Fork me on GitHub

Project Notes

Running Metasploit with Docker

Investigating how to run Metasploit in a Docker container

Notes

Various Docker images for Metasploit have been published over the years, but it seems the best to start with today are the official images in the metasploitframework dockerhub.

Running a Self-contained Image with Docker

The msf_control.sh solo option runs a selected image in docker without a default database connection or any local file mapping

$ ./msf_control.sh solo

msf_start

Running the Console and Database with Docker Compose

The msf_control.sh script wraps some simple docker-compose commands that fire up a postgres db instance and the metasploit console in linked containers. Storage is mapped to the local file system:

  • mymsf/.msf5
  • mymsf/pg_data

Starting a metasploit console session:

$ ./msf_control.sh ms

msf_console

Running Some Simple Commands

nmap tcp scan, high ports only:

msf5 > nmap -sT -p1-1024 192.168.1.1
[*] exec: nmap -sT -p1-1024 192.168.1.1

Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-25 15:15 UTC
Nmap scan report for SunshineFleur (192.168.1.1)
Host is up (0.0091s latency).
Not shown: 1019 closed ports
PORT    STATE    SERVICE
53/tcp  open     domain
80/tcp  open     http
139/tcp open     netbios-ssn
443/tcp filtered https
445/tcp open     microsoft-ds

Nmap done: 1 IP address (1 host up) scanned in 2.62 seconds

nmap stealth scan:

msf5 > nmap -sS 192.168.1.1
[*] exec: nmap -sS 192.168.1.1

Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-25 15:14 UTC
Nmap scan report for SunshineFleur (192.168.1.1)
Host is up (0.011s latency).
Not shown: 992 closed ports
PORT      STATE    SERVICE
53/tcp    open     domain
80/tcp    open     http
139/tcp   open     netbios-ssn
443/tcp   filtered https
445/tcp   open     microsoft-ds
10000/tcp open     snet-sensor-mgmt
49152/tcp open     unknown
49153/tcp open     unknown

Nmap done: 1 IP address (1 host up) scanned in 2.97 seconds

Logging and Importing an nmap scan

Since we’re in docker, choosing to write the log to ~/.msf4 which is mapped to local file system.

Running a scan with XML output:

msf5 > nmap -sT -oX ~/.msf4/nmap_1.xml 192.168.1.1
[*] exec: nmap -sT -oX ~/.msf4/nmap_1.xml 192.168.1.1

Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-25 15:34 UTC
Nmap scan report for SunshineFleur (192.168.1.1)
Host is up (0.022s latency).
Not shown: 992 closed ports
PORT      STATE    SERVICE
53/tcp    open     domain
80/tcp    open     http
139/tcp   open     netbios-ssn
443/tcp   filtered https
445/tcp   open     microsoft-ds
10000/tcp open     snet-sensor-mgmt
49152/tcp open     unknown
49153/tcp open     unknown

Nmap done: 1 IP address (1 host up) scanned in 1.53 seconds

checking db connectivity and importing the scan..

msf5 > db_status
[*] Connected to msf?pool=200&timeout=5. Connection type: postgresql. Connection name: Km2oS7BO.
msf5 > db_import ~/.msf4/nmap_1.xml
[*] Importing 'Nmap XML' data
[*] Import: Parsing with 'Nokogiri v1.10.7'
[*] Importing host 192.168.1.1
[*] Successfully imported /home/msf/.msf4/nmap_1.xml
msf5 > hosts

Hosts
=====

address      mac  name           os_name  os_flavor  os_sp  purpose  info  comments
-------      ---  ----           -------  ---------  -----  -------  ----  --------
192.168.1.1       SunshineFleur  Unknown                    device

msf5 > services
Services
========

host         port   proto  name              state     info
----         ----   -----  ----              -----     ----
192.168.1.1  53     tcp    domain            open
192.168.1.1  80     tcp    http              open
192.168.1.1  139    tcp    netbios-ssn       open
192.168.1.1  443    tcp    https             filtered
192.168.1.1  445    tcp    microsoft-ds      open
192.168.1.1  10000  tcp    snet-sensor-mgmt  open
192.168.1.1  49152  tcp    unknown           open
192.168.1.1  49153  tcp    unknown           open


Credits and References

About LCK#97 securitydocker
Project Source on GitHub Return to the Project Catalog

This page is a web-friendly rendering of my project notes shared in the LittleCodingKata GitHub repository.

LittleCodingKata is my collection of programming exercises, research and code toys broadly spanning things that relate to programming and software development (languages, frameworks and tools).

These range from the trivial to the complex and serious. Many are inspired by existing work and I'll note credits and references where applicable. The focus is quite scattered, as I variously work on things new and important in the moment, or go back to revisit things from the past.

This is primarily a personal collection for my own edification and learning, but anyone who stumbles by is welcome to borrow, steal or reference the work here. And if you spot errors or issues I'd really appreciate some feedback - create an issue, send me an email or even send a pull-request.