Docker-yaml / README.md
ScottzillaSystems's picture
Update README.md
0b2cb13 verified
|
Raw
History Blame Contribute Delete
6.27 kB

1. Websploit Setup

Repository Details:

  • Repository: f4rih/websploit
  • Description: A web-based exploitation framework for performing attacks like SQL injection, XSS, etc.
  • Docker Support: The repository includes a Dockerfile, so we can build and deploy it directly.

Final docker-compose.yml for Websploit

version: '3.9'

services:
  websploit:
    build:
      context: https://github.com/f4rih/websploit.git
      dockerfile: Dockerfile
    container_name: websploit
    hostname: websploit
    privileged: false
    tty: true
    stdin_open: true
    networks:
      - shared-net
    ports:
      - "8080:8080"  # Web interface
    volumes:
      - ./websploit-data:/app/data  # Persist data
    environment:
      - TZ=UTC
      - PYTHONUNBUFFERED=1  # Real-time logs
    command: python app.py
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 1G
        reservations:
          cpus: '0.5'
          memory: 512M
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health"]  # Replace with actual endpoint
      interval: 30s
      timeout: 10s
      retries: 3
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "5"

networks:
  shared-net:
    driver: bridge

Key Features:

  1. Resource Management: CPU and memory limits ensure efficient resource usage.
  2. Health Checks: Monitors container health (update /health if needed).
  3. Logging: Rotates logs to prevent excessive disk usage.
  4. Security: Disabled privileged mode for enhanced security.

2. Kai Setup

Repository Details:

  • Repository: SimonSchubert/Kai
  • Description: An AI-driven security tool for automating penetration testing tasks.
  • Docker Support: No Dockerfile is provided, so we need to create one.

Final Dockerfile for Kai

# Base image
FROM python:3.9-slim

# Set working directory
WORKDIR /app

# Install system dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    git \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Copy project files
COPY . .

# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt

# Expose necessary ports
EXPOSE 5000

# Command to run the application
CMD ["python", "kai.py"]

Final docker-compose.yml for Kai

version: '3.9'

services:
  kai:
    build:
      context: https://github.com/SimonSchubert/Kai.git
      dockerfile: Dockerfile
    container_name: kai
    hostname: kai
    privileged: false
    tty: true
    stdin_open: true
    networks:
      - shared-net
    ports:
      - "5000:5000"  # API or web interface
    volumes:
      - ./kai-data:/app/data  # Persist data
    environment:
      - TZ=UTC
      - PYTHONUNBUFFERED=1  # Real-time logs
    command: python kai.py
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 1G
        reservations:
          cpus: '0.5'
          memory: 512M
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:5000/health"]  # Replace with actual endpoint
      interval: 30s
      timeout: 10s
      retries: 3
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "5"

networks:
  shared-net:
    driver: bridge

Key Features:

  1. Resource Management: CPU and memory limits ensure efficient resource usage.
  2. Health Checks: Monitors container health (update /health if needed).
  3. Logging: Rotates logs to prevent excessive disk usage.
  4. Security: Disabled privileged mode for enhanced security.

3. Shared Network for Routing

Both services are configured to use the same network (shared-net), enabling seamless communication between them.

Verify Network Connectivity:

  1. After deploying both services, check their IP addresses:
    docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' websploit
    docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' kai
    
  2. You can route traffic between the containers using their hostnames (websploit and kai) or IP addresses.

4. CI/CD Integration

To automate builds and deployments, integrate the following GitHub Actions workflow:

GitHub Actions Workflow

Save this as .github/workflows/deploy.yml in your repository:

name: Build and Deploy

on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Build and push Websploit
        uses: docker/build-push-action@v4
        with:
          context: https://github.com/f4rih/websploit.git
          file: Dockerfile
          push: true
          tags: your-dockerhub-username/websploit:latest

      - name: Build and push Kai
        uses: docker/build-push-action@v4
        with:
          context: https://github.com/SimonSchubert/Kai.git
          file: Dockerfile
          push: true
          tags: your-dockerhub-username/kai:latest

Key Features:

  1. Automated Builds: Automatically builds and pushes Docker images to Docker Hub.
  2. Version Control: Ensures that only the main branch triggers deployments.
  3. Secrets Management: Uses GitHub Secrets to securely store credentials.

5. Security Considerations

Minimize Privileges

  • Both configurations disable privileged mode unless explicitly required. This reduces the attack surface.

Network Isolation

  • Use Docker's built-in network isolation to restrict access between containers. For example, only allow necessary ports to be exposed.

Persistent Storage

  • Ensure sensitive data stored in volumes (./websploit-data and ./kai-data) is secured and backed up regularly.