This project is/will be a indirectly connected project of SneakAttack Dockerfiles

Docker Container for Penetration Testing

• Will Include a lot of tools that are not known, but efficient.

build

docker build -t sneakattack .

To Do

• Add 5 tools for each section Before First Image
• Setup Docker Hub Repo
• Setup up Module build for Each Section
• Add a fullset of security tools for each Section
• Map All Tools to MITRE-Attack Framework (Goal is to have a larger MITRE coverage then any other Docker Container or OS)
• Develop Custom Distro, which will be called SneakAttack OS

Tools to Add

Information Gathering

Pentest tool list for information gathering Reconnaissance against a target to gather as much information as possible to be utilized when penetrating the target during the vulnerability assessment and exploitation phases.

• arp-scan
• 0trace
• amap
• arping
• braa
• thc-ipv6
• dmitry
• dnsenum
• dnsmap
• enum4linux
• etherape
• fping
• gobuster
• hping3
• ike-scan
• intrace
• irpas
• lbd
• maltego
• masscan
• nbtscan
• netdiscover
• nmap
• onesixtyone
• p0f
• recon-ng
• smbmap
• smtp-user-enum
• snmpcheck
• ssldump
• sslh
• sslscan
• sslyze
• swaks
• theharvester
• unicornscan
• ismtp
• python3-shodan
• emailharvester
• instaloader
• inspy
• sherlock
• certgraph
• nmapsi4

Vulnerability Analysis

Pentest tool list for vulnerability analysis Discovering flaws in systems and applications which can be leveraged by an attacker. These flaws can range anywhere from host and service misconfiguration, or insecure application design.

• [ ]
• [ ]
• [ ]
• [ ]

Web Application

Pentest tool list for web analysis Discovering information and flaws in web applications layer.

• [ ]
• [ ]
• [ ]
• [ ]

Exploitation

Pentest tool list for exploitation Establishing access to a system or resource by bypassing security restrictions.

• [ ]
• [ ]
• [ ]
• [ ]

Maintain Access

A collection of tools used for maintaining access once a connection has been established.

• [ ]
• [ ]
• [ ]
• [ ]

Post Exploitation

Pentest tool list for post exploitation Determine the value of the machine compromised and to maintain control of the machine for later use.

• [ ]
• [ ]
• [ ]
• [ ]

Passwork Attack

A collection of tools used for password attacks such as creating wordlists, brute force.

• [ ]
• [ ]
• [ ]
• [ ]

Wireless

A collection of tools used for wireless audits, attacks and exploits.

• [ ]
• [ ]
• [ ]
• [ ]

Network Sniffing

A collection of tools used for monitoring and sniffing the data flowing over computer networks.

• [ ]
• [ ]
• [ ]
• [ ]

Forensic

A Collection of tools used for identification, collection, preservation, acquisition, investigation, analysis and reporting of digital devices and data.

• [ ]
• [ ]
• [ ]
• [ ]

Reverse Engineering

A collection of tools used for reverse engineering software and binaries

• [ ]
• [ ]
• [ ]
• [ ]

Reporting

The collection of tools used for gathering data and reports when performing pentests.

• [ ]
• [ ]
• [ ]
• [ ]

Cloud

This of all the headless tools that can be useful on a remotely controlled cloud environment.

• [ ]
• [ ]
• [ ]
• [ ]