A containerized cybersecurity evaluation system for structured host discovery, container analysis, vulnerability enumeration, exploitation testing, and reporting operations.
DEM is an integrated vulnerability assessment and exploitation platform that unifies discovery, assessment, exploitation, and reporting workflows into a single cohesive system. The platform operates as a self-contained Docker Compose environment with backend, frontend, and Neo4j database services.
- Frontend: SvelteKit application with TypeScript and Tailwind CSS
- Backend: FastAPI service with clean architecture (domain, application, infrastructure, presentation layers)
- Database: Neo4j graph database for relationship modeling
- Tools: Integrated security tools (Grype, Trivy, Nmap, Metasploit, etc.)
- Kali Linux VM (recommended: 2024.x or later)
- Docker Engine 28.x or later
- Docker Compose plugin
- Minimum Resources:
- CPU: 2 cores (4+ recommended)
- RAM: 8GB (16GB+ recommended)
- Storage: 50GB+ free space
- Network: Bridged adapter for external connectivity
# Update system
sudo apt update && sudo apt upgrade -y
# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo systemctl enable docker
sudo systemctl start docker
# Add user to docker group
sudo usermod -aG docker $USER
# Logout and login again for group changes to take effect
# Install Docker Compose
sudo apt install docker-compose-plugin
# Verify installation
docker --version
docker compose version# Clone repository
git clone <repository-url>
cd Docker-Exploit-Mapper
# Start services
docker compose up -d
# Access interfaces
# Frontend: http://localhost:5173
# Backend API: http://localhost:8000
# Neo4j Browser: http://localhost:7474The DEM frontend provides an intuitive web interface for all assessment operations:
Navigate to http://localhost:5173 in your web browser to access the DEM interface.
- Click "Create New Project" on the dashboard
- Enter project details:
- Project Name: Choose a descriptive name (e.g., "Web Server Assessment")
- Description: Add assessment objectives or scope
- Analyst Initials: Your identification (e.g., "JA")
- Event Type: Assessment type (CVI, CVPA, etc.)
To perform container discovery on remote systems, configure SSH access:
# Generate a new SSH key pair
ssh-keygen -t rsa -b 4096 -C "dem-assessment@your-org"
# This creates:
# - ~/.ssh/id_rsa (private key - keep secure)
# - ~/.ssh/id_rsa.pub (public key - share with targets)# Copy your public key to the target system
ssh-copy-id username@target-host-ip
# Test SSH connectivity
ssh username@target-host-ip "echo 'SSH connection successful'"
# Verify Docker access on target
ssh username@target-host-ip "docker ps --format 'table {{.Names}}\t{{.Image}}\t{{.Status}}'"DEM automatically uses SSH for remote container discovery:
- Host IP: Target system IP address or hostname
- SSH User: Username with Docker access on target
- SSH Port: Usually 22 (standard SSH port)
- SSH Key: DEM uses your system's SSH agent
- Create a new assessment project
- Define scope and objectives
- Configure analyst information
Navigate to the Discovery section to identify target systems:
- Click "Discover Containers"
- Enter target details:
- Host IP: IP address of Docker host
- SSH Username: User with Docker access
- SSH Port: Usually 22
- Click "Start Discovery"
- View discovered containers in the topology map
- Click "Scan Ports"
- Specify target IP and port range
- View open ports and services
- Results integrated with topology visualization
Access the Assessment section for security scanning:
- Select containers from the topology map
- Choose scanning tools:
- Grype: Comprehensive vulnerability database
- Trivy: Container-specific scanning
- Dockle: Docker security best practices
- Run automated scans
- Review findings with severity ratings
The Topology section provides visual representation:
- Hosts: Discovered systems and IP addresses
- Containers: Running Docker containers
- Connections: Network relationships and dependencies
- Scan Results: Vulnerability overlays and port information
Access the Exploitation section for controlled testing:
- Review identified vulnerabilities
- Select appropriate Metasploit modules
- Configure exploitation parameters
- Execute controlled tests in isolated environment
- Document results and impact assessment
The Dashboard provides real-time insights:
- Active Projects: Current assessment status
- Scan Progress: Real-time scanning status
- Vulnerability Summary: Severity breakdown and trends
- Activity Timeline: Recent assessment activities
Generate comprehensive reports in the Report section:
- PDF Reports: Professional assessment documentation
- CSV Exports: Vulnerability data for analysis
- Executive Summaries: High-level findings and recommendations
# Backend configuration
NEO4J_URI=bolt://neo4j:7687
NEO4J_USER=neo4j
NEO4J_PASS=your_secure_password
CORS_ORIGINS=http://localhost:5173
# Frontend configuration
VITE_API_BASE=http://localhost:8000# Start SSH agent
eval "$(ssh-agent -s)"
# Add your private key
ssh-add ~/.ssh/id_rsa
# List loaded keys
ssh-add -l
# DEM automatically uses SSH agent for remote connectionsDEM can be tested using various VM networking configurations. Choose the appropriate setup based on your testing requirements and network environment.
Best for: Complete end-to-end testing with external connectivity
- VM appears as another device on your local network
- Direct IP communication between VM and target systems
- Internet access available for both VM and targets
- Best for realistic testing scenarios
VirtualBox Setup:
# 1. Shutdown VM if running
# 2. VM Settings → Network → Adapter 1
# - Attached to: Bridged Adapter
# - Name: Select your active network interface (e.g., en0, Wi-Fi)
# 3. Start VMVMware Setup:
# 1. Shutdown VM if running
# 2. VM → Settings → Network Adapter
# - Network connection: Bridged Networking
# - Bridged to: Select your active network interface
# 3. Apply changes and start VMBest for: Secure, isolated testing environments
- Private network between your host and VM only
- No external network access (secure for testing)
- Controlled environment for vulnerability testing
VirtualBox Setup:
# 1. Shutdown VM if running
# 2. VM Settings → Network → Adapter 1
# - Attached to: Host-only Adapter
# - Name: vboxnet0 (created automatically)
# 3. Configure DHCP if needed:
# File → Preferences → Network → Host-only Networks
# 4. Start VMVMware Setup:
# 1. Shutdown VM if running
# 2. VM → Settings → Network Adapter
# - Network connection: Private to my Mac
# 3. Apply changes and start VMBest for: Internet access with controlled external connectivity
- VM shares host's internet connection
- Port forwarding required for external access
- Good for internet-based testing
VirtualBox Setup:
# 1. Shutdown VM if running
# 2. VM Settings → Network → Adapter 1
# - Attached to: NAT
# 3. Advanced → Port Forwarding:
# - Add rule: Host Port 2222, Guest Port 22 (SSH)
# - Add rule: Host Port 8080, Guest Port 80 (if needed)
# 4. Start VMOn Host System:
# Get host IP address
ifconfig | grep "inet " | grep -v 127.0.0.1 | head -1
# Get network gateway/router
netstat -nr | grep default | head -1
# Check network interface status
ifconfig en0 # Or your active interfaceIn VM (Linux):
# Get VM IP address
ip addr show | grep "inet " | grep -v 127.0.0.1
# Check default route
ip route show
# Test internet connectivity
ping 8.8.8.8
# Check DNS resolution
nslookup google.comGenerate SSH Keys in VM:
# Generate SSH key pair
ssh-keygen -t rsa -b 4096 -C "dem-testing@vm"
# Start SSH agent and add key
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
# Display public key for copying
cat ~/.ssh/id_rsa.pubConfigure Target System Access:
# Copy public key to target system (replace with actual target IP)
ssh-copy-id username@target-system-ip
# Test SSH connectivity
ssh username@target-system-ip "echo 'SSH connection successful'"
# Test Docker access on target
ssh username@target-system-ip "docker ps --format 'table {{.Names}}\t{{.Status}}'"Start DEM Services:
# Clone repository
git clone <repository-url>
cd Docker-Exploit-Mapper
# Start all services
docker compose up -d
# Verify services are running
docker compose ps
# Check service health
curl http://localhost:8000/health
curl http://localhost:8000/db/pingAccess DEM Interfaces:
- Frontend: http://localhost:5173
- Backend API: http://localhost:8000
- Neo4j Browser: http://localhost:7474
Target: DEM VM itself (for initial testing)
# In DEM VM - Start test containers
docker run -d --name test-nginx -p 8080:80 nginx:alpine
docker run -d --name test-redis -p 6379:6379 redis:alpine
docker run -d --name test-postgres -p 5432:5432 -e POSTGRES_PASSWORD=testpass postgres:13-alpine
# In DEM Frontend:
# 1. Create project: "VM Self-Assessment"
# 2. Discovery → Container Discovery
# - Host IP: localhost or 127.0.0.1
# - SSH User: your VM username
# - SSH Port: 22
# 3. Should discover: test-nginx, test-redis, test-postgresTarget: External Docker host via SSH
# Pre-configure SSH access to target
ssh-copy-id admin@remote-docker-host
# In DEM Frontend:
# 1. Create project: "Remote Host Assessment"
# 2. Discovery → Container Discovery
# - Host IP: remote-docker-host-ip
# - SSH User: admin
# - SSH Port: 22
# 3. Should discover all containers on remote hostTarget: Network reconnaissance and service detection
# In DEM Frontend:
# 1. Create project: "Network Reconnaissance"
# 2. Discovery → Port Scanning
# - Host IP: target-ip-or-hostname
# - Port Range: 1-1000 (quick) or 1-65535 (comprehensive)
# 3. Review open ports and detected servicesTarget: Complete container security evaluation
# In DEM Frontend:
# 1. Create project: "Container Vulnerability Assessment"
# 2. Discovery → Container Discovery (find targets)
# 3. Assessment → Vulnerability Scanning
# - Select containers from topology
# - Run Grype, Trivy, and Dockle scans
# - Review severity rankings and recommendations
# 4. Generate comprehensive reportTarget: Complex environment with multiple hosts
# Configure SSH access to multiple hosts
ssh-copy-id admin@host1
ssh-copy-id admin@host2
ssh-copy-id admin@host3
# In DEM Frontend:
# 1. Create project: "Multi-Host Assessment"
# 2. Discovery → Multiple container discoveries
# - Host1: IP/hostname + credentials
# - Host2: IP/hostname + credentials
# - Host3: IP/hostname + credentials
# 3. Assessment → Scan all discovered containers
# 4. Topology → View complete network map# Test bidirectional connectivity
ping <target-ip> # VM to target
ping <vm-ip> # Target to VM (run from target)
# Test SSH from VM to target
ssh -v username@target-ip "hostname && docker ps"
# Test port accessibility
nc -zv target-ip 22 # SSH port
nc -zv target-ip 2376 # Docker daemon (if exposed)# Test Docker socket access
docker ps
# Test Docker API access
curl --unix-socket /var/run/docker.sock http://localhost/version
# Test remote Docker access via SSH
ssh username@target-ip "docker version && docker ps"# Check all services
docker compose ps
# View service logs
docker compose logs backend
docker compose logs frontend
docker compose logs neo4j
# Test API endpoints
curl http://localhost:8000/docs # API documentation
curl http://localhost:8000/health # Health check
# Test database connectivity
curl http://localhost:8000/db/ping# Check VM network configuration
ip addr show eth0
# Release and renew IP address
sudo dhclient -r eth0
sudo dhclient eth0
# Check network connectivity
ping <gateway-ip>
ping 8.8.8.8
# Verify bridge interface on host
ifconfig | grep bridge# Check host-only network (on host)
VBoxManage list hostonlyifs # VirtualBox
ifconfig vboxnet0 # VirtualBox interface
# Check VM network configuration
ip addr show eth0
ip route show
# Test host connectivity
ping 192.168.56.1 # Default host-only gateway# Check NAT configuration
ip addr show eth0
# Test internet connectivity
ping 8.8.8.8
# Verify port forwarding (from host)
ssh localhost -p 2222 # Should connect to VM SSH
# Check NAT gateway
ip route show | grep default# VirtualBox VM settings recommendations:
# - CPU: 2-4 cores
# - RAM: 8GB minimum, 16GB recommended
# - Storage: 50GB+ for scans and data
# - Network: Bridged for best performance# Environment variables for performance
SCAN_TIMEOUT=600 # 10 minutes for large scans
NMAP_TIMEOUT=180 # 3 minutes for port scans
MAX_WORKERS=4 # Parallel scanning workers- Use Host-Only networks for sensitive testing
- Avoid Bridged mode on production networks
- Implement firewall rules for testing traffic
- Use dedicated testing accounts
- Implement SSH key-based authentication only
- Disable password authentication in SSH
# Stop test containers
docker stop $(docker ps -aq)
# Remove test containers and images
docker rm $(docker ps -aq)
docker rmi $(docker images -q)
# Clean up SSH keys (be careful!)
# rm ~/.ssh/id_rsa* # Only if test keys
# Reset firewall settings
sudo ufw --force reset # Ubuntu/Debian# Check VM network interface
ip addr show eth0
# Release and renew DHCP lease
sudo dhclient -r eth0
sudo dhclient eth0
# Check connectivity to gateway
ip route show
ping <gateway-ip>
# Verify DNS resolution
nslookup google.com# Check VM network configuration
ip addr show eth0
# Test connection to host
ping 192.168.56.1 # VirtualBox default
ping 192.168.x.1 # VMware default
# Check host-only network on host machine
# VirtualBox: VBoxManage list hostonlyifs
# VMware: Check VMware network settings# Check VM internet connectivity
ping 8.8.8.8
# Verify NAT gateway
ip route show | grep default
# Test port forwarding (from host)
ssh localhost -p 2222 # Forwarded SSH port# Test basic SSH connectivity
ssh -v username@target-host
# Check SSH agent status
ssh-add -l
# Verify SSH service on target
ssh username@target-host "sudo systemctl status ssh"
# Test Docker access on target
ssh username@target-host "docker ps"
# Check SSH key permissions
ls -la ~/.ssh/
# id_rsa should be 600, authorized_keys should be 644, .ssh should be 700# Check all service status
docker compose ps
# View specific service logs
docker compose logs backend
docker compose logs frontend
docker compose logs neo4j
# Restart individual services
docker compose restart backend
docker compose restart neo4j
# Check resource usage
docker stats
# Test API endpoints
curl http://localhost:8000/health
curl http://localhost:8000/db/ping# Test SSH to target manually
ssh username@target-ip "docker ps"
# Check Docker socket permissions on target
ssh username@target-ip "ls -la /var/run/docker.sock"
# Test Docker API access
ssh username@target-ip "curl --unix-socket /var/run/docker.sock http://localhost/containers/json"
# Verify user permissions on target
ssh username@target-ip "groups" # Should include 'docker' group
ssh username@target-ip "sudo docker ps" # Test sudo access# Test Nmap directly
nmap -sV -p 1-1000 target-ip
# Check if Nmap is available in DEM container
docker exec dem_backend which nmap
# Test network connectivity to target
ping target-ip
traceroute target-ip
# Check firewall on target system
ssh username@target-ip "sudo ufw status" # Ubuntu/Debian
ssh username@target-ip "sudo firewall-cmd --list-all" # CentOS/RHEL# Check if port 5173 is available
netstat -tlnp | grep :5173
# Test backend API connectivity
curl http://localhost:8000/health
# Check browser developer console for errors
# Look for CORS errors or network failures
# Verify frontend build
docker compose logs frontend# Test Neo4j connection
curl http://localhost:7474 # Browser interface
# Check database logs
docker compose logs neo4j
# Verify Neo4j credentials
docker exec dem_backend echo $NEO4J_USER $NEO4J_PASS
# Test database connectivity from backend
curl http://localhost:8000/db/ping- Project Creation: Define assessment scope with customizable parameters
- Project States: Active, archived, and locked project management
- Multi-Project Support: Handle multiple concurrent assessments
- Audit Trail: Complete activity logging for compliance
- SSH Integration: Secure remote container enumeration
- Multi-Host Support: Assess multiple Docker hosts simultaneously
- Real-time Discovery: Live container status and configuration data
- Network Topology: Automatic relationship mapping and visualization
- Multi-Tool Integration: Grype, Trivy, Dockle, and Gobuster
- Severity Classification: Critical, High, Medium, Low risk categorization
- Container-Specific Scanning: Image layer analysis and configuration checks
- Automated Workflows: Scheduled and on-demand scanning capabilities
- Network Mapping: Visual representation of host-container relationships
- Real-time Updates: Dynamic topology updates during assessments
- Interactive Navigation: Click-to-inspect container details and vulnerabilities
- Export Capabilities: Topology diagrams for documentation
- Metasploit Modules: Pre-configured exploitation modules
- Controlled Testing: Isolated exploitation environments
- Result Documentation: Automated exploitation result capture
- Risk Assessment: Exploitation success rate analysis
- PDF Reports: Professional assessment documentation with executive summaries
- CSV Exports: Vulnerability data for external analysis tools
- Custom Templates: Configurable report formats and branding
- Historical Reports: Access to previous assessment documentation
- Live Metrics: Real-time assessment progress and statistics
- Vulnerability Trends: Historical vulnerability analysis and trends
- Activity Monitoring: Live activity feeds and assessment timelines
- Performance Analytics: System performance and assessment efficiency metrics
DEM implements Department of Defense STIG-compliant security measures:
- Request Validation: Comprehensive input validation at all API endpoints
- SQL Injection Prevention: Parameterized queries and Neo4j security
- XSS Protection: Output encoding and secure rendering
- Command Injection Prevention: Sanitized subprocess execution
- SSH Key Authentication: Secure remote system access
- Container Isolation: Tool execution in isolated environments
- Audit Logging: Complete activity tracking and compliance reporting
- Session Security: Secure session management and timeout handling
- Encryption: Secure data transmission and storage
- Access Controls: Role-based access and permission management
- Data Sanitization: Secure handling of sensitive assessment data
- Compliance Reporting: STIG compliance documentation and validation
- Isolated Execution: All tools run in separate containers
- Resource Limits: Memory and CPU restrictions per tool
- Network Segmentation: Controlled network access for assessment tools
- Clean State: Fresh container instances for each assessment operation
-
backend/: FastAPI backend with clean architecture implementation- Domain layer with business entities and rules
- Application layer with business logic orchestration
- Infrastructure layer with external tool integrations
- Presentation layer with API endpoints and middleware
-
frontend/: SvelteKit frontend application- Clean architecture with domain, application, infrastructure, presentation layers
- TypeScript implementation with reactive state management
- Component library with accessibility and responsive design
- API integration layer with error handling and retry logic
-
VM_DEPLOYMENT_GUIDE.md: Comprehensive Kali Linux deployment instructions -
docker-compose.yml: Multi-service container orchestration configuration
POST /projects- Create new assessment projectGET /projects- List all projects with filtering optionsGET /projects/{id}- Retrieve specific project detailsPATCH /projects/{id}- Update project informationDELETE /projects/{id}- Remove project (admin only)POST /projects/{id}/archive- Archive/unarchive projectPOST /projects/{id}/lock- Lock/unlock project for editing
POST /discovery/containers- SSH-based container discoveryPOST /discovery/ports- Network port scanning with NmapGET /discovery/status/{project_id}- Discovery operation status
GET /dashboard/project/{project_id}- Project dashboard dataGET /dashboard/health- System health and metrics
GET /reports/project/{project_id}- Generate project report dataGET /reports/project/{project_id}/pdf- Export PDF assessment reportGET /reports/project/{project_id}/csv- Export CSV vulnerability data
GET /health- Basic application health checkGET /db/ping- Database connectivity verification
# Clone and setup
git clone <repository-url>
cd Docker-Exploit-Mapper
# Start development environment
docker compose up -d
# Access development interfaces
# Frontend: http://localhost:5173 (development server)
# Backend API: http://localhost:8000 (FastAPI with auto-reload)
# Neo4j Browser: http://localhost:7474 (database administration)# Generate SSH key pair in your VM
ssh-keygen -t rsa -b 4096 -C "dem-assessment@your-vm"
# Start SSH agent for key management
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
# Verify key is loaded
ssh-add -l# Copy public key to target system
ssh-copy-id username@target-system-ip
# Test SSH connectivity
ssh username@target-system-ip "echo 'SSH connection successful'"
# Verify Docker access on target
ssh username@target-system-ip "docker ps --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}'"
# Test Docker API access (if available)
ssh username@target-system-ip "curl --unix-socket /var/run/docker.sock http://localhost/containers/json"# DEM automatically detects SSH agent keys
# No manual configuration needed for key-based auth
# Test DEM SSH functionality:
# 1. Start DEM in VM
# 2. Create project in frontend
# 3. Use Discovery → Container Discovery
# 4. Enter target system details
# 5. DEM handles SSH authentication automatically
# For troubleshooting SSH issues:
ssh -v username@target-ip # Verbose connection testing
ssh username@target-ip "docker version" # Test Docker over SSH# SSH config file for multiple targets (~/.ssh/config)
Host target1
HostName 192.168.1.100
User admin
Port 22
IdentityFile ~/.ssh/id_rsa
Host target2
HostName 10.0.0.50
User dockeruser
Port 2222
IdentityFile ~/.ssh/id_rsa
# Test configurations
ssh target1 "docker ps"
ssh target2 "docker ps"- Responsive Design: Optimized for desktop, tablet, and mobile devices
- Real-time Updates: Live assessment progress and result streaming
- Interactive Visualizations: D3.js-powered topology and network maps
- Accessibility: WCAG 2.1 AA compliant interface components
- Progressive Web App: Offline-capable assessment interface
- Multi-language Support: Internationalization framework ready
For detailed technical documentation, see:
- Backend README: Comprehensive backend architecture guide
- Frontend README: Frontend development and structure guide
- VM Deployment Guide: Kali Linux deployment instructions
This system is designed for authorized cybersecurity assessment and penetration testing activities only. Users must comply with all applicable laws, regulations, and organizational policies regarding authorized system access and assessment activities.
Unauthorized use of this system may violate federal, state, and local laws. The developers and maintainers assume no liability for misuse of this assessment platform.