Overview of Docker
An open-source program named Docker is used to build, distribute, and operate applications in containers, which are loosely segregated environments. Containers can communicate with one another through well-defined channels even while they are physically separated from one another. Containerized applications keep their security.
Docker, which is somewhat similar to virtual machines, enables apps to run on the same Linux kernel as the system they are installed on. The host computer is where applications are shipped, which improves performance and reduces application size.
Who Uses Docker?
System administrators and developers both use Docker to deploy and run distributed applications. It provides tools for easing DevOps by enabling developers to generate templates known as images that can be used to create portable virtual machines known as containers that include their apps and all of their dependencies. These portable virtual machines can be set up and used by system administrators in both development and production settings.
Architecture of Docker
Docker manages and creates Docker containers based on Linux containers using a client-server architecture and a remote API. Docker images are the components of Docker containers. The connection between containers and images is comparable to how objects and classes are connected in object-oriented programming.
Docker’s Client
Docker clients allow the users to interact with Docker. The dockerd daemon receives a command from the docker client and executes it. Docker commands uses the Docker API to perform this communication. The Docker client may interact with many docker daemons.
Docker Host
A complete environment for installing and running programs is provided by the Docker host. The Docker daemon, along with Images, Containers, Networks, and Storage, make up this system. As was indicated before, the daemon, which is in charge of all container-related tasks, accepts commands via the CLI or the REST API. To manage its services, it can also communicate with other daemons.
Docker’s Registry
The services known as Docker registries basically lets you store and download images. In other words, a Docker registry is a group of Docker repositories that each contain one or more Docker Images. A couple of the Public Registries’ components include Docker Hub and Docker Cloud. Another choice is private registries. The three most often used commands when working with registries are docker push, docker pull, and docker run.
Installation of Docker
Linux users can quickly install Docker by launching the terminal and typing the following command:
apt install docker.io
In addition, we can use the help command to get more information about all the choices that Docker offers.
docker –help
After your Docker container has been running for a while, you can execute or retrieve any image from it. We’ll now take a look at the docker-based penetration testing infrastructure used by pen testers.
Docker for Penetration Tester
Given that it creates an environment for penetration testers and makes installation and configuration simple, Docker is crucial for penetration testing. Using a Docker container, we can deploy essential penetration testing tools like:
Metasploit Framework
Sqlmap
Kali Linux
Parrot OS
Run Metasploit Framework as a Docker Container
We are all aware that the powerful open-source penetration testing program known as Metasploit Framework exists. Without having to install it on our computer, we may run the Metasploit Framework inside of a Docker container.
Use the following command to download the Metasploit docker image to our computer:
docker pull metasploitframework/metasploit-framework
To run the Metasploit Docker file, simply execute the following command:
docker run –rm -it -p 443:443 -v ${PWD}:/root/.msf4 metasploitframework/metasploit-framework
Metasploit is now prepared to exploit the flaws. We may use the same commands we used to use Metasploit on other systems.
Removing docker images
If we need to remove the installed docker images, we can use the following commands:
To list all the docker images which are installed on the machine:
docker images
Now in order to remove the image, we need image_id which we can get with the above command and then use the following:
docker rmi <image_id>
docker images
Similar to this, we can install other tools using the proper commands and then configure them for simpler use. The installation and configuration processes utilizing a docker container are relatively quick, enhancing the productivity of penetration testers.
Run SQLmap as a Docker Container
SQLmap is an important penetration testing tool used to test websites against different types of SQL injection vulnerabilities. It is an open source tool used to automate the process of identifying and exploiting SQL injection vulnerabilities. We can simply use Docker to run SQLmap using the following commands:
If we do not know the name of the image of any Docker container, we can simply use “search” command in order to find the name of image as follows:
docker search sqlmap
This will provide us the images related to sqlmap. We can install any image with the help of the image name using the following command:
docker pull googlesky/sqlmap
After successfully pulling the image from Docker, we can run the SQLmap using the following command:
docker run -it googlesky/sqlmap
So, we can simply run SQLmap and its different options with the help of above command and exploit SQL related vulnerabilities.
Run Kali Linux as a Docker Container
Kali Linux is the best and user friendly Operating System for Penetration testing based on Debian distribution of Linux. Its environment can be deployed as a Docker image on any operating system using the following command:
docker pull kalilinux/kali-rolling
After pulling the Kali Linux image, we can simply run the Kali environment using the following command:
docker run -it kalilinux/kali-rolling
Run Parrot OS as a Docker Container
Another powerful Operating System which security researchers or penetration testers uses is Parrot OS which is a Debian based Linux distribution. We can use the Parrot OS environment on any Operating system using docker command as follows:
docker pull parrotsec/security
After successfully installing/pulling the Parrot OS image, we can simply run it using the following command:
docker run -it parrotsec/security
There are other tools which you can run using Docker for better performance and simply remove them.
By incorporating Docker into penetration testing procedures, testers may easily simulate a variety of environments, improving the efficiency and effectiveness of their evaluations. Utilizing Docker for penetration testing is still an effective method for strengthening digital assets and establishing a strong defense against contemporary cyber threats as long as security concerns exist.
You can check out our other blogs here.
Happy Pentesting!!
Team CyberiumX