Docker for web penetration testing

Transcript

1. Docker for web pentest

2. Introduction  Docker is the world’s leading software containerization platform.

    Using Docker we can create different environments for each Pentest type.  With the use of containers, you can save each environment on a USB stick or leave it in the cloud.

3. What is docker  Docker is an open source technology

   that lets you create, run, test, and deploy distributed applications within software containers.  Docker allows you to deploy applications quickly, reliably and stably in any environment.

4. Why use Docker  Because the containers are portable, convenient

   and fast.  With Docker, we can create an image and use it as the basis for each environment we create  Kali – Web pentesting, Wi-Fi hacking, Information gathering

5. Tools for web pentesting  W3af-console  is a Web

   Application Attack and Audit Framework  SQLMap  is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws  Arachni  is a Free/Public-Source Web Application Security Scanner aimed towards helping users evaluate the security of web applications. 

6. Installation  Sudo apt install docker.io  Sudo docker search

   kalilinux  Sudo docker pull kalilinux/kali-linux-docker  Sudo docker run –name WebPentest -t -d kalilinux/kali-linux-docker  Sudo docker exec -it WebPentest bash  Apt get update && upgrade  Apt install websploit w3af-console arachni nikto sqlmap websploit nmap

7. Github.com/bl3z3 @n4h4y0 Linkedin.com/in/nahayo