Docker-yaml / README.md
ScottzillaSystems's picture
Update README.md
0b2cb13 verified
|
Raw
History Blame Contribute Delete
6.27 kB
## **1. Websploit Setup**
### Repository Details:
- **Repository**: [f4rih/websploit](https://github.com/f4rih/websploit)
- **Description**: A web-based exploitation framework for performing attacks like SQL injection, XSS, etc.
- **Docker Support**: The repository includes a `Dockerfile`, so we can build and deploy it directly.
### **Final `docker-compose.yml` for Websploit**
```yaml
version: '3.9'
services:
websploit:
build:
context: https://github.com/f4rih/websploit.git
dockerfile: Dockerfile
container_name: websploit
hostname: websploit
privileged: false
tty: true
stdin_open: true
networks:
- shared-net
ports:
- "8080:8080" # Web interface
volumes:
- ./websploit-data:/app/data # Persist data
environment:
- TZ=UTC
- PYTHONUNBUFFERED=1 # Real-time logs
command: python app.py
deploy:
resources:
limits:
cpus: '2'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/health"] # Replace with actual endpoint
interval: 30s
timeout: 10s
retries: 3
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
networks:
shared-net:
driver: bridge
```
### **Key Features**:
1. **Resource Management**: CPU and memory limits ensure efficient resource usage.
2. **Health Checks**: Monitors container health (update `/health` if needed).
3. **Logging**: Rotates logs to prevent excessive disk usage.
4. **Security**: Disabled `privileged` mode for enhanced security.
---
## **2. Kai Setup**
### Repository Details:
- **Repository**: [SimonSchubert/Kai](https://github.com/SimonSchubert/Kai)
- **Description**: An AI-driven security tool for automating penetration testing tasks.
- **Docker Support**: No `Dockerfile` is provided, so we need to create one.
### **Final `Dockerfile` for Kai**
```dockerfile
# Base image
FROM python:3.9-slim
# Set working directory
WORKDIR /app
# Install system dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
git \
curl \
&& rm -rf /var/lib/apt/lists/*
# Copy project files
COPY . .
# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt
# Expose necessary ports
EXPOSE 5000
# Command to run the application
CMD ["python", "kai.py"]
```
### **Final `docker-compose.yml` for Kai**
```yaml
version: '3.9'
services:
kai:
build:
context: https://github.com/SimonSchubert/Kai.git
dockerfile: Dockerfile
container_name: kai
hostname: kai
privileged: false
tty: true
stdin_open: true
networks:
- shared-net
ports:
- "5000:5000" # API or web interface
volumes:
- ./kai-data:/app/data # Persist data
environment:
- TZ=UTC
- PYTHONUNBUFFERED=1 # Real-time logs
command: python kai.py
deploy:
resources:
limits:
cpus: '2'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:5000/health"] # Replace with actual endpoint
interval: 30s
timeout: 10s
retries: 3
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
networks:
shared-net:
driver: bridge
```
### **Key Features**:
1. **Resource Management**: CPU and memory limits ensure efficient resource usage.
2. **Health Checks**: Monitors container health (update `/health` if needed).
3. **Logging**: Rotates logs to prevent excessive disk usage.
4. **Security**: Disabled `privileged` mode for enhanced security.
---
## **3. Shared Network for Routing**
Both services are configured to use the same network (`shared-net`), enabling seamless communication between them.
### Verify Network Connectivity:
1. After deploying both services, check their IP addresses:
```bash
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' websploit
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' kai
```
2. You can route traffic between the containers using their hostnames (`websploit` and `kai`) or IP addresses.
---
## **4. CI/CD Integration**
To automate builds and deployments, integrate the following GitHub Actions workflow:
### **GitHub Actions Workflow**
Save this as `.github/workflows/deploy.yml` in your repository:
```yaml
name: Build and Deploy
on:
push:
branches:
- main
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Websploit
uses: docker/build-push-action@v4
with:
context: https://github.com/f4rih/websploit.git
file: Dockerfile
push: true
tags: your-dockerhub-username/websploit:latest
- name: Build and push Kai
uses: docker/build-push-action@v4
with:
context: https://github.com/SimonSchubert/Kai.git
file: Dockerfile
push: true
tags: your-dockerhub-username/kai:latest
```
### **Key Features**:
1. **Automated Builds**: Automatically builds and pushes Docker images to Docker Hub.
2. **Version Control**: Ensures that only the `main` branch triggers deployments.
3. **Secrets Management**: Uses GitHub Secrets to securely store credentials.
---
## **5. Security Considerations**
### **Minimize Privileges**
- Both configurations disable `privileged` mode unless explicitly required. This reduces the attack surface.
### **Network Isolation**
- Use Docker's built-in network isolation to restrict access between containers. For example, only allow necessary ports to be exposed.
### **Persistent Storage**
- Ensure sensitive data stored in volumes (`./websploit-data` and `./kai-data`) is secured and backed up regularly.