# Docker for Pentesters

Long time it did not make sense to me to use docker. There are many cases when it adds more complexity than benefits. However, you might need docker daemon and run images (containers) when:

* You want to deploy Kali Linux as docker image, for example, to be close to a cloud infrastructure.
* You need an isolated software with all its dependencies, It's faster to run an existing docker image.
* You need to restore software to its original state quickly and securely (safe money, reduce SLAs)

## Kali Linux with Docker Daemon

### Install Docker <a href="#docker-installdockerintokalilinux" id="docker-installdockerintokalilinux"></a>

There is already a package named "docker", the correct package you want to install is "docker.io".

{% embed url="<https://www.kali.org/docs/containers/installing-docker-on-kali/>" %}

{% embed url="<https://medium.com/@airman604/kali-linux-in-a-docker-container-5a06311624eb>" %}

### Kali Image from DockerHub <a href="#docker-kalidockerimage" id="docker-kalidockerimage"></a>

Kali linux can be deployed as a docker image - <https://hub.docker.com/r/kalilinux/kali-rolling>

```
docker pull kalilinux/kali-rolling
```

## Start process inside running container

```
docker exec -it <container> bash
```

## Start container

<https://medium.com/@airman604/kali-linux-in-a-docker-container-5a06311624eb>

```
docker run -ti kalilinux/kali-rolling /bin/bash
```

## Start container with entrypoint - WFUZZ Example

```
docker run -it  --entrypoint /bin/ash dominicbreuker/wfuzz
```



### Mount Shared Storage&#x20;

```
docker run -it  --entrypoint /bin/ash --mount  type=bind,src=/usr/share,dst=/usr/share  dominicbreuker/wfuzz
```

```
/wfuzz/wfuzz.py -c -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt https://example.com/FUZZ
```

## Inside Kali container - Install basic tools

```
apt update
apt dist-upgrade
apt autoremove
apt clean
apt install kali-tools-top10
apt install man-db
```

## Create new image - Commit

Commit the container to transform changes into a new image

```
docker ps -a
```

```
docker commit <CONTAINER ID> my-kali
```

### Start container with data persistence <a href="#docker-startcontainerwithdatapersistence" id="docker-startcontainerwithdatapersistence"></a>

Configure data persistence for two directories before you start container

```
docker run -ti --rm --mount type=bind,src=/some/path/kali-root,dst=/root --mount type=bind,src=/some/path/kali-postgres,dst=/var/lib/postgresql my-kali bash
```

## Docker Logs <a href="#docker-dockerpentestingmethodology" id="docker-dockerpentestingmethodology"></a>

```
docker logs <container>
docker logs <container> 2>&1 | grep "PIN"
```

## Docker Pentesting Methodology <a href="#docker-dockerpentestingmethodology" id="docker-dockerpentestingmethodology"></a>

<https://www.cs.ru.nl/bachelors-theses/2020/Joren_Vrancken___4593847___A_Methodology_for_Penetration_Testing_Docker_Systems.pdf>

## Azure Container Registry (ACR) <a href="#docker-azurecontainerregistry-acr" id="docker-azurecontainerregistry-acr"></a>

The docker container registry is a docker image repository. You can push or pull images based on tags in organized way.

[Getting Started with the Azure Container Registry](https://www.youtube.com/watch?v=Bc7FpteQSAk) (video)

{% embed url="<https://azure.microsoft.com/en-us/services/container-registry/>" %}

### Docker login into  <a href="#docker-dockerlogininto" id="docker-dockerlogininto"></a>

If you have installed docker locally or you have docker CLI toolset, you can interact with a local or remote docker container repository

```
docker login <registryNameDNS> -u <username>

docker pull ...
```

```
docker run -p 8580:8580 --name localRunner001 <registryNameDNS>/<repository-item-name>:tag
```

### Docker REST APIs <a href="#docker-dockerrestapis" id="docker-dockerrestapis"></a>

There are more REST APIs available for docker

* **remote control API** which servers as REST API for docker daemon control
* **repository REST API** which controls basic docker registry operation

#### Repository REST API <a href="#docker-repositoryrestapi" id="docker-repositoryrestapi"></a>

{% embed url="<https://docs.docker.com/registry/spec/api/>" %}