Land #8013, Docker Compose for Metasploit
This commit is contained in:
commit
4f0ca5ffca
|
@ -0,0 +1,95 @@
|
|||
.dockerignore
|
||||
.gitignore
|
||||
.env*
|
||||
docker-compose*.yml
|
||||
docker/
|
||||
!docker/msfconsole.rc
|
||||
README.md
|
||||
|
||||
.bundle
|
||||
Gemfile.local
|
||||
Gemfile.local.lock
|
||||
# Rubymine project directory
|
||||
.idea
|
||||
# Sublime Text project directory (not created by ST by default)
|
||||
.sublime-project
|
||||
# RVM control file, keep this to avoid backdooring Metasploit
|
||||
.rvmrc
|
||||
# Allow for a local choice of (unsupported / semi-supported) ruby versions
|
||||
# See PR #4136 for usage, but example usage for rvm:
|
||||
# rvm --create --versions-conf use 2.1.4@metasploit-framework
|
||||
# Because rbenv doesn't use .versions.conf, to achieve this same functionality, run:
|
||||
# rbenv shell 2.1.4
|
||||
.versions.conf
|
||||
# YARD cache directory
|
||||
.yardoc
|
||||
# Mac OS X files
|
||||
.DS_Store
|
||||
# database config for testing
|
||||
config/database.yml
|
||||
# target config file for testing
|
||||
features/support/targets.yml
|
||||
# simplecov coverage data
|
||||
coverage
|
||||
doc/
|
||||
external/source/meterpreter/java/bin
|
||||
external/source/meterpreter/java/build
|
||||
external/source/meterpreter/java/extensions
|
||||
external/source/javapayload/bin
|
||||
external/source/javapayload/build
|
||||
# Java binary ignores. Replace the 5 above with this once we're merged.
|
||||
external/source/javapayload/*/.classpath
|
||||
external/source/javapayload/*/.project
|
||||
external/source/javapayload/*/.settings
|
||||
external/source/javapayload/*/bin
|
||||
external/source/javapayload/*/target
|
||||
external/source/javapayload/*/*/.classpath
|
||||
external/source/javapayload/*/*/.project
|
||||
external/source/javapayload/*/*/.settings
|
||||
external/source/javapayload/*/*/bin
|
||||
external/source/javapayload/*/*/target
|
||||
# Packaging directory
|
||||
pkg
|
||||
tags
|
||||
*.swp
|
||||
*.orig
|
||||
*.rej
|
||||
*~
|
||||
# Ignore backups of retabbed files
|
||||
*.notab
|
||||
|
||||
# ignore Visual Studio external source garbage
|
||||
*.suo
|
||||
*.sdf
|
||||
*.opensdf
|
||||
*.user
|
||||
|
||||
# Rails log directory
|
||||
/log
|
||||
# Rails tmp directory
|
||||
/tmp
|
||||
|
||||
# ignore release/debug folders for exploits
|
||||
external/source/exploits/**/Debug
|
||||
external/source/exploits/**/Release
|
||||
|
||||
# Avoid checking in Meterpreter binaries. These are supplied upstream by
|
||||
# the metasploit-payloads gem.
|
||||
data/meterpreter/*.dll
|
||||
data/meterpreter/*.php
|
||||
data/meterpreter/*.py
|
||||
data/meterpreter/*.bin
|
||||
data/meterpreter/*.jar
|
||||
data/meterpreter/*.lso
|
||||
data/android
|
||||
data/java
|
||||
|
||||
# Avoid checking in Meterpreter libs that are built from
|
||||
# private source. If you're interested in this functionality,
|
||||
# check out Metasploit Pro: http://metasploit.com/download
|
||||
data/meterpreter/ext_server_pivot.*.dll
|
||||
|
||||
# Avoid checking in metakitty, the source for
|
||||
# https://rapid7.github.io/metasploit-framework. It's an orphan branch.
|
||||
/metakitty
|
||||
.vagrant
|
|
@ -85,3 +85,6 @@ data/meterpreter/ext_server_pivot.*.dll
|
|||
# https://rapid7.github.io/metasploit-framework. It's an orphan branch.
|
||||
/metakitty
|
||||
.vagrant
|
||||
|
||||
# local docker compose overrides
|
||||
docker-compose.local*
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
version: '2'
|
||||
services:
|
||||
ms: &ms
|
||||
image: metasploit
|
||||
build:
|
||||
context: .
|
||||
dockerfile: ./docker/Dockerfile
|
||||
environment:
|
||||
DATABASE_URL: postgres://postgres@db:5432/msf
|
||||
links:
|
||||
- db
|
||||
ports:
|
||||
- 4444:4444
|
||||
volumes:
|
||||
- $HOME/.msf4:/root/.msf4
|
||||
|
||||
db:
|
||||
image: postgres:9.6
|
||||
volumes:
|
||||
- pg_data:/var/lib/postgresql/data
|
||||
|
||||
volumes:
|
||||
pg_data:
|
||||
driver: local
|
|
@ -0,0 +1,47 @@
|
|||
FROM ruby:2.3-alpine
|
||||
MAINTAINER Rapid7
|
||||
|
||||
ARG BUNDLER_ARGS="--system --jobs=8"
|
||||
ENV APP_HOME /usr/src/metasploit-framework/
|
||||
WORKDIR $APP_HOME
|
||||
|
||||
COPY Gemfile* m* Rakefile $APP_HOME
|
||||
COPY lib $APP_HOME/lib
|
||||
|
||||
RUN apk update && \
|
||||
apk add \
|
||||
ruby-bigdecimal \
|
||||
ruby-bundler \
|
||||
ruby-io-console \
|
||||
autoconf \
|
||||
bison \
|
||||
subversion \
|
||||
git \
|
||||
sqlite \
|
||||
nmap \
|
||||
libxslt \
|
||||
postgresql \
|
||||
ncurses \
|
||||
&& apk add --virtual .ruby-builddeps \
|
||||
build-base \
|
||||
ruby-dev \
|
||||
libffi-dev\
|
||||
openssl-dev \
|
||||
readline-dev \
|
||||
sqlite-dev \
|
||||
postgresql-dev \
|
||||
libpcap-dev \
|
||||
libxml2-dev \
|
||||
libxslt-dev \
|
||||
yaml-dev \
|
||||
zlib-dev \
|
||||
ncurses-dev \
|
||||
bison \
|
||||
autoconf \
|
||||
&& echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
|
||||
&& bundle install $BUNDLER_ARGS \
|
||||
&& apk del .ruby-builddeps \
|
||||
&& rm -rf /var/cache/apk/*
|
||||
|
||||
ADD ./ $APP_HOME
|
||||
CMD ["./msfconsole", "-r", "docker/msfconsole.rc"]
|
|
@ -0,0 +1,65 @@
|
|||
# Metasploit in Docker
|
||||
## Getting Started
|
||||
|
||||
To run `msfconsole`
|
||||
```bash
|
||||
docker-compose run --rm --service-ports ms
|
||||
```
|
||||
|
||||
To run `msfvenom`
|
||||
```bash
|
||||
docker-compose run --rm ms ./msfvenom
|
||||
```
|
||||
|
||||
### I don't like typing `docker-compose --rm ...`
|
||||
|
||||
We have included some binstubs `./bin`, you can symlink them to your path.
|
||||
|
||||
Assuming you have `$HOME/bin`, and it's in your `$PATH`. You can run this from the project root:
|
||||
|
||||
```bash
|
||||
ln -s `pwd`/docker/bin/msfconsole $HOME/bin/
|
||||
ln -s `pwd`/docker/bin/msfvenom $HOME/bin/
|
||||
```
|
||||
|
||||
### But I want reverse shells...
|
||||
|
||||
By default we expose port `4444`. You'll need to set `LHOST` to be a hostname/ip
|
||||
of your host machine.
|
||||
|
||||
If you want to expose more ports, or have `LHOST` prepopulated with a specific
|
||||
value; you'll need to setup a local docker-compose override for this.
|
||||
|
||||
Create `docker/docker-compose.local.override.yml` with:
|
||||
```yml
|
||||
version: '2'
|
||||
services:
|
||||
ms:
|
||||
environment:
|
||||
# example of setting LHOST
|
||||
LHOST: 10.0.8.2
|
||||
# example of adding more ports
|
||||
ports:
|
||||
- 8080:8080
|
||||
```
|
||||
|
||||
Make sure you set `LHOST` to valid hostname that resolves to your host machine.
|
||||
|
||||
Now you need to set the `COMPOSE_FILE` environment variable to load your local
|
||||
override.
|
||||
|
||||
```bash
|
||||
echo "COMPOSE_FILE=./docker-compose.yml:./docker/docker-compose.local.override.yml" >> .env
|
||||
```
|
||||
Now you should be able get reverse shells working
|
||||
|
||||
## Developing
|
||||
|
||||
To setup you environment for development, you need to `docker/docker-compose.development.override.yml`
|
||||
to your `COMPOSE_FILE` environment variable.
|
||||
|
||||
If you don't have a `COMPOSE_FILE` environment variable, you can set it up with this:
|
||||
|
||||
```bash
|
||||
echo "COMPOSE_FILE=./docker-compose.yml:./docker/docker-compose.development.override.yml" >> .env
|
||||
```
|
|
@ -0,0 +1,21 @@
|
|||
#! /bin/bash
|
||||
|
||||
if [[ -z "$MSF_PATH" ]]; then
|
||||
path=`dirname $0`
|
||||
|
||||
# check for ./docker/msfconsole.rc
|
||||
if [[ ! -f $path/../msfconsole.rc ]] ; then
|
||||
|
||||
# we are not inside the project
|
||||
realpath --version > /dev/null 2>&1 || { echo >&2 "I couldn't find where metasploit is. Set \$MSF_PATH or execute this from the project root"; exit 1 ;}
|
||||
|
||||
# determine script path
|
||||
pushd $(dirname $(realpath $0)) > /dev/null
|
||||
path=$(pwd)
|
||||
popd > /dev/null
|
||||
fi
|
||||
MSF_PATH=$(dirname $(dirname $path))
|
||||
fi
|
||||
|
||||
cd $MSF_PATH
|
||||
docker-compose run --rm --service-ports ms ./msfconsole -r docker/msfconsole.rc "$@"
|
|
@ -0,0 +1,21 @@
|
|||
#! /bin/bash
|
||||
|
||||
if [[ -z "$MSF_PATH" ]]; then
|
||||
path=`dirname $0`
|
||||
|
||||
# check for ./docker/msfconsole.rc
|
||||
if [[ ! -f $path/../msfconsole.rc ]] ; then
|
||||
|
||||
# we are not inside the project
|
||||
realpath --version > /dev/null 2>&1 || { echo >&2 "I couldn't find where metasploit is. Set \$MSF_PATH or execute this from the project root"; exit 1 ;}
|
||||
|
||||
# determine script path
|
||||
pushd $(dirname $(realpath $0)) > /dev/null
|
||||
path=$(pwd)
|
||||
popd > /dev/null
|
||||
fi
|
||||
MSF_PATH=$(dirname $(dirname $path))
|
||||
fi
|
||||
|
||||
cd $MSF_PATH
|
||||
docker-compose run --rm --service-ports ms ./msfvenom "$@"
|
|
@ -0,0 +1,9 @@
|
|||
version: '2'
|
||||
|
||||
services:
|
||||
ms: &ms
|
||||
environment:
|
||||
DATABASE_URL: postgres://postgres@db:5432/msf_dev
|
||||
|
||||
volumes:
|
||||
- .:/usr/src/app
|
|
@ -0,0 +1,5 @@
|
|||
<ruby>
|
||||
run_single("setg LHOST #{ENV['LHOST']}") if ENV['LHOST']
|
||||
run_single("setg LPORT #{ENV['LPORT']}") if ENV['LPORT']
|
||||
run_single("db_connect #{ENV['DATABASE_URL'].gsub('postrgres://', '')}") if ENV['DATABASE_URL']
|
||||
</ruby>
|
Loading…
Reference in New Issue