Land #8013, Docker Compose for Metasploit
This commit is contained in:
commit
4f0ca5ffca
|
@ -0,0 +1,95 @@
|
||||||
|
.dockerignore
|
||||||
|
.gitignore
|
||||||
|
.env*
|
||||||
|
docker-compose*.yml
|
||||||
|
docker/
|
||||||
|
!docker/msfconsole.rc
|
||||||
|
README.md
|
||||||
|
|
||||||
|
.bundle
|
||||||
|
Gemfile.local
|
||||||
|
Gemfile.local.lock
|
||||||
|
# Rubymine project directory
|
||||||
|
.idea
|
||||||
|
# Sublime Text project directory (not created by ST by default)
|
||||||
|
.sublime-project
|
||||||
|
# RVM control file, keep this to avoid backdooring Metasploit
|
||||||
|
.rvmrc
|
||||||
|
# Allow for a local choice of (unsupported / semi-supported) ruby versions
|
||||||
|
# See PR #4136 for usage, but example usage for rvm:
|
||||||
|
# rvm --create --versions-conf use 2.1.4@metasploit-framework
|
||||||
|
# Because rbenv doesn't use .versions.conf, to achieve this same functionality, run:
|
||||||
|
# rbenv shell 2.1.4
|
||||||
|
.versions.conf
|
||||||
|
# YARD cache directory
|
||||||
|
.yardoc
|
||||||
|
# Mac OS X files
|
||||||
|
.DS_Store
|
||||||
|
# database config for testing
|
||||||
|
config/database.yml
|
||||||
|
# target config file for testing
|
||||||
|
features/support/targets.yml
|
||||||
|
# simplecov coverage data
|
||||||
|
coverage
|
||||||
|
doc/
|
||||||
|
external/source/meterpreter/java/bin
|
||||||
|
external/source/meterpreter/java/build
|
||||||
|
external/source/meterpreter/java/extensions
|
||||||
|
external/source/javapayload/bin
|
||||||
|
external/source/javapayload/build
|
||||||
|
# Java binary ignores. Replace the 5 above with this once we're merged.
|
||||||
|
external/source/javapayload/*/.classpath
|
||||||
|
external/source/javapayload/*/.project
|
||||||
|
external/source/javapayload/*/.settings
|
||||||
|
external/source/javapayload/*/bin
|
||||||
|
external/source/javapayload/*/target
|
||||||
|
external/source/javapayload/*/*/.classpath
|
||||||
|
external/source/javapayload/*/*/.project
|
||||||
|
external/source/javapayload/*/*/.settings
|
||||||
|
external/source/javapayload/*/*/bin
|
||||||
|
external/source/javapayload/*/*/target
|
||||||
|
# Packaging directory
|
||||||
|
pkg
|
||||||
|
tags
|
||||||
|
*.swp
|
||||||
|
*.orig
|
||||||
|
*.rej
|
||||||
|
*~
|
||||||
|
# Ignore backups of retabbed files
|
||||||
|
*.notab
|
||||||
|
|
||||||
|
# ignore Visual Studio external source garbage
|
||||||
|
*.suo
|
||||||
|
*.sdf
|
||||||
|
*.opensdf
|
||||||
|
*.user
|
||||||
|
|
||||||
|
# Rails log directory
|
||||||
|
/log
|
||||||
|
# Rails tmp directory
|
||||||
|
/tmp
|
||||||
|
|
||||||
|
# ignore release/debug folders for exploits
|
||||||
|
external/source/exploits/**/Debug
|
||||||
|
external/source/exploits/**/Release
|
||||||
|
|
||||||
|
# Avoid checking in Meterpreter binaries. These are supplied upstream by
|
||||||
|
# the metasploit-payloads gem.
|
||||||
|
data/meterpreter/*.dll
|
||||||
|
data/meterpreter/*.php
|
||||||
|
data/meterpreter/*.py
|
||||||
|
data/meterpreter/*.bin
|
||||||
|
data/meterpreter/*.jar
|
||||||
|
data/meterpreter/*.lso
|
||||||
|
data/android
|
||||||
|
data/java
|
||||||
|
|
||||||
|
# Avoid checking in Meterpreter libs that are built from
|
||||||
|
# private source. If you're interested in this functionality,
|
||||||
|
# check out Metasploit Pro: http://metasploit.com/download
|
||||||
|
data/meterpreter/ext_server_pivot.*.dll
|
||||||
|
|
||||||
|
# Avoid checking in metakitty, the source for
|
||||||
|
# https://rapid7.github.io/metasploit-framework. It's an orphan branch.
|
||||||
|
/metakitty
|
||||||
|
.vagrant
|
|
@ -85,3 +85,6 @@ data/meterpreter/ext_server_pivot.*.dll
|
||||||
# https://rapid7.github.io/metasploit-framework. It's an orphan branch.
|
# https://rapid7.github.io/metasploit-framework. It's an orphan branch.
|
||||||
/metakitty
|
/metakitty
|
||||||
.vagrant
|
.vagrant
|
||||||
|
|
||||||
|
# local docker compose overrides
|
||||||
|
docker-compose.local*
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
version: '2'
|
||||||
|
services:
|
||||||
|
ms: &ms
|
||||||
|
image: metasploit
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
dockerfile: ./docker/Dockerfile
|
||||||
|
environment:
|
||||||
|
DATABASE_URL: postgres://postgres@db:5432/msf
|
||||||
|
links:
|
||||||
|
- db
|
||||||
|
ports:
|
||||||
|
- 4444:4444
|
||||||
|
volumes:
|
||||||
|
- $HOME/.msf4:/root/.msf4
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: postgres:9.6
|
||||||
|
volumes:
|
||||||
|
- pg_data:/var/lib/postgresql/data
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
pg_data:
|
||||||
|
driver: local
|
|
@ -0,0 +1,47 @@
|
||||||
|
FROM ruby:2.3-alpine
|
||||||
|
MAINTAINER Rapid7
|
||||||
|
|
||||||
|
ARG BUNDLER_ARGS="--system --jobs=8"
|
||||||
|
ENV APP_HOME /usr/src/metasploit-framework/
|
||||||
|
WORKDIR $APP_HOME
|
||||||
|
|
||||||
|
COPY Gemfile* m* Rakefile $APP_HOME
|
||||||
|
COPY lib $APP_HOME/lib
|
||||||
|
|
||||||
|
RUN apk update && \
|
||||||
|
apk add \
|
||||||
|
ruby-bigdecimal \
|
||||||
|
ruby-bundler \
|
||||||
|
ruby-io-console \
|
||||||
|
autoconf \
|
||||||
|
bison \
|
||||||
|
subversion \
|
||||||
|
git \
|
||||||
|
sqlite \
|
||||||
|
nmap \
|
||||||
|
libxslt \
|
||||||
|
postgresql \
|
||||||
|
ncurses \
|
||||||
|
&& apk add --virtual .ruby-builddeps \
|
||||||
|
build-base \
|
||||||
|
ruby-dev \
|
||||||
|
libffi-dev\
|
||||||
|
openssl-dev \
|
||||||
|
readline-dev \
|
||||||
|
sqlite-dev \
|
||||||
|
postgresql-dev \
|
||||||
|
libpcap-dev \
|
||||||
|
libxml2-dev \
|
||||||
|
libxslt-dev \
|
||||||
|
yaml-dev \
|
||||||
|
zlib-dev \
|
||||||
|
ncurses-dev \
|
||||||
|
bison \
|
||||||
|
autoconf \
|
||||||
|
&& echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
|
||||||
|
&& bundle install $BUNDLER_ARGS \
|
||||||
|
&& apk del .ruby-builddeps \
|
||||||
|
&& rm -rf /var/cache/apk/*
|
||||||
|
|
||||||
|
ADD ./ $APP_HOME
|
||||||
|
CMD ["./msfconsole", "-r", "docker/msfconsole.rc"]
|
|
@ -0,0 +1,65 @@
|
||||||
|
# Metasploit in Docker
|
||||||
|
## Getting Started
|
||||||
|
|
||||||
|
To run `msfconsole`
|
||||||
|
```bash
|
||||||
|
docker-compose run --rm --service-ports ms
|
||||||
|
```
|
||||||
|
|
||||||
|
To run `msfvenom`
|
||||||
|
```bash
|
||||||
|
docker-compose run --rm ms ./msfvenom
|
||||||
|
```
|
||||||
|
|
||||||
|
### I don't like typing `docker-compose --rm ...`
|
||||||
|
|
||||||
|
We have included some binstubs `./bin`, you can symlink them to your path.
|
||||||
|
|
||||||
|
Assuming you have `$HOME/bin`, and it's in your `$PATH`. You can run this from the project root:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
ln -s `pwd`/docker/bin/msfconsole $HOME/bin/
|
||||||
|
ln -s `pwd`/docker/bin/msfvenom $HOME/bin/
|
||||||
|
```
|
||||||
|
|
||||||
|
### But I want reverse shells...
|
||||||
|
|
||||||
|
By default we expose port `4444`. You'll need to set `LHOST` to be a hostname/ip
|
||||||
|
of your host machine.
|
||||||
|
|
||||||
|
If you want to expose more ports, or have `LHOST` prepopulated with a specific
|
||||||
|
value; you'll need to setup a local docker-compose override for this.
|
||||||
|
|
||||||
|
Create `docker/docker-compose.local.override.yml` with:
|
||||||
|
```yml
|
||||||
|
version: '2'
|
||||||
|
services:
|
||||||
|
ms:
|
||||||
|
environment:
|
||||||
|
# example of setting LHOST
|
||||||
|
LHOST: 10.0.8.2
|
||||||
|
# example of adding more ports
|
||||||
|
ports:
|
||||||
|
- 8080:8080
|
||||||
|
```
|
||||||
|
|
||||||
|
Make sure you set `LHOST` to valid hostname that resolves to your host machine.
|
||||||
|
|
||||||
|
Now you need to set the `COMPOSE_FILE` environment variable to load your local
|
||||||
|
override.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
echo "COMPOSE_FILE=./docker-compose.yml:./docker/docker-compose.local.override.yml" >> .env
|
||||||
|
```
|
||||||
|
Now you should be able get reverse shells working
|
||||||
|
|
||||||
|
## Developing
|
||||||
|
|
||||||
|
To setup you environment for development, you need to `docker/docker-compose.development.override.yml`
|
||||||
|
to your `COMPOSE_FILE` environment variable.
|
||||||
|
|
||||||
|
If you don't have a `COMPOSE_FILE` environment variable, you can set it up with this:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
echo "COMPOSE_FILE=./docker-compose.yml:./docker/docker-compose.development.override.yml" >> .env
|
||||||
|
```
|
|
@ -0,0 +1,21 @@
|
||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
if [[ -z "$MSF_PATH" ]]; then
|
||||||
|
path=`dirname $0`
|
||||||
|
|
||||||
|
# check for ./docker/msfconsole.rc
|
||||||
|
if [[ ! -f $path/../msfconsole.rc ]] ; then
|
||||||
|
|
||||||
|
# we are not inside the project
|
||||||
|
realpath --version > /dev/null 2>&1 || { echo >&2 "I couldn't find where metasploit is. Set \$MSF_PATH or execute this from the project root"; exit 1 ;}
|
||||||
|
|
||||||
|
# determine script path
|
||||||
|
pushd $(dirname $(realpath $0)) > /dev/null
|
||||||
|
path=$(pwd)
|
||||||
|
popd > /dev/null
|
||||||
|
fi
|
||||||
|
MSF_PATH=$(dirname $(dirname $path))
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd $MSF_PATH
|
||||||
|
docker-compose run --rm --service-ports ms ./msfconsole -r docker/msfconsole.rc "$@"
|
|
@ -0,0 +1,21 @@
|
||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
if [[ -z "$MSF_PATH" ]]; then
|
||||||
|
path=`dirname $0`
|
||||||
|
|
||||||
|
# check for ./docker/msfconsole.rc
|
||||||
|
if [[ ! -f $path/../msfconsole.rc ]] ; then
|
||||||
|
|
||||||
|
# we are not inside the project
|
||||||
|
realpath --version > /dev/null 2>&1 || { echo >&2 "I couldn't find where metasploit is. Set \$MSF_PATH or execute this from the project root"; exit 1 ;}
|
||||||
|
|
||||||
|
# determine script path
|
||||||
|
pushd $(dirname $(realpath $0)) > /dev/null
|
||||||
|
path=$(pwd)
|
||||||
|
popd > /dev/null
|
||||||
|
fi
|
||||||
|
MSF_PATH=$(dirname $(dirname $path))
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd $MSF_PATH
|
||||||
|
docker-compose run --rm --service-ports ms ./msfvenom "$@"
|
|
@ -0,0 +1,9 @@
|
||||||
|
version: '2'
|
||||||
|
|
||||||
|
services:
|
||||||
|
ms: &ms
|
||||||
|
environment:
|
||||||
|
DATABASE_URL: postgres://postgres@db:5432/msf_dev
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- .:/usr/src/app
|
|
@ -0,0 +1,5 @@
|
||||||
|
<ruby>
|
||||||
|
run_single("setg LHOST #{ENV['LHOST']}") if ENV['LHOST']
|
||||||
|
run_single("setg LPORT #{ENV['LPORT']}") if ENV['LPORT']
|
||||||
|
run_single("db_connect #{ENV['DATABASE_URL'].gsub('postrgres://', '')}") if ENV['DATABASE_URL']
|
||||||
|
</ruby>
|
Loading…
Reference in New Issue