Simple docker compose file and Dockerfiles to build a Kali container, a Quantum Tunnel container, a Nessus container, a container with a complete toolkit for Red Team operations, and a container with Infection Monkey for continuous pentesting, and attack simulations. Made to simplify deployments during pentests, vulnerability scans and Red Team Campaigns.
Exposes ports 2222, 22222, 5000 and 8834 on the hosting machine. Port 2222 is used to SSH into the kali container, port 22222 is used to SSH into the redteam container and port 8834 is used to expose Nessus. Infection Monkey exposes port 5000. Settings can be changed in the environment file, see Step 1.
Instead of building them, you can also download prebuilt images with the following commands:
(The tag should be added based on the latest (or preferred) version found in the packages.)
docker pull ghcr.io/sneakybeagle/sneakybeagle_container/sneakybeagle_container.sneakykali:<tag>
docker pull ghcr.io/sneakybeagle/sneakybeagle_container/sneakybeagle_container.sneakyredteam:<tag>
docker pull ghcr.io/sneakybeagle/sneakybeagle_container/sneakybeagle_container.sneakynessus:<tag>
docker pull ghcr.io/sneakybeagle/sneakybeagle_container/sneakybeagle_container.sneakyquantum:<tag>
and run them with
docker run ghcr.io/sneakybeagle/sneakybeagle_container/sneakybeagle_container.sneakykali:<tag>
docker run ghcr.io/sneakybeagle/sneakybeagle_container/sneakybeagle_container.sneakyredteam:<tag>
docker run ghcr.io/sneakybeagle/sneakybeagle_container/sneakybeagle_container.sneakynessus:<tag>
docker run ghcr.io/sneakybeagle/sneakybeagle_container/sneakybeagle_container.sneakyquantum:<tag>
This will result in a setup that uses the credentials and settings that can be found in the example env file. This means that you should change the credentials as soon as possible and will use the free version of nessus, since no activation code is provided (obviously...).
Copy "env" to ".env".
cp env .env
Enter (in .env) the server address and port that you opened externally (if you want to access these containers remotely), the Nessus activation code, a username and a password for nessus, and a password to ssh into the kali and redteam containers.
As in the following example:
# Quantum Tunnel
SERVER=example.com
SERVERPORT=22 # Server SSH port to connect to, probably good to do 443 to avoid firewall rules
SERVERUSER=root
# Nessus
ACTIVATION_CODE=AAAA-BBBB-CCCC-DDDD
USERNAME=admin
PASSWORD=awesomepassword
NESSUSHOSTPORT=8834
# SSH
SSHPASSWORD=anotherawesomepassword
# SSH port on host for Kali
SSHHOSTPORT=2222
# SSH port on host for redteam
RTSSHHOSTPORT=22222
# Storage/Volumes
BASEVOLUME=./docker_vols/
Optionally, you can also configure the ports that the hosting machine will expose for the services.
A number of optional tools can be installed in the Kali container. This is disabled by default to speed up the build, but can be enabled by uncommenting the following lines in the Kali Dockerfile:
## UNCOMMENT TO INSTALL OPTIONAL
#COPY files/install_optional.sh /root/install_optional.sh
#RUN chmod +x /root/install_optional.sh && /root/install_optional.sh && rm /root/install_optional.sh
This script is copied into the container, so even if not used during build, it can be run later on the container directly.
The default tools can be found here and the optional tools can be found here
If you are using the quantum tunnel container, you need to setup a SSH key pair, copy it into the right directory for the container and copy the public key to your external servers 'authorized_keys' file. Here is how to do that:
On the host that will run the containers:
mkdir -p <location_of_repository>/quantum/files
Next, generate keys into this directory (without passphrase):
ssh-keygen -t rsa -q -N "" -f <location_of_repository>/quantum/files/id_rsa
Now copy <location_of_repository>/quantum/files/id_rsa.pub to $HOME/.ssh/authorized_keys on your external server (I would also suggest using this key to authenticate with your own machine to check if it works).
docker-compose build [service]
This will parse the docker-compose.yml file and start building the images accordingly. You can either build all services by running:
docker-compose build
Or build a specific service, like for example only Nessus, by running
docker-compose build nessus # can also be redteam or kali or quantum
The quantum service will either use a existing public/private keypair (located in quantum/files/) to authenticate to your external server, or will generate the keys if they do not exists. In either case, during the build the public key will be printed. This should be copied to your servers $HOME/.ssh/authorized_keys. For more info, go back to Optional Step 1.3.
Depending on what service(s) you want to run, the following commands can be used:
docker-compose up -d
and running a single container:
docker-compose up -d [service] # nessus, kali or redteam or quantum
The Infection Monkey container is executed by an independent script, located under infectionmonkey/ directory, that downloads required files and executes them.
sudo infection_docker.sh
To stop the containers, run:
docker-compose stop
To remove the containers, once stopped, run:
docker-compose rm
A Kali container that opens a SSH port on the host and has a number of tools already installed.
- Installed tools:
- ssh
- apt-utils
- wget
- curl
- netcat-traditional
- nmap
- gobuster
- python3
- python3-pip
- iproute2
- dnsutils
- iputils-ping
- emacs-nox
- sqlmap
- whois
- nikto
- net-tools
- git
- nfs-common
- tcpdump
- seclists
- inetutils-traceroute
- vim
- golang-go
These optional tools are installed by a script copied onto the kali host
- Optional tools:
- python3.9-venv
- man-db
- w3m
- exploitdb
- smbclient
- dsniff
- testssl.sh
- commix
- hydra
- mydumper
- python2
- tar
- tor
- python3-scapy
- sqsh
- metasploit-framework
- netdiscover
- iptraf-ng
- kali-archive-keyring
- terminator
- httpie
- python3-poetry
- bash-completion
The Quantum Tunnel host uses Quantum Tunnel, a reverse forward ssh tunneler written in Go. This creates a tunnel from the server you specify in the .env file and the kali host, meaning you can access the kali host from within the external server, even with restrictive firewall/NAT rules in place.
Split into categories, each script installs a defined toolkit for all red team phases and attack vectors. With sometools.sh script you can add some more tools or keep the installed ones updated.
- General tools
- openssh-server
- zsh
- net-tools
- apt-utils
- python3
- python3-dev
- build-essential
- python3-pip
- redis-server
- terminatorwget
- vim
- gnupg2
- postgresql
- python3-venv
- apt-transport-https
- lsb-release
- libreadline-dev
- libpq5
- libpq-dev
- readline-common
- libsqlite3-dev
- libpcap-devsubversion
- git-core
- autoconf
- zlib1g-dev
- libxml2-dev
- libxslt1-dev
- libyaml-dev
- ruby1.9.1
- nmap
- iputils-ping
- netdiscover
- hping3netcat-traditional
- gobuster
- iproute2
- iputils-arping
- dnsutils
- tcpdump
- powershell
- curl
- Anon
- TOR
- TORsocks
- I2P
- ProxyChains
- OpenVPN
- Wireguard
- TorGhost
-
Evasion
- UACME
- mortar
-
Exfiltration
- Mistica
- DNSExfiltration
- Egress-assess
- Data Exfiltration Toolkit
- Powershell-RAT
- PyExfil
-
Exploitation
- impacket
- BEEF
- bettercap
- Metasploit Framework
- jok3r Framework
- CVE-2021-44228 PoC log4j bypass words
- Log4Shell RCE Exploit
- AD Enum
-
Mobile
- Mobile Security Framework
-
OSINT / Recon
- TIDoS Framework
- terra
- Phoneinfoga
- Buster
- pwnedOrNot
- nmap
- theHarvester
- metagoofil
- recon-ng
- skiptracer
- Just-Metadata
- spiderfoot
- FinalRecon
- nmap Automator
- OsintGram
- Social Mapper
- CrossLinked
- ADRecon
- Email Harvester
- tinfoleak
-
Phishing
- Social Engineer Toolkit
- Phishing Pretexts
- Phishery
- ZPhisher
- King Phiser
- Evilginx2
- evil-ssdp
- FiercePhish
- GoPhish
- ReelPhish
- CredSniper
-
PostExploitation
- Empire Framework 4
- Starkiller
- StarFighters
- Pupy
- gcat
- Merlin
- weevely
- Powersploit
-
Privilege Escalation
- BeRoot
- LinEnum
- Linux Exploit Suggester
- linuxprivchecker
- Linux Smart Enumeration
- JAWS
- Windows Exploit Suggester NG
- WindowsEnum
- Log4j CVE-2021-45046
- Responder
- Windows Kernel Exploits
-
Vulnerability Scan
- CVE-2021-44228 Scanner
- Log4J CVE Detect
- espoofer
- Domain Security Scanner
- dkimsc4n
- testssl.sh
- Nuclei
- Sn1per
-
Weaponization
- CVE-2018-20250
- CVE-2017-8759
- CVE-2017-0199
- CVE-2017-8570
- demiguise
- Malicious Macro Generator
- DKMC
- Office DDE Payloads
- DZGEN
- EmbedinHTML
- Macro Pack
- DInjector
- Unicorn
- The Backdoor Factory
- Generate Macro
- MaliciousMacroMSBuild
- wePWNise
- trojanizer
- Macro Shop
- EvilClippy
- donut
- Icebreaker
- Evilgrade
There is a script included in this repository that allows you to easily setup a Monkey Island container. This script can be found here. Running this script will attempt to stop and remove existing Monkey Island and mongo-db (named "monkey-mongo") containers, and create and run new ones.
Refer to documentation for further information.