Add examples folder with attacks port-scan and ssh-brute-force.

.github/workflows/docker-image.yml

@@ -8,7 +8,7 @@ on:
 
 jobs:
 
-  build:
+  dorothea-container-build:
 
     runs-on: ubuntu-latest
 
@@ -20,8 +20,21 @@ jobs:
     - name: Build Docker image with Dockerfile.dorothea
       run: docker build . --file Dockerfile.dorothea --tag dorothea:$(date +%s)
 
+
+  example-container-build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        submodules: recursive
+
     - name: Build Docker image with Dockerfile.guineapig
-      run: docker build . --file Dockerfile.guineapig --tag guineapig:$(date +%s)
+      run: docker build ./examples --file Dockerfile.guineapig --tag guineapig:$(date +%s)
+
+    - name: Build Docker image with Dockerfile.attacker
+      run: docker build ./examples/port-scan --file Dockerfile.attacker --tag attacker:$(date +%s)
 
-    - name: Build Docker image with Dockerfile.third
-      run: docker build . --file Dockerfile.attacker --tag attacker:$(date +%s)
+    - name: Build Docker image with Dockerfile.attacker
+      run: docker build ./examples/ssh-brute-force --file Dockerfile.attacker --tag attacker:$(date +%s)

Dockerfile.dorothea

@@ -37,15 +37,16 @@ ENV PMACCT_CONFIG=/dorothea/dorothea-pmacctd.conf
 COPY --from=build /usr/local/ /usr/local
 
 # Copy pmacct default config
-COPY ./dorothea-pmacctd.conf /dorothea/dorothea-pmacctd.conf
+# The configuration file is present after mounting the volume on the compose examples
+#COPY ./dorothea-pmacctd.conf /dorothea/dorothea-pmacctd.conf
 
 # Install libpcap0.8 package required by pmacct
 RUN apt-get update && \
     apt-get install -y \
-    libpcap0.8 \
-    gawk && \
+    libpcap0.8 && \
     apt-get clean -y && \
     rm -rf /var/lib/apt/lists/*
 
+
 # Set the default command to run pmacctd with the specified configuration file
-CMD pmacctd -f ${PMACCT_CONFIG}
+ENTRYPOINT pmacctd -f ${PMACCT_CONFIG}

dorothea-pmacctd.conf

@@ -1,9 +1,9 @@
-!
-daemonize: false
-plugins: print
-print_refresh_time: 30
-print_output_file: /dorothea/flow-captures.csv
-print_output_file_append: true
-pcap_interface: docker0
-aggregate: src_host, dst_host, src_port, dst_port, proto, tos
-! ...
+    !
+    daemonize: false
+    plugins: print
+    print_refresh_time: 30
+    print_output_file: /dorothea/flow-captures.csv
+    print_output_file_append: true
+    pcap_interface: br-b499ba49a7df
+    aggregate: src_host, dst_host, src_port, dst_port, proto, tos
+    ! ...

Dockerfile.attacker → examples/port-scan/Dockerfile.attacker

@@ -5,7 +5,7 @@ FROM kalilinux/kali-last-release:latest
 RUN apt-get update && \
     apt-get install -y \
     nmap \
-    # hydra \
+    hydra
     # slowloris
 
 # Run the nmap scan against vulnerable nodes

examples/port-scan/docker-compose.yml

@@ -0,0 +1,43 @@
+name: dorothea
+
+services:
+  pmacct-probe:
+    build:
+      context: ../..
+      dockerfile: Dockerfile.dorothea
+    network_mode: "host"
+    volumes:
+      - .:/dorothea
+
+  # YOUR ACTIONS: Remove the example service below and add your own
+  guinea-pig:
+    build:
+      context: ..
+      dockerfile: Dockerfile.guineapig
+    network_mode: "bridge"
+    ports:
+      - "80:80"
+    healthcheck:
+      test: ["CMD-SHELL", "service ssh status || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    deploy:
+      resources:
+        limits:
+          cpus: '1.0'     # Limit to 1.0 CPUs
+          memory: 1024M    # Limit to 1024 MB of RAM
+        reservations:
+          cpus: '0.25'    # Reserve 0.5 CPUs
+          memory: 512M    # Reserve 512 MB of RAM
+
+  attacker:
+    build:
+        context: .
+        dockerfile: Dockerfile.attacker
+    network_mode: "bridge"
+    depends_on:
+      guinea-pig:
+        condition: service_healthy
+    command: ["nmap", "-p0-", "-v", "-A", "-T4", "172.17.0.0/16"]
+

examples/ssh-brute-force/Dockerfile.attacker

@@ -0,0 +1,13 @@
+# Attacker 
+FROM kalilinux/kali-last-release:latest
+
+# Install nmap package
+RUN apt-get update && \
+    apt-get install -y \
+    hydra
+    # slowloris
+
+RUN wget -O rockyou.txt https://raw.githubusercontent.com/josuamarcelc/common-password-list/main/rockyou.txt/rockyou_1.txt
+
+# Run the nmap scan against vulnerable nodes
+#CMD nmap -p0- -v -A -T4 ${DEFAULT_NETWORK}

examples/ssh-brute-force/docker-compose.yml

@@ -0,0 +1,50 @@
+name: dorothea
+
+services:
+  pmacct-probe:
+    build:
+      context: ../..
+      dockerfile: Dockerfile.dorothea
+    network_mode: "host"
+    volumes:
+      - .:/dorothea
+
+  # YOUR ACTIONS: Remove the example service below and add your own
+  guinea-pig:
+    build:
+      context: ..
+      dockerfile: Dockerfile.guineapig
+    networks:
+      - dorothea-net
+    hostname: guinea-pig
+    ports:
+      - "80:80"
+    healthcheck:
+      test: ["CMD-SHELL", "service ssh status || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    deploy:
+      resources:
+        limits:
+          cpus: '1.0'     # Limit to 1.0 CPUs
+          memory: 1024M    # Limit to 1024 MB of RAM
+        reservations:
+          cpus: '0.25'    # Reserve 0.5 CPUs
+          memory: 512M    # Reserve 512 MB of RAM
+
+  attacker:
+    build:
+        context: .
+        dockerfile: Dockerfile.attacker
+    networks:
+      - dorothea-net
+    depends_on:
+      guinea-pig:
+        condition: service_healthy
+    command: ["hydra", "-l", "dorothea", "-P", "rockyou.txt", "ssh://guinea-pig"]
+
+networks:
+  dorothea-net:
+    driver: bridge
+    name: dorothea-net