This repository consist of Dockerfile to build Docker image for kali linux with open source tools that commonly use in bug bounty activity
- https://github.com/m3n0sd0n4ld/GooFuzz
- https://github.com/projectdiscovery/subfinder
- https://github.com/projectdiscovery/httpx
- https://github.com/projectdiscovery/nuclei
- https://github.com/projectdiscovery/notify
- https://github.com/tomnomnom/anew
- https://github.com/tomnomnom/waybackurls
- https://github.com/tomnomnom/meg
- https://github.com/tomnomnom/fff
- https://github.com/ffuf/ffuf
- https://github.com/hakluke/hakrawler
- http://ffuf.me/wordlist/common.txt
- http://ffuf.me/wordlist/parameters.txt
- http://ffuf.me/wordlist/subdomains.txt
- Install Docker Desktop for Windows https://docs.docker.com/desktop/install/windows-install/
- Select working directory, clone the repository & cd to wsskali directory
$ git clone https://github.com/wssnetwork/wsskali $ cd wsskali - Run docker-compose (in wsskali directory)
$ docker-compose up -d - To shutdown (in wsskali directory)
$ docker-compose down - To check status (in wsskali directory)
$ docker-compose ps
- Spin up new Linux server - prefer Debian
- Update, upgrade & install git
$ apt update && apt upgrade $ apt install git - Clone the repository & cd to wsskali directory
$ git clone https://github.com/wssnetwork/wsskali $ cd wsskali - Run first-setup shell script
$ bash first-setup - Run docker compose (in wsskali directory)
$ docker compose up -d - To shutdown (in wsskali directory)
$ docker compose down - To check status (in wsskali directory)
$ docker compose ps
- Run cd to wsskali directory
- If run
docker-compose up -dcommand, it should auto build and run the docker image. run check as below:If image already created, proceed to step no. 6. If no image created, follow step no. 3 to 5 as below.$ docker image ls - To build the docker image run command as
$ docker build . -t <image-name>:<image-tag>$ docker build . -t wsskali:1.0 $ docker image ls - Better to create volume first
$ docker volume create <volume-name>(easy to manage data in the future)$ docker volume create wsskali $ docker volume ls - Once image created, run with
$ docker run -v <vol-name-in-host>:<pwd-in-container> --name <prefered-container-name>$ docker run -v wsskali:/home --name wss_kali - If already in running state, access container with cmd
wkas already define in .bashrc (for linux) or$ docker exec -it <container-running> /bin/bashOR$ wkIf access from Visual Studio Code, need to install$ docker exec -it wss_kali /bin/bashExtension: Remote - Containersby Microsoft. Once installed and container is running, access container via:Ctrl+Shift+P > Select Remote-Containers...
If require to have full capabilities as kali linux, fresh install the first-kali-setup with run command (require some input during setup):
$ first-kali-setup
This script will run kali-linux-headless as define in https://www.kali.org/tools/kali-meta/#kali-linux-headless. Please choose other packages if require.
- Get url, domain, subdomain
- Scan with
subfinder - Cat from
subfinder, push towaybackurls- to gather info from archive - Cat from
subfinder, push tohakrawler- to crawl data
- Scan with
- Scan either it alive
- Probe with
httpx To-Do:how to usemeg
- Probe with
- Identify good spot - what technology behind it
- Analyze output from
httpx - Support analyze with
goofuzz- gather info from search engine - Use
fffto gather header and response from target - Use
ffufto fuzzing directory, subdomain, files, etc.
- Analyze output from
- Scan for vulnerability
- Scan with
nuclei
- Scan with
- Found any low, medium, high, critical - use
notifypush to slack, telegram, etc. anewuseful to append output into existing files
- To complete Debian Dockerfile and docker-compose.yml