Spaces:
Configuration error
Configuration error
| ## **1. Websploit Setup** | |
| ### Repository Details: | |
| - **Repository**: [f4rih/websploit](https://github.com/f4rih/websploit) | |
| - **Description**: A web-based exploitation framework for performing attacks like SQL injection, XSS, etc. | |
| - **Docker Support**: The repository includes a `Dockerfile`, so we can build and deploy it directly. | |
| ### **Final `docker-compose.yml` for Websploit** | |
| ```yaml | |
| version: '3.9' | |
| services: | |
| websploit: | |
| build: | |
| context: https://github.com/f4rih/websploit.git | |
| dockerfile: Dockerfile | |
| container_name: websploit | |
| hostname: websploit | |
| privileged: false | |
| tty: true | |
| stdin_open: true | |
| networks: | |
| - shared-net | |
| ports: | |
| - "8080:8080" # Web interface | |
| volumes: | |
| - ./websploit-data:/app/data # Persist data | |
| environment: | |
| - TZ=UTC | |
| - PYTHONUNBUFFERED=1 # Real-time logs | |
| command: python app.py | |
| deploy: | |
| resources: | |
| limits: | |
| cpus: '2' | |
| memory: 1G | |
| reservations: | |
| cpus: '0.5' | |
| memory: 512M | |
| healthcheck: | |
| test: ["CMD", "curl", "-f", "http://localhost:8080/health"] # Replace with actual endpoint | |
| interval: 30s | |
| timeout: 10s | |
| retries: 3 | |
| logging: | |
| driver: "json-file" | |
| options: | |
| max-size: "10m" | |
| max-file: "5" | |
| networks: | |
| shared-net: | |
| driver: bridge | |
| ``` | |
| ### **Key Features**: | |
| 1. **Resource Management**: CPU and memory limits ensure efficient resource usage. | |
| 2. **Health Checks**: Monitors container health (update `/health` if needed). | |
| 3. **Logging**: Rotates logs to prevent excessive disk usage. | |
| 4. **Security**: Disabled `privileged` mode for enhanced security. | |
| --- | |
| ## **2. Kai Setup** | |
| ### Repository Details: | |
| - **Repository**: [SimonSchubert/Kai](https://github.com/SimonSchubert/Kai) | |
| - **Description**: An AI-driven security tool for automating penetration testing tasks. | |
| - **Docker Support**: No `Dockerfile` is provided, so we need to create one. | |
| ### **Final `Dockerfile` for Kai** | |
| ```dockerfile | |
| # Base image | |
| FROM python:3.9-slim | |
| # Set working directory | |
| WORKDIR /app | |
| # Install system dependencies | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| git \ | |
| curl \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Copy project files | |
| COPY . . | |
| # Install Python dependencies | |
| RUN pip install --no-cache-dir -r requirements.txt | |
| # Expose necessary ports | |
| EXPOSE 5000 | |
| # Command to run the application | |
| CMD ["python", "kai.py"] | |
| ``` | |
| ### **Final `docker-compose.yml` for Kai** | |
| ```yaml | |
| version: '3.9' | |
| services: | |
| kai: | |
| build: | |
| context: https://github.com/SimonSchubert/Kai.git | |
| dockerfile: Dockerfile | |
| container_name: kai | |
| hostname: kai | |
| privileged: false | |
| tty: true | |
| stdin_open: true | |
| networks: | |
| - shared-net | |
| ports: | |
| - "5000:5000" # API or web interface | |
| volumes: | |
| - ./kai-data:/app/data # Persist data | |
| environment: | |
| - TZ=UTC | |
| - PYTHONUNBUFFERED=1 # Real-time logs | |
| command: python kai.py | |
| deploy: | |
| resources: | |
| limits: | |
| cpus: '2' | |
| memory: 1G | |
| reservations: | |
| cpus: '0.5' | |
| memory: 512M | |
| healthcheck: | |
| test: ["CMD", "curl", "-f", "http://localhost:5000/health"] # Replace with actual endpoint | |
| interval: 30s | |
| timeout: 10s | |
| retries: 3 | |
| logging: | |
| driver: "json-file" | |
| options: | |
| max-size: "10m" | |
| max-file: "5" | |
| networks: | |
| shared-net: | |
| driver: bridge | |
| ``` | |
| ### **Key Features**: | |
| 1. **Resource Management**: CPU and memory limits ensure efficient resource usage. | |
| 2. **Health Checks**: Monitors container health (update `/health` if needed). | |
| 3. **Logging**: Rotates logs to prevent excessive disk usage. | |
| 4. **Security**: Disabled `privileged` mode for enhanced security. | |
| --- | |
| ## **3. Shared Network for Routing** | |
| Both services are configured to use the same network (`shared-net`), enabling seamless communication between them. | |
| ### Verify Network Connectivity: | |
| 1. After deploying both services, check their IP addresses: | |
| ```bash | |
| docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' websploit | |
| docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' kai | |
| ``` | |
| 2. You can route traffic between the containers using their hostnames (`websploit` and `kai`) or IP addresses. | |
| --- | |
| ## **4. CI/CD Integration** | |
| To automate builds and deployments, integrate the following GitHub Actions workflow: | |
| ### **GitHub Actions Workflow** | |
| Save this as `.github/workflows/deploy.yml` in your repository: | |
| ```yaml | |
| name: Build and Deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build and push Websploit | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: https://github.com/f4rih/websploit.git | |
| file: Dockerfile | |
| push: true | |
| tags: your-dockerhub-username/websploit:latest | |
| - name: Build and push Kai | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: https://github.com/SimonSchubert/Kai.git | |
| file: Dockerfile | |
| push: true | |
| tags: your-dockerhub-username/kai:latest | |
| ``` | |
| ### **Key Features**: | |
| 1. **Automated Builds**: Automatically builds and pushes Docker images to Docker Hub. | |
| 2. **Version Control**: Ensures that only the `main` branch triggers deployments. | |
| 3. **Secrets Management**: Uses GitHub Secrets to securely store credentials. | |
| --- | |
| ## **5. Security Considerations** | |
| ### **Minimize Privileges** | |
| - Both configurations disable `privileged` mode unless explicitly required. This reduces the attack surface. | |
| ### **Network Isolation** | |
| - Use Docker's built-in network isolation to restrict access between containers. For example, only allow necessary ports to be exposed. | |
| ### **Persistent Storage** | |
| - Ensure sensitive data stored in volumes (`./websploit-data` and `./kai-data`) is secured and backed up regularly. | |