Permalink
Browse files

Adding better usage docs for docker

Exposing 44444
  • Loading branch information...
1 parent 4788aed commit a8e2f66e31d8ad4a769cd0e7c12c87559dd026f3 @andresriancho committed Jan 5, 2016
View
@@ -0,0 +1,52 @@
+w3af inside docker
+==================
+
+Using ``w3af`` inside docker should be transparent for most use cases, this page
+documents the use cases which are complex to solve when docker is added to the
+mix.
+
+Ports and services
+------------------
+
+Some w3af plugins, such as ``crawl.spider_man`` and ``audit.rfi`` start proxy
+HTTP services. In order to access these services the plugins need to be
+configured to listen on ``0.0.0.0`` and the port needs to be made accessible
+to the host using the ``-p`` parameter in the helper script
+(ie. ``extras/docker/scripts/w3af_console_docker``)
+
+Sharing data with the container
+-------------------------------
+
+When starting w3af using the ``w3af_console_docker`` or ``w3af_gui_docker``
+commands the docker containers are started with two volumes which are mapped to
+your home directory:
+
+ * ``~/.w3af/`` from your host is mapped to ``/root/.w3af/`` in the container.
+ This directory is mostly used by ``w3af`` to store scan profiles and internal
+ data.
+
+ * ``~/w3af-shared`` from your host is mapped to ``/root/w3af-shared`` in the
+ container. Use this directory to save your scan results and provide input files
+ to w3af.
+
+Debugging the container
+-----------------------
+
+The container runs a SSH daemon, which can be used to both run the ``w3af_console``
+and ``w3af_gui``. To connect to a running container use ``root`` as username and
+``w3af`` as password. Usually you don't need to worry about this, since the helper
+scripts will connect to the container for you.
+
+Another way to debug the container is to run the script with the ``-d`` flag:
+
+.. code-block:: console
+
+ $ sudo ./w3af_console_docker -d
+ root@a01aa9631945:~#
+
+
+.. note::
+
+ *WARNING*: Don't bind w3af's docker image to a public IP address unless you
+ really know what you're doing! Anyone will be able to SSH into the docker
+ image using the hard-coded SSH keys!
@@ -87,6 +87,6 @@ RUN apt-get clean
RUN rm -rf /var/lib/apt/lists/*
RUN rm -rf /tmp/pip-build-root
-EXPOSE 22
+EXPOSE 22 44444
CMD ["/usr/sbin/sshd", "-D"]
@@ -9,6 +9,7 @@
' -d'
' -v ~/.w3af:/root/.w3af'
' -v ~/w3af-shared:/root/w3af-shared'
+ ' -p 44444:44444'
' andresriancho/w3af')
@@ -33,14 +33,15 @@ if __name__ == '__main__':
' -v ~/.w3af:/root/.w3af'
' -v ~/w3af-shared:/root/w3af-shared'
' -p 5000:5000'
+ ' -p 44444:44444'
' andresriancho/w3af')
container_id = start_container(args.tag, command=docker_run)
if args.debug:
cmd = '/bin/bash'
elif args.api_config_file:
- cmd = '/home/w3af/w3af/w3af_api 0.0.0.0:5000 -c %s' % api_config_file
+ cmd = '/home/w3af/w3af/w3af_api 0.0.0.0:5000 -c %s' % args.api_config_file
else:
cmd = '/home/w3af/w3af/w3af_api 0.0.0.0:5000'

0 comments on commit a8e2f66

Please sign in to comment.