Introduction to Docker and How Docker can be used as Pentesting?

What is Docker?

Docker is an open-source platform for building and running applications in a container that acts as a lightweight virtual machine.


Docker Container: Containers are designed to run isolated from other processes so they only take up the resources they require. This means that containers don’t interfere with each other or the host operating system, nor do they consume memory, processor time, or disk space beyond what is needed by the application.

Docker Hub: Docker Hub is a cloud-based registry for users to create, store, manage, test,  and distribute Docker images.

Docker Images: A Docker image serves as a template for creating containers. To create docker images, one can use the build command. Docker images are much faster to build compared to virtual machines and require a lot less space.

Docker Registry: The Docker Registry stores all of the Docker images. Users can have a local registry on their machine or use a public registry like Docker Hub.

Difference between Docker and Virtual Machine:

Docker is a service offering platform that uses the host OS Kernel rather than a standard virtual machine, which requires OS installation for each virtual machine.
The containers of docker contain all of the dependencies and libraries that an application or service requires to execute, removing the need to manually install them.
Docker containers are substantially more efficient than virtual machines since they use the host operating system.
As there are fewer layers to virtualize, docker is more efficient in terms of installation and configuration time, and resource utilization.
Unlike Virtual Machine, Docker containers do not have separate operating systems. So, porting a docker container is easy as compared to the virtual machine.
The virtual machine does not share an operating system. The host kernel is also highly isolated in a virtual machine. While Docker containers share a host kernel. As a result, virtual machines are more secure than Containers.

Installing the Docker

We can install docker directly using the package manager or scripts. Following is the command to install docker using aptitude package manager:

$ sudo apt-get install

After installing the docker, we can check the version of docker using the following command:

$ docker –version

Now, we should enable the docker service which can be done by the following command:

$ sudo systemctl enable docker

After enabling the service, we must start the docker service in order to work with docker:

$ sudo systemctl start docker

Now, we can start working with docker.

Basic Commands

  • docker version – It shows a version of docker client, API, engine, containerd, runc, docker-init
  • docker info – We will get more information about docker settings
  • docker pull registry:5000/alpine –  It will download the image
  • docker inspect  – We will get the information of the container
  • docker network ls – It will list network information
  • docker exec -it  /bin/sh – Get a shell inside a container
  • docker commit  registry:5000/name-container – Update container
  • docker export -o alpine.tar  – This will export the container as a tar file
  • docker save -o ubuntu.tar  – It will export an image
  • docker ps -a – This will list currently running and stopped containers
  • docker stop  – It is used to stop running container
  • docker rm  – It will remove container ID
  • docker image ls – This will list all the docker images
  • docker rmi  – This will remove the image
  • docker system prune -a -This will remove all networks not used by at least one container, all stopped containers, and all images without at least one container associated to them

How Docker can be used as Pentesting?

Now, we know how docker images and docker containers work. We can also get started by downloading the images and running it as a container with docker. We can use Kali’s pre-built pentesting OS images. As we have discussed above, the docker hub has a lot of alternative dockerized images. We can use these alternative dockerized images for pen-testing and learning purposes.

We may use the pre-set docker pull command on the docker repository page to pull an image from the docker hub, which will download the image to our host for deployment.

By using the following command, we can pull the official Kali Linux Docker image:

$ docker pull kalilinux/kali-linux-docker

After pulling Kali Linux Docker image, we can check whether the image has been saved by going to our local docker images or not using the following command:

$ docker images

This will show all of our downloaded images, which can be used right away. It also provides vital information about the image, such as the repository name, image ID, and size of the image.

The following commands are used to create a container from an image:

$ docker run -it –rm kalilinux/kali-linux-docker /bin/bash

Where -it  #Interactive Terminal

-d  #Detached mode that will run the container in the background

–rm  #It will delete the container after it has been put in an excited state.

This command will start a Kali Linux container with a bash interactive terminal.

We’ll be logged in to the Kali docker container with bash interactive terminal after running the run command. We can now use the Kali repository in order to install the different pen-testing tools that we require as the Kali image does not have any pre-installed tools.

One of the drawbacks of using Kali’s pen-testing images is that they assume Docker can only be used to run a single tool or toolkit, while it may be utilized to achieve a far more comprehensive experience.

This is why we have to construct our own docker image, which would include all of the necessary and vital tools for penetration testing.

Table of Contents

Social Media