# Use Kali Linux rolling as base image
FROM kalilinux/kali-rolling
# Set working directory
WORKDIR /app
# Set Python unbuffered mode and environment variables
ENV PYTHONUNBUFFERED=1 \
DEBIAN_FRONTEND=noninteractive \
PATH="/home/pentester/.local/bin:${PATH}"
# Update package lists and install core system tools
RUN apt-get update && apt-get install -y --no-install-recommends \
python3 \
python3-pip \
python3-venv \
git \
curl \
wget \
ca-certificates \
gnupg \
sudo \
libcap2-bin \
build-essential \
&& rm -rf /var/lib/apt/lists/*
# === NETWORK RECONNAISSANCE & SCANNING ===
RUN apt-get update && apt-get install -y --no-install-recommends \
nmap \
masscan \
zmap \
unicornscan \
hping3 \
arping \
fping \
ncat \
netcat-traditional \
socat \
tcpdump \
wireshark-common \
tshark \
net-tools \
dnsutils \
dnsmap \
dnsenum \
dnsrecon \
fierce \
sublist3r \
amass \
whois \
traceroute \
mtr-tiny \
&& rm -rf /var/lib/apt/lists/*
# === WEB APPLICATION TESTING ===
RUN apt-get update && apt-get install -y --no-install-recommends \
nikto \
sqlmap \
wpscan \
dirb \
dirbuster \
gobuster \
ffuf \
wfuzz \
whatweb \
wafw00f \
skipfish \
nuclei \
commix \
xsser \
zaproxy \
&& rm -rf /var/lib/apt/lists/*
# === ADVANCED WEB TESTING TOOLS ===
# Install Go for advanced tools
RUN apt-get update && apt-get install -y --no-install-recommends \
golang-go \
&& rm -rf /var/lib/apt/lists/*
# Set Go environment
ENV GOPATH=/home/pentester/go
ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
# Install Feroxbuster (Rust-based recursive content discovery)
RUN apt-get update && apt-get install -y --no-install-recommends \
cargo \
rustc \
&& cargo install feroxbuster \
&& rm -rf /var/lib/apt/lists/*
# Install modern web testing tools via Go
RUN mkdir -p $GOPATH && \
go install github.com/projectdiscovery/httpx/cmd/httpx@latest && \
go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest && \
go install github.com/projectdiscovery/katana/cmd/katana@latest && \
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest && \
go install github.com/projectdiscovery/naabu/v2/cmd/naabu@latest && \
go install github.com/projectdiscovery/chaos-client/cmd/chaos@latest && \
go install github.com/projectdiscovery/dnsx/cmd/dnsx@latest && \
go install github.com/projectdiscovery/notify/cmd/notify@latest && \
go install github.com/assetnote/kiterunner/cmd/kiterunner@latest && \
go install github.com/lc/gau/v2/cmd/gau@latest && \
go install github.com/tomnomnom/waybackurls@latest && \
go install github.com/tomnomnom/assetfinder@latest && \
go install github.com/tomnomnom/httprobe@latest && \
go install github.com/tomnomnom/unfurl@latest && \
go install github.com/tomnomnom/anew@latest && \
go install github.com/hakluke/hakrawler@latest && \
go install github.com/hakluke/hakcheckurl@latest && \
go install github.com/s0md3v/Arjun@latest 2>/dev/null || true && \
go install github.com/dwisiswant0/crlfuzz/cmd/crlfuzz@latest && \
go install github.com/hahwul/dalfox/v2@latest && \
go install github.com/jaeles-project/gospider@latest && \
go install github.com/003random/getJS@latest && \
go install github.com/KathanP19/Gxss@latest && \
go install github.com/edoardottt/csprecon/cmd/csprecon@latest && \
go clean -cache -modcache
# === EXPLOITATION & METASPLOIT ===
RUN apt-get update && apt-get install -y --no-install-recommends \
metasploit-framework \
exploitdb \
searchsploit \
armitage \
beef-xss \
social-engineer-toolkit \
&& rm -rf /var/lib/apt/lists/*
# === PASSWORD CRACKING & BRUTE FORCING ===
RUN apt-get update && apt-get install -y --no-install-recommends \
john \
hashcat \
hydra \
medusa \
ncrack \
crunch \
cewl \
wordlists \
hashid \
hash-identifier \
&& rm -rf /var/lib/apt/lists/*
# === WIRELESS TESTING ===
RUN apt-get update && apt-get install -y --no-install-recommends \
aircrack-ng \
reaver \
bully \
wifite \
kismet \
hostapd \
dnsmasq \
&& rm -rf /var/lib/apt/lists/*
# === SNIFFING & SPOOFING ===
RUN apt-get update && apt-get install -y --no-install-recommends \
ettercap-text-only \
dsniff \
responder \
bettercap \
arpspoof \
macchanger \
&& rm -rf /var/lib/apt/lists/*
# === POST-EXPLOITATION & PRIVILEGE ESCALATION ===
RUN apt-get update && apt-get install -y --no-install-recommends \
mimikatz \
powersploit \
enum4linux \
smbclient \
smbmap \
nbtscan \
ldap-utils \
&& rm -rf /var/lib/apt/lists/*
# === REVERSE ENGINEERING & BINARY ANALYSIS ===
RUN apt-get update && apt-get install -y --no-install-recommends \
radare2 \
binwalk \
foremost \
strings \
hexedit \
&& rm -rf /var/lib/apt/lists/*
# === VULNERABILITY SCANNING ===
RUN apt-get update && apt-get install -y --no-install-recommends \
openvas \
nessus \
lynis \
nikto \
&& rm -rf /var/lib/apt/lists/* || true
# === SSL/TLS TESTING ===
RUN apt-get update && apt-get install -y --no-install-recommends \
sslscan \
sslyze \
testssl.sh \
&& rm -rf /var/lib/apt/lists/*
# === ADDITIONAL UTILITIES ===
RUN apt-get update && apt-get install -y --no-install-recommends \
jq \
yq \
xxd \
base64 \
parallel \
screen \
tmux \
vim \
nano \
&& rm -rf /var/lib/apt/lists/*
# Install additional Python tools and dependencies
COPY requirements.txt .
RUN pip3 install --no-cache-dir --break-system-packages -r requirements.txt
# Install additional Python security tools
RUN pip3 install --no-cache-dir --break-system-packages \
impacket \
pwntools \
scapy \
requests \
beautifulsoup4 \
lxml \
paramiko \
python-nmap \
netaddr \
ipaddress \
dnspython \
cryptography \
pycryptodome \
colorama \
termcolor \
tqdm
# Install advanced Python web testing tools
RUN pip3 install --no-cache-dir --break-system-packages \
pyjwt \
jwt_tool \
arjun \
xsstrike \
corscanner \
ssrf-sheriff \
nosqlmap \
selenium \
webdriver-manager \
playwright \
aiohttp \
httpx[cli] \
h2 \
websockets \
graphql-core \
gql[all] \
python-graphql-client \
protobuf \
grpcio \
grpcio-tools
# Create workspace directories
RUN mkdir -p /app/workspaces /app/results /app/configs /app/wordlists /app/scripts
# Copy the enhanced server code
COPY pentest_server.py .
# Create non-root user with necessary capabilities
RUN useradd -m -u 1000 pentester && \
chown -R pentester:pentester /app && \
mkdir -p /home/pentester/.msf4 && \
chown -R pentester:pentester /home/pentester
# Set capabilities for network tools that require raw socket access
RUN setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap || true && \
setcap cap_net_raw,cap_net_admin+eip /usr/bin/masscan || true && \
setcap cap_net_raw,cap_net_admin+eip /usr/bin/hping3 || true && \
setcap cap_net_raw+eip /usr/bin/arping || true && \
setcap cap_net_raw+eip /usr/sbin/tcpdump || true
# Update exploit database (optional, can be commented out to reduce build time)
# RUN searchsploit -u || true
# Decompress rockyou wordlist if available
RUN if [ -f /usr/share/wordlists/rockyou.txt.gz ]; then \
gunzip /usr/share/wordlists/rockyou.txt.gz 2>/dev/null || true; \
fi
# Initialize Metasploit database (optional)
# RUN msfdb init || true
# Switch to non-root user
USER pentester
# Set working directory for pentester user
WORKDIR /app
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD python3 -c "import sys; sys.exit(0)" || exit 1
# Run the server
CMD ["python3", "pentest_server.py"]
