Docker for pentest: Environment for pentest easily and quickly

The Docker for pentest is an image with the most used tools to create a pentest (penetration testing) environment easily and quickly.

Characteristics

• Installed OS, networking, development and pentest tools.
• Connect to HTB (Hack the Box) vpn for access to HTB machines.
• Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou.
• Proxy service for sending traffic from any browser and burp suite.
• Installed on your local drive.
• Installed database.
• Tool for breaking passwords.
• Linux enumeration tools installed.
• Tools installed on tracking services that work.
• Tools installed in the fuzzing directory.
• Monitor linux processes without root privileges
• Zsh shell installation.

Installed tools

Operative system tools

• rdate
• vim
• zsh
• oh-my-zsh
• locate
• cifs-utils
• htop
• gotop

Network tools

• traceroute
• telnet
• net-tools
• iputils-ping
• Tcpdump
• openvpn
• whois
• host
• prips
• dig

Developer tools

• git
• curl
• wget
• ruby
• go
• python
• python-pip
• python3
• python3-pip
• php
• aws-cli
• tojson
• nodejs

? Pentest tools

Port scanning

• Nmap
• masscan
• ScanPorts created by @ s4vitar with some improvements

? Recon

• Subdomains
  • Amass
  • GoBuster
  • Knock
  • MassDNS
  • Altdns
  • spyse
  • Sublist3r
  • findomain
  • subfinder
  • spiderfoot
  • haktldextract
• Subdomain takeover
  • subjack
  • SubOver
  • tko-subs
• DNS Lookups
  • hakrevdns
• ? Screenshot
  • gowitness
  • aquatone
• ? ️ crawler
  • hakrawler
  • Photon
  • gospider
  • left
  • otxurls
  • waybackurls
• ? Search directories
  • dirsearch
• Fuzzer
  • wfuzz
  • ffuf
• Web Scanning
  • whatweb
  • wafw00z
  • no one
  • arjun
  • httprobe
  • striker
  • hakcheckurl
• CMS
  • wpscan
  • joomscan
  • droopescan
  • cmseek
• Search JS
  • LinkFinder
  • getJS
  • subjs

Wordlist

• cewl
• wordlists:
  • wfuzz
  • SecList
  • Fuzzdb
  • Dirbuster
  • Dirb
  • Rockyou
  • all.txt
• crunch

Git repositories

• gitleaks
• gitrob
• gitGraber
• github-search
• GitTools

OWASP

• sqlmap
• XSStrike
• kxss
• dalfox

Brute force

• crowbar
• Hydra
• patter
• jellyfish

cracking

• hashid
• john the ripper
• hashcat

OS Enumeration

• htbenum
• linux-smart-enumeration
• linen
• enum4linux
• ldapdomaindump
• PEASS - Privilege Escalation Awesome Scripts SUITE
• Windows Exploit Suggester - Next Generation
• smbmap
• pspy - unprivileged Linux process snooping
• smbclient
• ftp

exploits

• searchsploit
• Metasploit
• MS17-010
• AutoBlue-MS17-010
• PrivExchange

Windows

• evil-winrm
• impacket
• CrackMapExec
• Nishang
• Juicy Potato
• PowerSploit
• pass-the-hash
• mimikatz
• gpp-decrypt

Reverse shell

• untroubled
• rlwrap

Other resources

• pentest-tools from @ gwen001
• qsreplace from @tomnomnom

Custom functions

• NmapExtractPorts from @ s4vitar

Other services

• apache2
• squid

Information on installing and using the program, you will find here.