Penetration Testing using Docker

Penetration Testing using Docker

Overview of Docker

An open-source program named Docker is used to build, distribute, and operate applications in containers, which are loosely segregated environments. Containers can communicate with one another through well-defined channels even while they are physically separated from one another. Containerized applications keep their security.

Docker, which is somewhat similar to virtual machines, enables apps to run on the same Linux kernel as the system they are installed on. The host computer is where applications are shipped, which improves performance and reduces application size.

Who Uses Docker?

System administrators and developers both use Docker to deploy and run distributed applications. It provides tools for easing DevOps by enabling developers to generate templates known as images that can be used to create portable virtual machines known as containers that include their apps and all of their dependencies. These portable virtual machines can be set up and used by system administrators in both development and production settings.

Architecture of Docker

Docker manages and creates Docker containers based on Linux containers using a client-server architecture and a remote API. Docker images are the components of Docker containers. The connection between containers and images is comparable to how objects and classes are connected in object-oriented programming.



Docker’s Client

Docker clients allow the users to interact with Docker. The dockerd daemon receives a command from the docker client and executes it. Docker commands uses the Docker API to perform this communication. The Docker client may interact with many docker daemons.

Docker Host

A complete environment for installing and running programs is provided by the Docker host. The Docker daemon, along with Images, Containers, Networks, and Storage, make up this system. As was indicated before, the daemon, which is in charge of all container-related tasks, accepts commands via the CLI or the REST API. To manage its services, it can also communicate with other daemons.

Docker’s Registry

The services known as Docker registries basically lets you store and download images. In other words, a Docker registry is a group of Docker repositories that each contain one or more Docker Images. A couple of the Public Registries’ components include Docker Hub and Docker Cloud. Another choice is private registries. The three most often used commands when working with registries are docker push, docker pull, and docker run.

Installation of Docker

Linux users can quickly install Docker by launching the terminal and typing the following command:

apt install

2. Apt install

In addition, we can use the help command to get more information about all the choices that Docker offers.

docker –help

3. docker help

After your Docker container has been running for a while, you can execute or retrieve any image from it. We’ll now take a look at the docker-based penetration testing infrastructure used by pen testers.

Docker for Penetration Tester

Given that it creates an environment for penetration testers and makes installation and configuration simple, Docker is crucial for penetration testing. Using a Docker container, we can deploy essential penetration testing tools like:

Metasploit Framework


Kali Linux

Parrot OS

Run Metasploit Framework as a Docker Container

We are all aware that the powerful open-source penetration testing program known as Metasploit Framework exists. Without having to install it on our computer, we may run the Metasploit Framework inside of a Docker container.

Use the following command to download the Metasploit docker image to our computer:

docker pull metasploitframework/metasploit-framework

4. Docker pull msf

To run the Metasploit Docker file, simply execute the following command:

docker run –rm -it -p 443:443 -v ${PWD}:/root/.msf4 metasploitframework/metasploit-framework

5. Docker run msf

Metasploit is now prepared to exploit the flaws. We may use the same commands we used to use Metasploit on other systems.

Removing docker images

If we need to remove the installed docker images, we can use the following commands:

To list all the docker images which are installed on the machine:

docker images

Now in order to remove the image, we need image_id which we can get with the above command and then use the following:

docker rmi <image_id>

docker images

6. Removing docker

Similar to this, we can install other tools using the proper commands and then configure them for simpler use. The installation and configuration processes utilizing a docker container are relatively quick, enhancing the productivity of penetration testers.

Run SQLmap as a Docker Container

SQLmap is an important penetration testing tool used to test websites against different types of SQL injection vulnerabilities. It is an open source tool used to automate the process of identifying and exploiting SQL injection vulnerabilities. We can simply use Docker to run SQLmap using the following commands:

If we do not know the name of the image of any Docker container, we can simply use “search” command in order to find the name of image as follows:

docker search sqlmap

This will provide us the images related to sqlmap. We can install any image with the help of the image name using the following command:

docker pull googlesky/sqlmap

7. docker pull sqlmap

After successfully pulling the image from Docker, we can run the SQLmap using the following command:

docker run -it googlesky/sqlmap

8. docker run sqlmap

So, we can simply run SQLmap and its different options with the help of above command and exploit SQL related vulnerabilities.

Run Kali Linux as a Docker Container

Kali Linux is the best and user friendly Operating System for Penetration testing based on Debian distribution of Linux. Its environment can be deployed as a Docker image on any operating system using the following command:

docker pull kalilinux/kali-rolling

9. docker pull kali

After pulling the Kali Linux image, we can simply run the Kali environment using the following command:

docker run -it kalilinux/kali-rolling

10. docker run kali

Run Parrot OS as a Docker Container

Another powerful Operating System which security researchers or penetration testers uses is Parrot OS which is a Debian based Linux distribution. We can use the Parrot OS environment on any Operating system using docker command as follows:

docker pull parrotsec/security

11. docker pull parrot

After successfully installing/pulling the Parrot OS image, we can simply run it using the following command:

docker run -it parrotsec/security

There are other tools which you can run using Docker for better performance and simply remove them.

By incorporating Docker into penetration testing procedures, testers may easily simulate a variety of environments, improving the efficiency and effectiveness of their evaluations. Utilizing Docker for penetration testing is still an effective method for strengthening digital assets and establishing a strong defense against contemporary cyber threats as long as security concerns exist.

You can check out our other blogs here.

Happy Pentesting!!

Team CyberiumX

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top