骚年 运维少年
使用docker搭建***测试环境一、说明本文适合对Docker和***测试有一定了解的人员阅读。
二、准备靶机本文以DVWA为例
- 查看有无DVWA的镜像
1[root@localhost ~]# docker search dvwa 2INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED 3docker.io docker.io/citizenstig/dvwa Docker container for Damn Vulnerable Web A... 43 [OK] 4docker.io docker.io/garland/dvwa Damn Vulnerable Web Application in a Docke... 7 [OK] 5docker.io docker.io/infoslack/dvwa 7 [OK] 6docker.io docker.io/tleemcjr/dvwa Damn Vulnerable Web App (DVWA) built on Ma... 4 7docker.io docker.io/acgpiano/dvwa latest dvwa 2 8docker.io docker.io/benoitg/dvwa Damn Vulnerable Web Application https://gi... 2 [OK] 9docker.io docker.io/kebernexit/dvwa-php Damn Vulnerable Web Application (DVWA) PHP... 2 10docker.io docker.io/liniker/dvwa DVWA 2 11docker.io docker.io/astronaut1712/dvwa Docker for DVWA LAB: https://github.com/Ra... 1 [OK]12docker.io docker.io/gjuniioor/dvwa Damn Vulnerable Web Application (DVWA) on ... 1 [OK]13docker.io docker.io/jechoi/dvwa Instantly runnable DVWA to practice web at... 1 14docker.io docker.io/appsecframework/dvwa-nologin 0 15docker.io docker.io/aracloud/dvwa 0 16docker.io docker.io/c0ny1/dvwa dvwa镜像 0 17docker.io docker.io/dphanekham/dvwa Ubuntu 14.04 with DVWA running on it 0 18docker.io docker.io/frankspierings/dvwa 0 19docker.io docker.io/gaganld/dvwa-gagan 0 20docker.io docker.io/imfht/dvwa-nologin dvwa without login 0 21docker.io docker.io/intrusionexploitation/dvwa-wordpress2.2-bricks This is supporting docker image for Kali L... 0 22docker.io docker.io/ishangirdhar/dvwabricks Docker container for Bricks & DVWA web app... 0 [OK]23docker.io docker.io/polyverse/dvwa Damn Vulnerable Web App 0 [OK]24docker.io docker.io/rubenvanvreeland/dvwa 0 25docker.io docker.io/sagikazarmark/dvwa DVWA (Damn Vulnerable Web Application) Doc... 0 [OK]26docker.io docker.io/sonic64/dvwa dvwa test environment 0 27docker.io docker.io/toneloc01/dvwa Damn Vulnerable Web Application based off ... 0 28[root@localhost ~]#- 下载STARS最多的镜像(好多层的说)
1[root@localhost ~]# docker pull citizenstig/dvwa 2Using default tag: latest 3Trying to pull repository docker.io/citizenstig/dvwa ... 4latest: Pulling from docker.io/citizenstig/dvwa 58387d9ff0016: Pull complete 63b52deaaf0ed: Pull complete 74bd501fad6de: Pull complete 8a3ed95caeb02: Pull complete 9790f0e8363b9: Pull complete 1011f87572ad81: Pull complete 11341e06373981: Pull complete 12709079cecfb8: Pull complete 1355bf9bbb788a: Pull complete 14b41f3cfd3d47: Pull complete 1570789ae370c5: Pull complete 1643f2fd9a6779: Pull complete 176a0b3a1558bd: Pull complete 18934438c9af31: Pull complete 191cfba20318ab: Pull complete 20de7f3e54c21c: Pull complete 21596da16c3b16: Pull complete 22e94007c4319f: Pull complete 233c013e645156: Pull complete 247b3eb1ac6cfe: Pull complete 25Digest: sha256:1c0ab894f0bf41351519c8388a282c0a178216e9ce8f0399a162472070379dc626Status: Downloaded newer image for docker.io/citizenstig/dvwa:latest27[root@localhost ~]# - 查看镜像
1[root@localhost ~]# docker image ls2REPOSITORY TAG IMAGE ID CREATED SIZE3docker.io/citizenstig/dvwa latest d9c7999da701 12 months ago 466 MB- 运行容器
1[root@localhost ~]# docker run --rm -d -P --name ywsn-dvwa citizenstig/dvwa2ac88b30b328af349a6ab19300d154d0e67eaa0d8e26ec52e26cb337618d83a6c3[root@localhost ~]# 参数说明:
- run:运行
- --rm:退出后删除容器
- -d:后台运行
- -P:随机映射端口
- --name:容器的名字
- 查看运行的容器
1[root@localhost ~]# docker container ls2CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES3ac88b30b328a citizenstig/dvwa "/run.sh" 10 seconds ago Up 7 seconds 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->3306/tcp ywsn-dvwa4[root@localhost ~]# 可以看到80端口被随机映射到了32769端口,我们需要打开网页:宿主机的IP:32769即可访问dvwa网页。
三、准备***工具本文已nmap为例,kali的镜像比较大,大家也可以用kali作为容器.
- 查看nmap镜像
1[root@localhost ~]# docker search nmap 2INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED 3docker.io docker.io/uzyexe/nmap nmap container image (size: 14.93MB) 32 [OK] 4docker.io docker.io/instrumentisto/nmap Nmap ("Network Mapper") Docker Image 5 [OK] 5docker.io docker.io/jess/nmap 5 6docker.io docker.io/securecodebox/nmap A Docker image containing the NMAP securit... 5 7docker.io docker.io/k0st/nmap Nmap on minimum, modern and secure Alpine ... 4 [OK] 8docker.io docker.io/networkstatic/nmap Dockerized Nmap Port Scanner on Debian 4 [OK] 9docker.io docker.io/cyberwatch/nmap Docker Image with Nmap build from source 3 10docker.io docker.io/frapsoft/nmap nmap on Alpine Linux (6 MB) 2 [OK]11docker.io docker.io/appsmanager/nmap 1 12docker.io docker.io/n4n0m4c/nmap docker nmap 1 [OK]13docker.io docker.io/uleenucks/nmap 1 14docker.io docker.io/catalla/nmap-localhost Look for active IPs on localhost 0 15docker.io docker.io/dockerpinata/nmap 0 16docker.io docker.io/dockerpinata/nmap-ncat 0 17docker.io docker.io/functions/nmap 0 18docker.io docker.io/gvangool/nmap nmap in a container :) 0 [OK]19docker.io docker.io/linosgian/nmap 0 20docker.io docker.io/marsmensch/nmap A Dockerfile for nmap https://nmap.org/ us... 0 21docker.io docker.io/n4n0m4c/nmapxml2ddb 0 22docker.io docker.io/sammascanner/nmap Nmap Scanner Will run and then save the r... 0 [OK]23docker.io docker.io/ssarioglu/nmap Nmap Scanner 0 [OK]24docker.io docker.io/tomkukral/nmap 0 25docker.io docker.io/voyat/nmap Image Docker pour Nmap 0 [OK]26docker.io docker.io/weshigbee/nmap Container with nmap for scanning docker ne... 0 [OK]27docker.io docker.io/whiteadam/nmap Alpine Linux image with nmap, libssl, and ... 0 [OK]28[root@localhost ~]# - 下载nmap镜像
1[root@localhost ~]# docker pull uzyexe/nmap 2Using default tag: latest 3Trying to pull repository docker.io/uzyexe/nmap ... 4latest: Pulling from docker.io/uzyexe/nmap 5a3ed95caeb02: Pull complete 677c6c00e8b61: Pull complete 73aaade50789a: Pull complete 800cf8b9f3d2a: Pull complete 97ff999a2256f: Pull complete 10d2ba336f2e44: Pull complete 11dfda3e01f2b6: Pull complete 12a49f12444284: Pull complete 13b12991d094a3: Pull complete 14Digest: sha256:97fec7626949e70385c1bb451626967f9109e90fbe0e69947e18623b87c1c51715Status: Downloaded newer image for docker.io/uzyexe/nmap:latest16[root@localhost ~]# - 使用容器
该容器的镜像直接运行,容器后面直接跟随选项即可,更多使用功能可以查看官网
1[root@localhost ~]# docker run --rm uzyexe/nmap -O 172.17.0.2 2 3Starting Nmap 7.60 ( https://nmap.org ) at 2019-06-26 02:42 GMT 4Nmap scan report for 172.17.0.2 5Host is up (0.00034s latency). 6Not shown: 998 closed ports 7PORT STATE SERVICE 880/tcp open http 93306/tcp open mysql10MAC Address: 02:42:AC:11:00:02 (Unknown)11Device type: general purpose12Running: Linux 3.X|4.X13OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:414OS details: Linux 3.2 - 4.815Network Distance: 1 hop1617OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .18Nmap done: 1 IP address (1 host up) scanned in 24.13 seconds19[root@localhost ~]#微信公众号:运维少年