/portainer-pentest-lab

OWASP practice lab, just a few copy/pastes away. Fully stacked and ready to go with Docker

âš“ Offensive Security Lab

banner

Table of content

Demo

Deploying

Deploying a Metasploit Dev build and OWASP JuiceShop in less than 10 seconds âš¡

a2

Attacking

Deploying the pentest-toolbox and scanning the OWASP JuiceShop container using container subnet. This allows for very fast interactions compared to a classic offensive scenario 🚀

a1

Full list

a3


Presentation

This lab is built using Portainer and custom made App Templates. The following are currently implemented:

Name Description Status
Kali - Bare Official Kali container. Install desired metapackages 🆗
Kali - Full Non-Official Kali container with kali-linux-full metapackage installed, built every night 🆗
Metasploit - Nightly Official bare Metasploit Alpine build. Includes beta features from dev branch 🆗
Metasploit - Stable + Postsgresql Debian Metasploit build with Postgres and additional helper scripts 🆗
Pentest-tools Ubuntu build with: searchsploit, sqlmap, nmap, nikto, dnsutils, sn1per, knock, sqliv, pasko, uniscan, wpscan, ncrack, wfuzz, sublist3r, massdns 🆗
ZAP Proxy WebSwing Official in-browser version of ZAP 🆗
DVWA Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable 🆗
JuiceShop OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws 🆗
FileBrowser A web file manager 🚧

Getting started

Pre-requisits

This lab uses Portainer to orchestrate the deployment of the various components presented above. To run the Portainer lab you will need git, docker and docker-compose.

Optionally, you can run the Lab using a docker-machine configuration to your favorite cloud provider to make it even easier.

Quick start

Deploy

> git clone git@gitlab.com:akka-infosec/ceh-portainer.git
> cd ceh-portainer
> docker-compose up

Once docker-compose has correctly started, direct you web browser to http://127.0.0.1/portainer, replacing the IP with Docker's.

  • Set password
  • Select the single endpoint presented by the interface
  • Head over to App Templates. From there, choose and deploy what you wish

Access

Refer to the Templates documentation below for the web server ports, or attach your CLI to the target container using docker

> docker attach <container-name>

Launch as daemon

Note this also supresses error messages from the docker-compose engine to stdout

> ^C
> docker-compose down # if from another tty
> docker-compose up -d

Manual Start

Deploy

First pull the official Portainer dedicated docker-compose repository

> git clone https://github.com/portainer/portainer-compose.git

Modify the docker-compose.yml file to point to the custom App Template.

> cd ceh-portainer
> nano docker-compose.yml

Replace

command: --templates http://templates/templates.json

by

command: --templates https://raw.githubusercontent.com/khast3x/portainer-pentest-lab/master/templates.yml --host=unix:///var/run/docker.sock

In some instances, the watchtower module that is summoned by the docker-compose file can cause some problems. You can safely remove it.

You can check that your modifications did not break the configuration file by using a YAML checking tool.

Test the first run

> cd ceh-portainer
> docker-compose up

# Make sure everything works by viewing the stdout debug output, then stop the stack

> ^C

Launch as daemon

> docker-compose up -d

Cleaning

To remove all portainer local data, docker images, containers, volumes and networks:

> docker system prune  ; rm -rf /opt/portainer/

Templates

Default values such as ports or volumes can be changed by selecting (+) Advanced Settings on the container page before deploying

Kali-Bare

Container Name: kali-bare
Source: Link
Ports: 4444:4444
Image: kalilinux/kali-linux-docker
Usage: This image comes bare and requires installing your desired kali metapackages. Once deployed, you can access it through the CLI by typing docker attach kali-bare

Kali-Full

Container Name: kali-full
Source: Link
Ports: 4445:4444
Image: booyaabes/kali-linux-full
Usage: Kali image with kali-linux-full metapackage installed, built every night. Once deployed, you can access it through the CLI by typing docker attach kali-full

Metasploit-Nightly

Container Name: msf-dev
Source: Link
Ports: 4446:4444
Image: metasploitframework/metasploit-framework
Usage: Official bare Metasploit Alpine build. Includes beta features from the dev branch. Once deployed, you can access it through the CLI by typing docker attach kali-full. From the bash prompt you can start ./msfconsole or ./msfvenom

Metasploit-Postgresql

Container Name: msf-postgresql
Source: Link
Ports: 4447:4444
Image: phocean/msf
Usage: Non official Metasploit build on Debian. Comes with pre-configured msfdb. Remember to start it inside the container by using service postgresql start. Metasploit will recognize it automatically. Once deployed, you can access it through the CLI by typing docker attach kali-full. From the bash prompt you can start ./msfconsole or ./msfvenom. From the msfconsole, you can check the database status with db_status

Pentest-tools

Container Name: pentest-tools
Source: Link
Ports:
Image: szalek/pentest-tools
Usage: Ubuntu build with: searchsploit, sqlmap, nmap, nikto, dnsutils, sn1per, knock, sqliv, pasko, uniscan, wpscan, ncrack, wfuzz, sublist3r, massdns. Once deployed, you can access it through the CLI by typing docker attach pentest-tools. All the scripts are already in the shell binary path

ZAP Proxy WebSwing

Container Name: zap-proxy
Source: Link
Ports: 8081:8080, 8090:8090
Image: owasp/zap2docker-stable
Usage: Official in-browser version of OWASP ZAP. Once deployed, head over to http://127.0.0.1:8081/?anonym=true&app=ZAP with the appropriate IP address. This is important, otherwise you won't have access to the app

DVWA-Damn Vulnerable Web App

Container Name: vuln-dvwa
Source: Link
Ports: 8082:80
Image: vulnerables/web-dvwa
Usage: Point your browser to http://127.0.0.1:8082 to access it. To start using: Generate DB from the web interface, Login using admin/password. Select DVWA Security in the left menu, set your difficulty level

OWASP JuiceShop-Vulnerable HTML5/JS App

Container Name: vuln-juiceshop
Source: Link
Ports: 8084:3000
Image: bkimminich/juice-shop
Usage: Point your browser to http://127.0.0.1:8084 to access it

License & Demo

Lab Licence

Copyright [2018] [TMC - AKKA]

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Image Credit

Icon made by Freepik from www.flaticon.com