Major upgrade and some new features

Dockerfile

@@ -1,17 +1,18 @@
-FROM ubuntu:16.04
+FROM ubuntu:19.04
 MAINTAINER [email protected]
 
 ARG ARACHNI_VERSION=arachni-1.5.1-0.5.12
+WORKDIR /opt
 
-# Install Ruby and other OS stuff
-RUN apt-get update && \
-    apt-get install -y build-essential \
+# Install Ruby, Gauntlt and everything needing build-essential
+RUN apt update && \
+    apt install -y build-essential \
       bzip2 \
       ca-certificates \
       curl \
       gcc \
       git \
-      libcurl3 \
+      libcurl4 \
       libcurl4-openssl-dev \
       wget \
       zlib1g-dev \
@@ -20,64 +21,127 @@ RUN apt-get update && \
       libxslt1-dev \
       make \
       python-pip \
+      xmlstarlet \
       python2.7 \
       python2.7-dev \
       ruby \
       ruby-dev \
+      openjdk-8-jre \
       ruby-bundler && \
-    rm -rf /var/lib/apt/lists/*
+    gem install rake && \
+    gem install ffi -v 1.9.24 && \
+    wget -O dirb.tar.gz https://downloads.sourceforge.net/project/dirb/dirb/2.22/dirb222.tar.gz && \
+    tar xvf dirb.tar.gz && \
+    rm dirb.tar.gz && \
+    cd dirb222 && \
+    chmod 755 ./configure && \
+    ./configure && \
+    make && \
+    ln -s /opt/dirb222/dirb /usr/local/bin/dirb && \
+    gem install gauntlt --no-rdoc --no-ri && \
+    apt remove -y \
+          ruby-dev \
+          python2.7-dev \
+          libxml2-dev \
+          libxslt1-dev \
+          build-essential \
+          libcurl4-openssl-dev \
+          zlib1g-dev && \
+    pip install sslyze==1.4.3 && \
+    gem install zapr && \
+    rm -rf /var/lib/apt/lists/* && \
+    apt autoremove -y && \
+    apt clean
 
-# Install Gauntlt
-RUN gem install rake
-RUN gem install ffi -v 1.9.18
-RUN gem install gauntlt --no-rdoc --no-ri
 
-# Install Attack tools
-WORKDIR /opt
+# Install remaining Attack tools
 
 # arachni
 RUN wget https://github.com/Arachni/arachni/releases/download/v1.5.1/${ARACHNI_VERSION}-linux-x86_64.tar.gz && \
     tar xzvf ${ARACHNI_VERSION}-linux-x86_64.tar.gz > /dev/null && \
     mv ${ARACHNI_VERSION} /usr/local && \
+    rm ${ARACHNI_VERSION}-linux-x86_64.tar.gz && \
     ln -s /usr/local/${ARACHNI_VERSION}/bin/* /usr/local/bin/
 
 # Nikto
 RUN apt-get update && \
     apt-get install -y libtimedate-perl \
       libnet-ssleay-perl && \
-    rm -rf /var/lib/apt/lists/*
-
-RUN git clone --depth=1 https://github.com/sullo/nikto.git && \
+    git clone --depth=1 https://github.com/sullo/nikto.git && \
     cd nikto/program && \
     echo "EXECDIR=/opt/nikto/program" >> nikto.conf && \
     ln -s /opt/nikto/program/nikto.conf /etc/nikto.conf && \
     chmod +x nikto.pl && \
-    ln -s /opt/nikto/program/nikto.pl /usr/local/bin/nikto
+    ln -s /opt/nikto/program/nikto.pl /usr/local/bin/nikto && \
+    rm -rf /var/lib/apt/lists/* && \
+    apt autoremove -y && \
+    apt clean
 
 # sqlmap
-WORKDIR /opt
 ENV SQLMAP_PATH /opt/sqlmap/sqlmap.py
 RUN git clone --depth=1 https://github.com/sqlmapproject/sqlmap.git
 
-# dirb
-COPY vendor/dirb222.tar.gz dirb222.tar.gz
-
-RUN tar xvfz dirb222.tar.gz > /dev/null && \
-    cd dirb222 && \
-    chmod 755 ./configure && \
-    ./configure && \
-    make && \
-    ln -s /opt/dirb222/dirb /usr/local/bin/dirb
-
+# dirdb is installed with stuff needing build esentials
 ENV DIRB_WORDLISTS /opt/dirb222/wordlists
 
 # nmap
-RUN apt-get update && \
-    apt-get install -y nmap && \
-    rm -rf /var/lib/apt/lists/*
+RUN apt update && \
+    apt install -y nmap && \
+    apt clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    apt clean
 
-# sslyze
-RUN pip install sslyze==1.3.4
+# sslyze is installed with stuff needing build esentials
 ENV SSLYZE_PATH /usr/local/bin/sslyze
 
+# Heartbleed
+RUN apt update && \
+    apt install -y golang && \
+    export GOPATH=/go && \
+    go get github.com/FiloSottile/Heartbleed && \
+    go install github.com/FiloSottile/Heartbleed && \
+    mv /go/bin/Heartbleed /usr/local/bin/ && \
+    rm -rf /go && \
+    apt remove -y golang && \
+    apt autoremove -y && \
+    apt clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    apt clean
+
+# Garmr
+RUN pip install beautifulsoup && \
+    git clone https://github.com/freddyb/Garmr.git && \
+    cd Garmr && \
+    python setup.py install
+
+# owasp-zap adapted from https://github.com/zaproxy/zaproxy/blob/develop/docker/Dockerfile-stable
+RUN curl -s https://raw.githubusercontent.com/zaproxy/zap-admin/master/ZapVersions.xml | xmlstarlet sel -t -v //url |grep -i Linux | wget -nv --content-disposition -i - -O - | tar zxv && \
+    mv ZAP* zap &&\
+	cd zap &&  \
+	# Setup Webswing
+	curl -s -L https://bitbucket.org/meszarv/webswing/downloads/webswing-2.5.10.zip > webswing.zip && \
+	unzip webswing.zip && \
+	rm webswing.zip && \
+	mv webswing-* webswing && \
+	# Remove Webswing demos
+	rm -Rf webswing/demo/ && \
+	# Accept ZAP license
+	touch AcceptedLicense && \
+    pip install zapcli python-owasp-zap-v2.4 && \
+    wget -q -O /opt/zap/zap-api-scan.py https://raw.githubusercontent.com/zaproxy/zaproxy/develop/docker/zap-api-scan.py && \
+    wget -q -O /opt/zap/zap_common.py https://raw.githubusercontent.com/zaproxy/zaproxy/develop/docker/zap_common.py && \
+    chmod 755 /opt/zap/zap-api-scan.py && \
+    ln -s /opt/zap/zap-api-scan.py /usr/local/bin/zap-api-scan
+
+
+ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
+ENV PATH $JAVA_HOME/bin:/opt/zap/:$PATH
+ENV ZAP_PATH /opt/zap/zap.sh
+ENV ZAPCLI_PATH /usr/local/bin/zap-cli
+ENV ZAPAPISCAN_PATH /usr/local/bin/zap-api-scan
+
+VOLUME [ "/attacks" ]
+
 ENTRYPOINT [ "/usr/local/bin/gauntlt" ]
+
+CMD ["/attacks/*"]

Dockerfile-dev

@@ -0,0 +1,187 @@
+FROM ubuntu:19.04
+MAINTAINER [email protected]
+
+ARG ARACHNI_VERSION=arachni-1.5.1-0.5.12
+
+ARG GAUNTLT_BRANCH=master
+# Will use this repo for development until https://github.com/gauntlt/gauntlt/pull/120 is merged
+ARG GAUNTLT_REPO=https://github.com/millaguie/gauntlt.git
+WORKDIR /opt
+
+ENV DEBIAN_FRONTEND noninteractive
+
+# Install Ruby, Gauntlt and everything needing build-essential
+RUN apt update && \
+    apt install -y build-essential \
+      bzip2 \
+      ca-certificates \
+      curl \
+      gcc \
+      git \
+      libcurl4 \
+      libcurl4-openssl-dev \
+      wget \
+      zlib1g-dev \
+      libyaml-dev \
+      libfontconfig \
+      libxml2-dev \
+      libxml2 \
+      libxslt1-dev \
+      libxslt-dev \
+      libsqlite3-dev \
+      make \
+      python-pip \
+      xmlstarlet \
+      python2.7 \
+      python2.7-dev \
+      python-pip \
+      python-setuptools \
+      ruby \
+      ruby-dev \
+      openjdk-8-jre \
+      xvfb \
+      x11vnc \
+      ruby-bundler && \
+    gem install rake && \
+    wget -O dirb.tar.gz https://downloads.sourceforge.net/project/dirb/dirb/2.22/dirb222.tar.gz && \
+    tar xvf dirb.tar.gz && \
+    rm dirb.tar.gz && \
+    cd dirb222 && \
+    chmod 755 ./configure && \
+    ./configure && \
+    make && \
+    ln -s /opt/dirb222/dirb /usr/local/bin/dirb && \
+    cd /usr/src && \
+    git clone --single-branch --branch ${GAUNTLT_BRANCH} ${GAUNTLT_REPO} && \
+    cd gauntlt && \
+    gem install bundler && \
+    bundler update && \
+    git submodule update --init --recursive --force && \
+    rake build && \
+    rake install && \
+    cd && \
+    rm -rf /usr/src/* && \
+    apt remove -y \
+          ruby-dev \
+          python2.7-dev \
+          libxml2-dev \
+          libxslt1-dev \
+          build-essential \
+          libcurl4-openssl-dev \
+          zlib1g-dev && \
+    pip install sslyze==1.4.3 && \
+    gem install zapr && \
+    rm -rf /var/lib/apt/lists/* && \
+    apt autoremove -y && \
+    apt clean
+
+
+# Install remaining Attack tools
+
+# arachni
+RUN wget https://github.com/Arachni/arachni/releases/download/v1.5.1/${ARACHNI_VERSION}-linux-x86_64.tar.gz && \
+    tar xzvf ${ARACHNI_VERSION}-linux-x86_64.tar.gz > /dev/null && \
+    mv ${ARACHNI_VERSION} /usr/local && \
+    rm ${ARACHNI_VERSION}-linux-x86_64.tar.gz && \
+    ln -s /usr/local/${ARACHNI_VERSION}/bin/* /usr/local/bin/
+
+# Nikto
+RUN apt-get update && \
+    apt-get install -y libtimedate-perl \
+      libnet-ssleay-perl && \
+    git clone --depth=1 https://github.com/sullo/nikto.git && \
+    cd nikto/program && \
+    echo "EXECDIR=/opt/nikto/program" >> nikto.conf && \
+    ln -s /opt/nikto/program/nikto.conf /etc/nikto.conf && \
+    chmod +x nikto.pl && \
+    ln -s /opt/nikto/program/nikto.pl /usr/local/bin/nikto && \
+    rm -rf /var/lib/apt/lists/* && \
+    apt autoremove -y && \
+    apt clean
+
+# sqlmap
+ENV SQLMAP_PATH /opt/sqlmap/sqlmap.py
+RUN git clone --depth=1 https://github.com/sqlmapproject/sqlmap.git
+
+# dirdb is installed with stuff needing build esentials
+ENV DIRB_WORDLISTS /opt/dirb222/wordlists
+
+# nmap
+RUN apt update && \
+    apt install -y nmap && \
+    apt clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    apt clean
+
+# sslyze is installed with stuff needing build esentials
+ENV SSLYZE_PATH /usr/local/bin/sslyze
+
+# Heartbleed
+RUN apt update && \
+    apt install -y golang && \
+    export GOPATH=/go && \
+    go get github.com/FiloSottile/Heartbleed && \
+    go install github.com/FiloSottile/Heartbleed && \
+    mv /go/bin/Heartbleed /usr/local/bin/ && \
+    rm -rf /go && \
+    apt remove -y golang && \
+    apt autoremove -y && \
+    apt clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    apt clean
+
+# Garmr
+RUN pip install beautifulsoup && \
+    git clone https://github.com/freddyb/Garmr.git && \
+    cd Garmr && \
+    python setup.py install
+
+# owasp-zap adapted from https://github.com/zaproxy/zaproxy/blob/develop/docker/Dockerfile-weekly
+RUN mkdir /opt/zap && \
+    cd /opt/zap && \
+    wget -q https://github.com/zaproxy/zaproxy/releases/download/w2019-05-15/ZAP_WEEKLY_D-2019-05-15.zip && \
+	unzip *.zip && \
+	rm *.zip && \
+    mv ZAP_D*/* . && \
+    rmdir ZAP_D* && \
+
+	# Setup Webswing
+	curl -s -L https://bitbucket.org/meszarv/webswing/downloads/webswing-2.5.10.zip > webswing.zip && \
+	unzip webswing.zip && \
+	rm webswing.zip && \
+	mv webswing-* webswing && \
+	# Remove Webswing demos
+	rm -Rf webswing/demo/ && \
+	# Accept ZAP license
+	touch AcceptedLicense && \
+    pip install zapcli python-owasp-zap-v2.4 && \
+    mkdir -p /opt/zap/scripts/scripts/httpsender/
+
+COPY vendor/webswing.config /opt/zap/webswing/
+COPY vendor/zap-x.sh /usr/local/bin/
+COPY vendor/zap-api-scan.py /opt/zap/
+COPY vendor/zap_common.py /opt/zap/
+
+COPY vendor/policies /root/.ZAP_D/policies/
+COPY vendor/scripts /root/.ZAP_D/scripts/
+COPY vendor/.xinitrc /root/
+ENV ZAP_PORT 8080
+
+RUN chmod a+x /root/.xinitrc && \
+    mkdir /root/.vnc
+
+RUN chmod 755 /usr/local/bin/zap*.sh /opt/zap/zap-api-scan.py && \
+    ln -s /opt/zap/zap-api-scan.py /usr/local/bin/zap-api-scan
+
+ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
+ENV PATH $JAVA_HOME/bin:/opt/zap/:$PATH
+ENV ZAP_PATH /opt/zap/zap.sh
+ENV ZAPCLI_PATH /usr/local/bin/zap-cli
+ENV ZAPAPISCAN_PATH /usr/local/bin/zap-api-scan
+
+VOLUME [ "/attacks","/output" ]
+
+
+ENTRYPOINT [ "/usr/local/bin/gauntlt" ]
+
+CMD ["/attacks/*"]

Makefile

@@ -4,6 +4,10 @@ build:
 	@echo "Building docker container..."
 	@./build-gauntlt.sh
 
+build-dev:
+	@echo "Building docker development container..."
+	@docker build -f Dockerfile-dev -t gauntlt-dev .
+
 clean:
 	@echo "Removing unused docker containers..."
 	@./docker-clean.sh
@@ -19,13 +23,18 @@ install-stub:
 	@echo "installing gauntlt-docker to /usr/local/bin"
 	@cp ./bin/gauntlt-docker /usr/local/bin
 
+runexamples:
+	@echo "Running all examples"
+	@docker run --rm -it -v  ${CURDIR}/examples:/attacks gauntlt
 help:
 	@echo "the help menu"
 	@echo "  make build"
+	@echo "  make build-dev"
 	@echo "  make clean"
 	@echo "  make clean-all"
 	@echo "  make help"
 	@echo "  make install-stub"
 	@echo "  make interactive"
+	@echo "  make runexamples"
 
 .PHONY: build clean