Spaces:
Configuration error
Configuration error
1. Websploit Setup
Repository Details:
- Repository: f4rih/websploit
- Description: A web-based exploitation framework for performing attacks like SQL injection, XSS, etc.
- Docker Support: The repository includes a
Dockerfile, so we can build and deploy it directly.
Final docker-compose.yml for Websploit
version: '3.9'
services:
websploit:
build:
context: https://github.com/f4rih/websploit.git
dockerfile: Dockerfile
container_name: websploit
hostname: websploit
privileged: false
tty: true
stdin_open: true
networks:
- shared-net
ports:
- "8080:8080" # Web interface
volumes:
- ./websploit-data:/app/data # Persist data
environment:
- TZ=UTC
- PYTHONUNBUFFERED=1 # Real-time logs
command: python app.py
deploy:
resources:
limits:
cpus: '2'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/health"] # Replace with actual endpoint
interval: 30s
timeout: 10s
retries: 3
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
networks:
shared-net:
driver: bridge
Key Features:
- Resource Management: CPU and memory limits ensure efficient resource usage.
- Health Checks: Monitors container health (update
/healthif needed). - Logging: Rotates logs to prevent excessive disk usage.
- Security: Disabled
privilegedmode for enhanced security.
2. Kai Setup
Repository Details:
- Repository: SimonSchubert/Kai
- Description: An AI-driven security tool for automating penetration testing tasks.
- Docker Support: No
Dockerfileis provided, so we need to create one.
Final Dockerfile for Kai
# Base image
FROM python:3.9-slim
# Set working directory
WORKDIR /app
# Install system dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
git \
curl \
&& rm -rf /var/lib/apt/lists/*
# Copy project files
COPY . .
# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt
# Expose necessary ports
EXPOSE 5000
# Command to run the application
CMD ["python", "kai.py"]
Final docker-compose.yml for Kai
version: '3.9'
services:
kai:
build:
context: https://github.com/SimonSchubert/Kai.git
dockerfile: Dockerfile
container_name: kai
hostname: kai
privileged: false
tty: true
stdin_open: true
networks:
- shared-net
ports:
- "5000:5000" # API or web interface
volumes:
- ./kai-data:/app/data # Persist data
environment:
- TZ=UTC
- PYTHONUNBUFFERED=1 # Real-time logs
command: python kai.py
deploy:
resources:
limits:
cpus: '2'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:5000/health"] # Replace with actual endpoint
interval: 30s
timeout: 10s
retries: 3
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
networks:
shared-net:
driver: bridge
Key Features:
- Resource Management: CPU and memory limits ensure efficient resource usage.
- Health Checks: Monitors container health (update
/healthif needed). - Logging: Rotates logs to prevent excessive disk usage.
- Security: Disabled
privilegedmode for enhanced security.
3. Shared Network for Routing
Both services are configured to use the same network (shared-net), enabling seamless communication between them.
Verify Network Connectivity:
- After deploying both services, check their IP addresses:
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' websploit docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' kai - You can route traffic between the containers using their hostnames (
websploitandkai) or IP addresses.
4. CI/CD Integration
To automate builds and deployments, integrate the following GitHub Actions workflow:
GitHub Actions Workflow
Save this as .github/workflows/deploy.yml in your repository:
name: Build and Deploy
on:
push:
branches:
- main
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Websploit
uses: docker/build-push-action@v4
with:
context: https://github.com/f4rih/websploit.git
file: Dockerfile
push: true
tags: your-dockerhub-username/websploit:latest
- name: Build and push Kai
uses: docker/build-push-action@v4
with:
context: https://github.com/SimonSchubert/Kai.git
file: Dockerfile
push: true
tags: your-dockerhub-username/kai:latest
Key Features:
- Automated Builds: Automatically builds and pushes Docker images to Docker Hub.
- Version Control: Ensures that only the
mainbranch triggers deployments. - Secrets Management: Uses GitHub Secrets to securely store credentials.
5. Security Considerations
Minimize Privileges
- Both configurations disable
privilegedmode unless explicitly required. This reduces the attack surface.
Network Isolation
- Use Docker's built-in network isolation to restrict access between containers. For example, only allow necessary ports to be exposed.
Persistent Storage
- Ensure sensitive data stored in volumes (
./websploit-dataand./kai-data) is secured and backed up regularly.