## **1. Websploit Setup** ### Repository Details: - **Repository**: [f4rih/websploit](https://github.com/f4rih/websploit) - **Description**: A web-based exploitation framework for performing attacks like SQL injection, XSS, etc. - **Docker Support**: The repository includes a `Dockerfile`, so we can build and deploy it directly. ### **Final `docker-compose.yml` for Websploit** ```yaml version: '3.9' services: websploit: build: context: https://github.com/f4rih/websploit.git dockerfile: Dockerfile container_name: websploit hostname: websploit privileged: false tty: true stdin_open: true networks: - shared-net ports: - "8080:8080" # Web interface volumes: - ./websploit-data:/app/data # Persist data environment: - TZ=UTC - PYTHONUNBUFFERED=1 # Real-time logs command: python app.py deploy: resources: limits: cpus: '2' memory: 1G reservations: cpus: '0.5' memory: 512M healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080/health"] # Replace with actual endpoint interval: 30s timeout: 10s retries: 3 logging: driver: "json-file" options: max-size: "10m" max-file: "5" networks: shared-net: driver: bridge ``` ### **Key Features**: 1. **Resource Management**: CPU and memory limits ensure efficient resource usage. 2. **Health Checks**: Monitors container health (update `/health` if needed). 3. **Logging**: Rotates logs to prevent excessive disk usage. 4. **Security**: Disabled `privileged` mode for enhanced security. --- ## **2. Kai Setup** ### Repository Details: - **Repository**: [SimonSchubert/Kai](https://github.com/SimonSchubert/Kai) - **Description**: An AI-driven security tool for automating penetration testing tasks. - **Docker Support**: No `Dockerfile` is provided, so we need to create one. ### **Final `Dockerfile` for Kai** ```dockerfile # Base image FROM python:3.9-slim # Set working directory WORKDIR /app # Install system dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ git \ curl \ && rm -rf /var/lib/apt/lists/* # Copy project files COPY . . # Install Python dependencies RUN pip install --no-cache-dir -r requirements.txt # Expose necessary ports EXPOSE 5000 # Command to run the application CMD ["python", "kai.py"] ``` ### **Final `docker-compose.yml` for Kai** ```yaml version: '3.9' services: kai: build: context: https://github.com/SimonSchubert/Kai.git dockerfile: Dockerfile container_name: kai hostname: kai privileged: false tty: true stdin_open: true networks: - shared-net ports: - "5000:5000" # API or web interface volumes: - ./kai-data:/app/data # Persist data environment: - TZ=UTC - PYTHONUNBUFFERED=1 # Real-time logs command: python kai.py deploy: resources: limits: cpus: '2' memory: 1G reservations: cpus: '0.5' memory: 512M healthcheck: test: ["CMD", "curl", "-f", "http://localhost:5000/health"] # Replace with actual endpoint interval: 30s timeout: 10s retries: 3 logging: driver: "json-file" options: max-size: "10m" max-file: "5" networks: shared-net: driver: bridge ``` ### **Key Features**: 1. **Resource Management**: CPU and memory limits ensure efficient resource usage. 2. **Health Checks**: Monitors container health (update `/health` if needed). 3. **Logging**: Rotates logs to prevent excessive disk usage. 4. **Security**: Disabled `privileged` mode for enhanced security. --- ## **3. Shared Network for Routing** Both services are configured to use the same network (`shared-net`), enabling seamless communication between them. ### Verify Network Connectivity: 1. After deploying both services, check their IP addresses: ```bash docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' websploit docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' kai ``` 2. You can route traffic between the containers using their hostnames (`websploit` and `kai`) or IP addresses. --- ## **4. CI/CD Integration** To automate builds and deployments, integrate the following GitHub Actions workflow: ### **GitHub Actions Workflow** Save this as `.github/workflows/deploy.yml` in your repository: ```yaml name: Build and Deploy on: push: branches: - main jobs: build-and-deploy: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Login to Docker Hub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push Websploit uses: docker/build-push-action@v4 with: context: https://github.com/f4rih/websploit.git file: Dockerfile push: true tags: your-dockerhub-username/websploit:latest - name: Build and push Kai uses: docker/build-push-action@v4 with: context: https://github.com/SimonSchubert/Kai.git file: Dockerfile push: true tags: your-dockerhub-username/kai:latest ``` ### **Key Features**: 1. **Automated Builds**: Automatically builds and pushes Docker images to Docker Hub. 2. **Version Control**: Ensures that only the `main` branch triggers deployments. 3. **Secrets Management**: Uses GitHub Secrets to securely store credentials. --- ## **5. Security Considerations** ### **Minimize Privileges** - Both configurations disable `privileged` mode unless explicitly required. This reduces the attack surface. ### **Network Isolation** - Use Docker's built-in network isolation to restrict access between containers. For example, only allow necessary ports to be exposed. ### **Persistent Storage** - Ensure sensitive data stored in volumes (`./websploit-data` and `./kai-data`) is secured and backed up regularly.