Refactors Dockerfile tool installation and adds new tools. #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

Ab4y98 wants to merge 3 commits into mcnamee:master from Ab4y98:master

Dockerfile

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -146,8 +146,6 @@ RUN git clone --depth 1 https://github.com/rastating/dnmasscan.git $TOOLS/dnmass
  
      chmod a+x dnmasscan && \

      ln -sf $TOOLS/dnmasscan/dnmasscan /usr/local/bin/dnmasscan

    # dnsprobe

    RUN go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest

    # exploitdb (searchsploit)

    RUN git clone --depth 1 https://github.com/offensive-security/exploitdb.git $TOOLS/exploitdb && \

    @@ -161,8 +159,6 @@ RUN go install github.com/ffuf/ffuf@latest
  
    RUN go install github.com/lc/gau/v2/cmd/gau@latest && \

      echo "alias gau='/go/bin/gau'" >> ~/.zshrc

    # httpx

    RUN go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest

    # interlace

    RUN git clone --depth 1 https://github.com/codingo/Interlace.git $TOOLS/interlace && \

    @@ -210,9 +206,8 @@ RUN mkdir $TOOLS/metasploit && \
  
      chmod 755 msfinstall && \

      ./msfinstall

    # nuclei

    RUN go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest && \

      git clone --depth 1 https://github.com/projectdiscovery/nuclei-templates.git $ADDONS/nuclei

    # nuclei templates (nuclei itself installed via pdtm)

    RUN git clone --depth 1 https://github.com/projectdiscovery/nuclei-templates.git $ADDONS/nuclei

    # pagodo

    RUN git clone --depth 1 https://github.com/opsdisk/pagodo.git $TOOLS/pagodo && \

    @@ -236,8 +231,6 @@ RUN git clone --depth 1 https://github.com/trustedsec/social-engineer-toolkit $T
  
      python3 -m pip install --break-system-packages -r requirements.txt || : && \

      python3 setup.py || :

    # subfinder

    RUN go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest

    # subjs

    RUN go install -v github.com/lc/subjs@latest

    @@ -254,10 +247,7 @@ RUN git clone --depth 1 https://github.com/aboul3la/Sublist3r.git $TOOLS/sublist
  
    # Note: it needs to be installed in /etc/ as there are absolute refs in the code

    RUN git clone --depth 1 https://github.com/laramies/theHarvester /etc/theHarvester && \

      cd /etc/theHarvester && \

      python3 -m pip install --break-system-packages pipenv && \

      python3 -m pip install --break-system-packages -r requirements/base.txt && \

      sed -i 's^#!/usr/bin/env python3^#!/usr/bin/python3^g' theHarvester.py && \

      chmod a+x theHarvester.py && \

      python3 -m pip install --break-system-packages . && \

      ln -sf /etc/theHarvester/theHarvester.py /usr/local/bin/theharvester

    # unfurl

    @@ -285,20 +275,34 @@ RUN git clone --depth 1 https://github.com/s0md3v/XSStrike.git $TOOLS/xsstrike &
  
      chmod a+x xsstrike.py && \

      ln -sf $TOOLS/xsstrike/xsstrike.py /usr/local/bin/xsstrike

    # pdtm - ProjectDiscovery Tool Manager

    # Install pdtm first, then use it to install all ProjectDiscovery tools

    RUN go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest && \

      pdtm -install-all && \

      pip uninstall httpx --break-system-packages -y || true

    # feroxbuster

    RUN ARCH=$(uname -m) && \

      curl -sL "https://github.com/epi052/feroxbuster/releases/latest/download/${ARCH}-linux-feroxbuster.zip" -o /tmp/feroxbuster.zip && \

      unzip -o /tmp/feroxbuster.zip -d /usr/local/bin && \

      chmod +x /usr/local/bin/feroxbuster && \

      rm /tmp/feroxbuster.zip

    # ------------------------------

    # --- Wordlists ---

    # ------------------------------

    # seclists

    RUN  git clone --depth 1 https://github.com/danielmiessler/SecLists.git $WORDLISTS/seclists

    RUN git clone --depth 1 https://github.com/danielmiessler/SecLists.git $WORDLISTS/seclists && \

      ln -sf $WORDLISTS/seclists /usr/share/seclists

    # rockyou

    RUN curl -L https://github.com/praetorian-code/Hob0Rules/raw/db10d30b0e4295a648b8d1eab059b4d7a567bf0a/wordlists/rockyou.txt.gz \

      -o $WORDLISTS/rockyou.txt.gz && \

      gunzip $WORDLISTS/rockyou.txt.gz

    # Symlink other wordlists

    RUN ln -sf $( find /go/pkg/mod/github.com/\!o\!w\!a\!s\!p/\!amass -name wordlists ) $WORDLISTS/amass && \

    RUN ln -sf $(find /go/pkg/mod/github.com -type d -name wordlists -path "*amass*" 2>/dev/null | head -1) $WORDLISTS/amass || true && \

      ln -sf /usr/share/brutespray/wordlist $WORDLISTS/brutespray && \

      ln -sf /usr/share/dirb/wordlists $WORDLISTS/dirb && \

      ln -sf /usr/share/setoolkit/src/fasttrack/wordlist.txt $WORDLISTS/fasttrack.txt && \

    @@ -345,6 +349,7 @@ RUN sed -i 's^ZSH_THEME="robbyrussell"^ZSH_THEME="bira"^g' ~/.zshrc && \
  
      sed -i 's^# DISABLE_AUTO_UPDATE="true"^DISABLE_AUTO_UPDATE="true"^g' ~/.zshrc && \

      sed -i 's^plugins=(git)^plugins=(tmux nmap)^g' ~/.zshrc && \

      echo 'export EDITOR="nano"' >> ~/.zshrc && \

      echo 'export PATH="$PATH:/root/.pdtm/go/bin"' >> ~/.zshrc && \

      git config --global oh-my-zsh.hide-info 1

    # Clean up space - remove version control

README.md

-Original file line number
+Diff line change
@@ Expand Up / @@ -111,9 +111,11 @@ docker run -it mcnamee/huntkit @@
     | [dirb](https://tools.kali.org/web-applications/dirb) | _Looks for existing (and/or hidden) Web Objects, by launching a dictionary based attack against a web server and analyzing the response._ <br> `dirb https://kali.org $WORDLISTS/seclists/Discovery/Web-Content/CommonBackdoors-PHP.fuzz.txt` |
     | [dnmasscan](https://github.com/rastating/dnmasscan) | _dnmasscan is a bash script to automate resolving a file of domain names and subsequentlly scanning them using masscan._ <br> `dnmasscan listofdomains.txt dns.log -p80,443 - oG masscan.log` |
     | [dnsx](https://github.com/projectdiscovery/dnsx) | _Allows you to run multiple probers using retryabledns library, that allows you to perform multiple DNS queries of your choice with a list of user supplied resolvers._ <br> <code>cat domains.txt &#124; dnsx</code> |
+    | [feroxbuster](https://github.com/epi052/feroxbuster) | _A fast, simple, recursive content discovery tool written in Rust._ <br> `feroxbuster -u https://example.com` |
     | [ffuf](https://github.com/ffuf/ffuf) | _A fast web fuzzer._ <br> - `ffuf -w /path/to/postdata.txt -X POST -d "username=admin\&password=FUZZ" -u https://target/login.php -fc 401` |
     | [gau](https://github.com/lc/gau) | _getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain._ <br> - `gau example.com` |
     | [httpx](https://github.com/projectdiscovery/httpx) | _Take a list of domains and probe for working http and https servers._ <br> <code>cat domains.txt &#124; httpx</code> |
+    | [katana](https://github.com/projectdiscovery/katana) | _A next-generation crawling and spidering framework._ <br> `katana -u https://example.com` |
     | [linkfinder](https://github.com/GerbenJavado/LinkFinder) | _Discover endpoints and their parameters in JavaScript files._ <br> `linkfinder -i https://example.com -d -o cli` |
     | [masscan](https://github.com/robertdavidgraham/masscan) | _An Internet-scale port scanner._ <br> `masscan -p1-65535 -iL listofips.txt --max-rate 1800 -oG masscan.log` |
     | [meg](https://github.com/robertdavidgraham/masscan) | _A tool for fetching lots of URLs but still being 'nice' to servers._ <br> `meg paths.txt hosts.txt` |
@@ Expand All / @@ -128,6 +130,7 @@ docker run -it mcnamee/huntkit @@
     | [sublist3r](https://github.com/aboul3la/Sublist3r) | _Enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and more._ <br> `sublist3r -d kali.org` |
     | [sqlmap](http://sqlmap.org/) | _Automates the process of detecting and exploiting SQL injection flaws and taking over of database servers_ <br> `sqlmap -u https://example.com --forms --crawl=10 --level=5 --risk=3` |
     | [theharvester](https://tools.kali.org/information-gathering/theharvester) | _Gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database._ <br> <code>theharvester -d kali.org -b "bing, certspotter, dnsdumpster, dogpile, duckduckgo, google, hunter, linkedin, linkedin_links, twitter, yahoo"</code> |
+    | [uncover](https://github.com/projectdiscovery/uncover) | _Quickly discover exposed hosts on the internet using multiple search engines._ <br> `uncover -q "ssl.cert.subject.CN:example.com"` |
     | [wafw00f](https://github.com/enablesecurity/wafw00f) | _Web Application Firewall Fingerprinting Tool._ <br> `wafw00f resound.ly` |
     | [whatweb](https://github.com/urbanadventurer/WhatWeb) | _Scans websites and highlights the CMS used, JavaScript libraries, web servers, version numbers, email addresses, account IDs, web framework modules, SQL errors, and more._ <br> `whatweb kali.org` |
     | [wpscan](https://github.com/wpscanteam/wpscan) | _WordPress Security Scanner._ <br> `wpscan --url kali.org` |
@@ Expand Down Expand Up / @@ -158,6 +161,7 @@ docker run -it mcnamee/huntkit @@
     | [NodeJS](https://nodejs.org/) | _Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine._ |
     | [Oh My Zsh](https://ohmyz.sh/) | _Zsh is a framework for managing your zsh configuration, bundled with thousands of helpful functions, helpers, plugins, themes._ |
     | [OpenVPN](https://openvpn.net/) | _Connect to a VPN._ <br> Add `--cap-add=NET_ADMIN --device=/dev/net/tun` to the `docker run` to use OpenVPN. |
+    | [pdtm](https://github.com/projectdiscovery/pdtm) | _ProjectDiscovery Tool Manager - install and manage all ProjectDiscovery tools._ <br> `pdtm -install-all` |
     | [Perl](https://www.perl.org/) | _Perl is a highly capable, feature-rich programming language with over 30 years of development._ |
     | [PHP](https://www.php.net/) | _The PHP scripting language._ |
     | [Proxychains](https://github.com/haad/proxychains) | _Redirects connections through SOCKS4a/5 or HTTP proxies._ |
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Refactors Dockerfile tool installation and adds new tools. #5

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Refactors Dockerfile tool installation and adds new tools. #5

Are you sure you want to change the base?

Uh oh!

Refactors Dockerfile tool installation and adds new tools. #5

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing