Merge pull request google#20 from rayanht:feature/docker-image

PiperOrigin-RevId: 346512529 Change-Id: I3cbc95956c0b9286deb90577e7af1917b37ef5bf
miguelangat · Dec 9, 2020 · dffe218 · dffe218
2 parents 3207d9a + 3988037
commit dffe218
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 24 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,21 @@
+# Git-related files
+.gitattributes
+.gitignore
+.git/
+
+# IDE files
+.idea/
+.vscode/
+
+# Build cache
+.gradle/
+
+# Documentation
+docs/
+LICENSE
+README.md
+
+# Miscellaneous
+quick_start.sh
+Dockerfile
+.dockerignore
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,34 @@
+FROM openjdk:13-jdk-slim-buster
+
+# Install dependencies
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends nmap ncrack git ca-certificates \
+ && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /usr/tsunami/repos
+
+# Clone the plugins repo
+RUN git clone --depth 1 "https://github.com/google/tsunami-security-scanner-plugins"
+
+# Build plugins
+WORKDIR /usr/tsunami/repos/tsunami-security-scanner-plugins/google
+RUN chmod +x build_all.sh \
+    && ./build_all.sh
+
+RUN mkdir /usr/tsunami/plugins
+RUN cp build/plugins/*.jar /usr/tsunami/plugins
+
+# Compile the Tsunami scanner
+WORKDIR /usr/repos/tsunami-security-scanner
+COPY . .
+RUN ./gradlew shadowJar
+
+RUN cp $(find "./" -name 'tsunami-main-*-cli.jar') /usr/tsunami/tsunami.jar
+RUN cp ./tsunami.yaml /usr/tsunami
+
+WORKDIR /usr/tsunami
+
+RUN mkdir logs/
+
+ENTRYPOINT ["java", "-cp", "tsunami.jar:plugins/*", "-Dtsunami-config.location=tsunami.yaml", "com.google.tsunami.main.cli.TsunamiCli"]
+CMD ["--ip-v4-target=127.0.0.1", "--scan-results-local-output-format=JSON", "--scan-results-local-output-filename=logs/tsunami-output.json"]
diff --git a/README.md b/README.md
@@ -23,13 +23,44 @@ repository.
 
 To quickly get started with Tsunami scans,
 
-1.  install the following required dependencies:
-
-    ```
-    nmap >= 7.80
-    ncrack >= 0.7
-    ```
-
+### Traditional install
+ 1.  install the following required dependencies:
+
+     ```
+     nmap >= 7.80
+     ncrack >= 0.7
+     ```
+
+ 1.  start a vulnerable application that can be identified by Tsunami, e.g. an
+      unauthenticated Jupyter Notebook server. The easiest way is to use a docker
+      image:
+     ```shell
+     docker run --name unauthenticated-jupyter-notebook -p 8888:8888 -d jupyter/base-notebook start-notebook.sh --NotebookApp.token=''
+     ```
+
+ 1.  execute the following command:
+
+     ```
+     bash -c "$(curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)"
+     ```
+
+ The `quick_start.sh` script performs the following tasks:
+
+ 1.  Clone the
+     [google/tsunami-security-scanner](https://github.com/google/tsunami-security-scanner)
+     and
+     [google/tsunami-security-scanner-plugins](https://github.com/google/tsunami-security-scanner-plugins)
+     repos into `$HOME/tsunami/repos` directory.
+ 1.  Compile all
+     [Google Tsunami plugins](https://github.com/google/tsunami-security-scanner-plugins/tree/master/google)
+     and move all plugin `jar` files into `$HOME/tsunami/plugins` directory.
+ 1.  Compile the Tsunami scanner Fat Jar file and move it into `$HOME/tsunami`
+     directory.
+ 1.  Move the `tsunami.yaml` example config into `$HOME/tsunami` directory.
+ 1.  Print example Tsunami command for scanning `127.0.0.1` using the previously
+     generated artifacts.
+
+### Docker install
 1.  start a vulnerable application that can be identified by Tsunami, e.g. an
     unauthenticated Jupyter Notebook server. The easiest way is to use a docker
     image:
@@ -38,28 +69,17 @@ To quickly get started with Tsunami scans,
     docker run --name unauthenticated-jupyter-notebook -p 8888:8888 -d jupyter/base-notebook start-notebook.sh --NotebookApp.token=''
     ```
 
-1.  execute the following command:
+1.  build the docker image for Tsunami:
 
     ```
-    bash -c "$(curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)"
+    docker build -t tsunami .
     ```
 
-The `quick_start.sh` script performs the following tasks:
-
-1.  Clone the
-    [google/tsunami-security-scanner](https://github.com/google/tsunami-security-scanner)
-    and
-    [google/tsunami-security-scanner-plugins](https://github.com/google/tsunami-security-scanner-plugins)
-    repos into `$HOME/tsunami/repos` directory.
-1.  Compile all
-    [Google Tsunami plugins](https://github.com/google/tsunami-security-scanner-plugins/tree/master/google)
-    and move all plugin `jar` files into `$HOME/tsunami/plugins` directory.
-1.  Compile the Tsunami scanner Fat Jar file and move it into `$HOME/tsunami`
-    directory.
-1.  Move the `tsunami.yaml` example config into `$HOME/tsunami` directory.
-1.  Print example Tsunami command for scanning `127.0.0.1` using the previously
-    generated artifacts.
+1. run the Tsunami image. The logs can be saved to the host machine by mounting a volume:
 
+    ```
+    docker run  --network="host" -v "$(pwd)/logs":/usr/tsunami/logs tsunami
+    ```
 ## Contributing
 
 Read how to [contribute to Tsunami](docs/contributing.md).