Be sure to scroll down and view the whole post as there is both audio and video coverage of today’s episode!
Intro
I know I’m old and unhip, but I just got turned on to Docker, and today I wanted to share two cool ways to use it to beef up your pentest skills:
Install and run Rainmap
Have you heard of Rainmap? I heard about this from Jerry Gamblin’s blog – it’s basically a slick Web interface for nmap.
Head to https://hub.docker.com/r/jgamblin/rainmap/ for instructions, but it basically boils down to installing the container with:
docker pull jgamblin/rainmap
Since rainmap stays "open" in the command line, I recommend you first use screen to setup a special session for it. That way you can completely log out via SSH and the docker will stay running.
screen -R rainmapscreen
With the new screen created, you can run rainmap and follow the prompts:
docker run -ti -p 8080:8080 --name rainmap jgamblin/rainmap
Now, just hit Ctrl+a d
to exit the screen session, and go to http://ip.of.your.docker:8080/console
to login!
Install and run OWASP Juice Shop
Juice Shop, according to OWASP is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."
Download it:
docker pull bkimminich/juice-shop
Run it:
docker run -d -p 3000:3000 bkimminich/juice-shop
Now hack it! 🙂
Video:
Here’s the complementary video content for today’s audio podcast:
Share on socials: