This repository contains a collection of security-oriented tools as Dockerfiles.
This makes it easy to deploy various mission dependent tools using common cloud providers (AWS, Azure, Linode..).
The official repository is read-only, I will continue development here.
The containers are built using Docker. Each container is made to suit required dependencies for each tool.
- Cross-platform deploy helper script included
- Manage cloud-based scans and attacks from your terminal
- Datacenter fiber internet connection, but still from your terminal!
- Keep your local environment clean from all those attack toolz
- ☁️ Become a real nomad ninja ☁️
- Mix and match with the Red Team Infractructure Guide and Red Baron!
Efforts have been made to keep Dockerfiles minimal.
git clone https://github.com/khast3x/Offensive-Dockerfiles.git
cd Offensive-Dockerfiles/sqlmap
docker build -t sqlmap .
docker run -it sqlmap:latest --wizard
| Name | Description |
|---|---|
| tulpar | Web Vulnerability Scanner |
| nmap + Vulscan + Vulners scripts | Latest Nmap Scripting Engine (NSE) modules, as well as the Vulscan NSE script and the vulners API to NSE script. |
| sqlmap | Automatic SQL injection and database takeover tool |
| dcrawl | Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. |
| V3n0m Scanner | Offensive Security Framework for Vulnerability Scanning & Pentesting |
| golismero | The Web Knife |
| sqliv | massive SQL injection vulnerability scanner |
| datasploit | Performs OSINT on a domain / email / username / phone |
| gitminer | Tool for advanced mining for content on Github |
| Cr3d0v3r | Know the dangers of credential reuse attacks |
| UFONet | UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. |
| Striker | Striker is an offensive information and vulnerability scanner |
| emailHarvester | Email addresses harvester |
| BruteX | Automatically brute force all services running on a target |
| BlackWidow | A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website |
| Shiva | Improved DOS exploit for wordpress websites (CVE-2018-6389) |
| Memcrashed | This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io |
| ctfr | Domain enumeration, it just abuses of Certificate Transparency logs |
| twa | A tiny web auditor with strong opinions |
| Photon | Incredibly fast crawler designed for OSINT |
| CMSeek | CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs |
| HashBuster | Crack hashes in seconds |
- CloudScraper
- hershell
- Merlin
- Adding them as I go. Don't expect production-ready images
- Uses either python-slim or python-alpine
- Tools will show help dialog if no arguments are passed