7MS #229: Intro to Docker for Pentesters
Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode!
I know I'm old and unhip, but I just got turned on to Docker, and today I wanted to share two cool ways to use it to beef up your pentest skills:
Install and run Rainmap
Have you heard of Rainmap? I heard about this from Jerry Gamblin's blog - it's basically a slick Web interface for nmap.
Head to https://hub.docker.com/r/jgamblin/rainmap/ for instructions, but it basically boils down to installing the container with:
docker pull jgamblin/rainmap
Since rainmap stays "open" in the command line, I recommend you first use screen to setup a special session for it. That way you can completely log out via SSH and the docker will stay running.
screen -R rainmapscreen
With the new screen created, you can run rainmap and follow the prompts:
docker run -ti -p 8080:8080 --name rainmap jgamblin/rainmap
Now, just hit
Ctrl+a d to exit the screen session, and go to
http://ip.of.your.docker:8080/console to login!
Install and run OWASP Juice Shop
docker pull bkimminich/juice-shop
docker run -d -p 3000:3000 bkimminich/juice-shop
Now hack it! :-)
Here's the complementary video content for today's audio podcast: