apk del .ruby-builddeps \`
			`&& rm -rf /var/cache/apk/*`
Dockerfile and Docker Compose for Metasploit Adds a basic Dockerfile and docker-compose config. `docker-compose.yml` adds a named volume for postgres so data should persist. `$HOME/.msf4` will be mounted to `/root/.msf4` by default. port 4444 is exposed by default Basic Usage: docker/bin/msfconsole docker/bin/msfvenom 2016-07-19 02:38:57 +08:00
run msfconsole as non root user in docker 2017-04-27 16:36:56 +08:00			`RUN adduser -g msfconsole -D $MSF_USER`

add caps to ruby 2017-04-27 16:55:03 +08:00			`RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)`
Add capabilities to nmap 2017-05-17 22:17:30 +08:00			`RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip /usr/bin/nmap`
add caps to ruby 2017-04-27 16:55:03 +08:00
run msfconsole as non root user in docker 2017-04-27 16:36:56 +08:00			`USER $MSF_USER`

Dockerfile and Docker Compose for Metasploit Adds a basic Dockerfile and docker-compose config. `docker-compose.yml` adds a named volume for postgres so data should persist. `$HOME/.msf4` will be mounted to `/root/.msf4` by default. port 4444 is exposed by default Basic Usage: docker/bin/msfconsole docker/bin/msfvenom 2016-07-19 02:38:57 +08:00			`ADD ./ $APP_HOME`
run msfconsole as non root user in docker 2017-04-27 16:36:56 +08:00
Dockerfile and Docker Compose for Metasploit Adds a basic Dockerfile and docker-compose config. `docker-compose.yml` adds a named volume for postgres so data should persist. `$HOME/.msf4` will be mounted to `/root/.msf4` by default. port 4444 is exposed by default Basic Usage: docker/bin/msfconsole docker/bin/msfvenom 2016-07-19 02:38:57 +08:00			`CMD ["./msfconsole", "-r", "docker/msfconsole.rc"]`