diff --git a/.github/workflows/kiterunner.yml b/.github/workflows/kiterunner.yml index 4079e5e..2a0ed4f 100644 --- a/.github/workflows/kiterunner.yml +++ b/.github/workflows/kiterunner.yml @@ -4,15 +4,19 @@ on: push: branches: - main # Change to your default branch if not main + - sonarcloud-kiterunner pull_request: - branches: - - main # Change to your default branch if not main + types: [opened, synchronize, reopened] permissions: contents: read packages: write security-events: write +env: + RELEASE_VERSION: "v1.0.2" + KR_DIR: "/usr/local/kiterunner" + jobs: build-and-push: runs-on: ${{ matrix.os }} @@ -24,10 +28,6 @@ jobs: - uses: actions/checkout@v3 - uses: snyk/actions/setup@master - - name: Set release version - id: set_version - run: echo "RELEASE_VERSION=1.0.2" >> $GITHUB_ENV - - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: @@ -49,6 +49,7 @@ jobs: - name: Build and push Docker image run: | docker buildx build --push \ + --build-arg KR_DIR=${{ env.KR_DIR }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} \ --tag ghcr.io/${{ github.repository_owner }}/kiterunner:${{ env.RELEASE_VERSION }} \ --tag ghcr.io/${{ github.repository_owner }}/kiterunner:latest \ --platform linux/amd64,linux/arm64 ./files/kiterunner @@ -74,4 +75,50 @@ jobs: - name: Upload SARIF Report to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: snyk.sarif \ No newline at end of file + sarif_file: snyk.sarif + + sonarcloud-kiterunner: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest] + + steps: + # Checkout the kiterunner repository + - name: Checkout kiterunner Repository + uses: actions/checkout@v4 + with: + repository: assetnote/kiterunner + path: kiterunner # Optional: Clone into a specific directory + ref: ${{ env.RELEASE_VERSION }} + + # Install dependencies + - name: Install dependencies + run: | + cd kiterunner + sudo apt update && sudo apt install -y \ + build-essential \ + git \ + autoconf \ + automake \ + libtool-bin \ + pkg-config \ + libcurl4-openssl-dev \ + libusb-1.0-0-dev \ + libssl-dev \ + udev \ + && sudo rm -rf /var/lib/apt/lists/* + + # SonarCloud Scan + - name: SonarCloud Scan + uses: sonarsource/sonarqube-scan-action@v4 + continue-on-error: true + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + args: > + -Dsonar.organization=matusso + -Dsonar.projectKey=docker-builds:kiterunner + -Dsonar.verbose=true + -Dsonar.projectName=kiterunner + -Dsonar.sources=kiterunner \ No newline at end of file diff --git a/.github/workflows/mvt-project_sonarcloud.yml b/.github/workflows/mvt-project_sonarcloud.yml index a513d5e..af3eee2 100644 --- a/.github/workflows/mvt-project_sonarcloud.yml +++ b/.github/workflows/mvt-project_sonarcloud.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - # Checkout the RouterSploit repository + # Checkout the mvt-project repository - name: Checkout mvt-project Repository uses: actions/checkout@v4 with: @@ -27,8 +27,8 @@ jobs: with: python-version: '3.13' - # Install Python dependencies - - name: Install Python dependencies + # Install dependencies + - name: Install dependencies run: | cd mvt sudo apt update && sudo apt install -y \ @@ -44,7 +44,7 @@ jobs: udev \ && sudo rm -rf /var/lib/apt/lists/* - # SonarCloud Scan for RouterSploit + # SonarCloud Scan - name: SonarCloud Scan uses: sonarsource/sonarqube-scan-action@v4 continue-on-error: true diff --git a/.github/workflows/routersploit.yml b/.github/workflows/routersploit.yml index 8d6ce19..0d339da 100644 --- a/.github/workflows/routersploit.yml +++ b/.github/workflows/routersploit.yml @@ -4,9 +4,9 @@ on: push: branches: - main # Change to your default branch if not main + - sonarcloud-kiterunner pull_request: - branches: - - main # Change to your default branch if not main + types: [opened, synchronize, reopened] permissions: contents: read diff --git a/.github/workflows/routersploit_sonarcloud.yml b/.github/workflows/routersploit_sonarcloud.yml index 50dfe3f..7ffd6f0 100644 --- a/.github/workflows/routersploit_sonarcloud.yml +++ b/.github/workflows/routersploit_sonarcloud.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - sonarcloud-kiterunner pull_request: types: [opened, synchronize, reopened] diff --git a/README.md b/README.md index dc6743f..f356dd9 100644 --- a/README.md +++ b/README.md @@ -1,90 +1,104 @@ -# docker-builds + # docker-builds -## Security Tools Docker Images + ## Security Tools Docker Images -This repository automates the process of building and publishing Docker images for various popular security tools. + This repository automates the process of building and publishing Docker images for various popular security tools. -## About + ## About -This project simplifies the deployment of essential security tools by containerizing them. Using these Docker images, you can quickly run tools without worrying about installation dependencies or conflicts on your host system. + This project simplifies the deployment of essential security tools by containerizing them. Using these Docker images, you can quickly run tools without worrying about installation dependencies or conflicts on your host system. -The following security tools are included in this repository: + The following security tools are included in this repository: -1. **[binwalk](https://github.com/ReFirmLabs/binwalk)** - - A tool for analyzing binary files for embedded files and executable code. - - Useful for reverse engineering firmware and binary analysis. - - [![ghcr.io/matusso/binwalk](https://github.com/matusso/docker-builds/actions/workflows/binwalk.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/binwalk.yml) + 1. **[binwalk](https://github.com/ReFirmLabs/binwalk)** + - A tool for analyzing binary files for embedded files and executable code. + - Useful for reverse engineering firmware and binary analysis. + - [![ghcr.io/matusso/binwalk](https://github.com/matusso/docker-builds/actions/workflows/binwalk.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/binwalk.yml) -2. **[dirsearch](https://github.com/maurosoria/dirsearch)** - - A simple command-line tool designed to brute-force directories and files in web servers. - - Helps uncover hidden directories and files for security assessments. - - [![ghcr.io/matusso/dirsearch](https://github.com/matusso/docker-builds/actions/workflows/dirsearch.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/dirsearch.yml) + 2. **[dirsearch](https://github.com/maurosoria/dirsearch)** + - A simple command-line tool designed to brute-force directories and files in web servers. + - Helps uncover hidden directories and files for security assessments. + - [![ghcr.io/matusso/dirsearch](https://github.com/matusso/docker-builds/actions/workflows/dirsearch.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/dirsearch.yml) -3. **[ghauri](https://github.com/r0oth3x49/ghauri)** - - A fast and powerful SQL injection detection and exploitation tool. - - Ideal for penetration testing web applications. - - [![ghcr.io/matusso/ghauri](https://github.com/matusso/docker-builds/actions/workflows/ghauri.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/ghauri.yml) + 3. **[ghauri](https://github.com/r0oth3x49/ghauri)** + - A fast and powerful SQL injection detection and exploitation tool. + - Ideal for penetration testing web applications. + - [![ghcr.io/matusso/ghauri](https://github.com/matusso/docker-builds/actions/workflows/ghauri.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/ghauri.yml) -4. **[metasploit-framework](https://github.com/rapid7/metasploit-framework)** - - A comprehensive penetration testing framework. - - Features exploits, payloads, and tools for security testing and research. - - [![ghcr.io/matusso/metasploit-framework](https://github.com/matusso/docker-builds/actions/workflows/metasploit-framework.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/metasploit-framework.yml) + 4. **[metasploit-framework](https://github.com/rapid7/metasploit-framework)** + - A comprehensive penetration testing framework. + - Features exploits, payloads, and tools for security testing and research. + - [![ghcr.io/matusso/metasploit-framework](https://github.com/matusso/docker-builds/actions/workflows/metasploit-framework.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/metasploit-framework.yml) + [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=docker-builds%3Ametasploit-framework&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=docker-builds%3Ametasploit-framework) -5. **[mvt-project](https://github.com/mvt-project/mvt)** - - Mobile Verification Toolkit (MVT) for analyzing mobile devices. - - Assists in detecting traces of known surveillance spyware. - - [![ghcr.io/matusso/mvt](https://github.com/matusso/docker-builds/actions/workflows/mvt-project.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/mvt-project.yml) + 5. **[mvt-project](https://github.com/mvt-project/mvt)** + - Mobile Verification Toolkit (MVT) for analyzing mobile devices. + - Assists in detecting traces of known surveillance spyware. + - [![ghcr.io/matusso/mvt](https://github.com/matusso/docker-builds/actions/workflows/mvt-project.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/mvt-project.yml) + [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=docker-builds%3Amvt-project&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=docker-builds%3Amvt-project) -6. **[kiterunner](https://github.com/assetnote/kiterunner)** - - Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning fast speeds, but also bruteforcing routes/endpoints in modern applications.. - - [![ghcr.io/matusso/kiterunner](https://github.com/matusso/docker-builds/actions/workflows/kiterunner.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/kiterunner.yml) + 6. **[kiterunner](https://github.com/assetnote/kiterunner)** + - Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning fast speeds, but also bruteforcing routes/endpoints in modern applications.. + - [![ghcr.io/matusso/kiterunner](https://github.com/matusso/docker-builds/actions/workflows/kiterunner.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/kiterunner.yml) + [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=docker-builds%3Akiterunner&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=docker-builds%3Akiterunner) -7. **[wafw00f](https://github.com/EnableSecurity/wafw00f)** - - WAFW00F can detect a number of firewalls - - [![ghcr.io/matusso/wafw00f](https://github.com/matusso/docker-builds/actions/workflows/wafw00f.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/wafw00f.yml) + 7. **[wafw00f](https://github.com/EnableSecurity/wafw00f)** + - WAFW00F can detect a number of firewalls + - [![ghcr.io/matusso/wafw00f](https://github.com/matusso/docker-builds/actions/workflows/wafw00f.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/wafw00f.yml) -8. **[routersploit](https://github.com/threat9/routersploit)** - - The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. - - [![ghcr.io/matusso/routersploit](https://github.com/matusso/docker-builds/actions/workflows/routersploit.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/routersploit.yml) + 8. **[routersploit](https://github.com/threat9/routersploit)** + - The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. + - [![ghcr.io/matusso/routersploit](https://github.com/matusso/docker-builds/actions/workflows/routersploit.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/routersploit.yml) + [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=docker-builds%3Aroutersploit&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=docker-builds%3Aroutersploit) -## Multi-Architecture Support + ## Multi-Architecture Support -All Docker images are built and published for the following architectures: -- **amd64**: For x86_64 systems. -- **arm64**: For ARM-based systems, including Apple M1/M2 and Raspberry Pi. + All Docker images are built and published for the following architectures: + - **amd64**: For x86_64 systems. + - **arm64**: For ARM-based systems, including Apple M1/M2 and Raspberry Pi. -## Why Use This Project? + ## SonarCloud Scanning -- **Consistency:** Pre-built Docker images ensure that the tools work as intended across various environments. -- **Convenience:** No need to manually install or configure dependencies for each tool. -- **Automation:** GitHub Actions automatically build and publish updated Docker images when changes are made to the repository. + This repository integrates with SonarCloud to maintain high code quality and security standards. + Each pull request and push to the main branch is automatically analyzed using SonarCloud. + The analysis covers: + - Code smells + - Security hotspots + - Bugs + - Maintainability -## How to Use + ## Why Use This Project? -1. Pull the desired tool's Docker image: -```bash -docker pull ghcr.io/matusso/ -``` + - **Consistency:** Pre-built Docker images ensure that the tools work as intended across various environments. + - **Convenience:** No need to manually install or configure dependencies for each tool. + - **Automation:** GitHub Actions automatically build and publish updated Docker images when changes are made to the repository. -2. Run the tool: -```bash -docker run --rm -it ghcr.io/matusso/ [tool-arguments] -``` + ## How to Use -#### Example + 1. Pull the desired tool's Docker image: + ```bash + docker pull ghcr.io/matusso/ + ``` -To use dirsearch: + 2. Run the tool: + ```bash + docker run --rm -it ghcr.io/matusso/ [tool-arguments] + ``` -``` -docker pull ghcr.io/matusso/dirsearch -docker run --rm -it ghcr.io/matusso/dirsearch -u https://example.com -``` + #### Example -#### Contributions + To use dirsearch: -Contributions to add more tools or improve the existing ones are welcome. Please create a pull request or open an issue for discussion. + ``` + docker pull ghcr.io/matusso/dirsearch + docker run --rm -it ghcr.io/matusso/dirsearch -u https://example.com + ``` + #### Contributions -#### License + Contributions to add more tools or improve the existing ones are welcome. Please create a pull request or open an issue for discussion. -This repository is distributed under the MIT License. Please check the individual projects for their respective licenses. \ No newline at end of file + + #### License + + This repository is distributed under the MIT License. Please check the individual projects for their respective licenses. diff --git a/files/kiterunner/Dockerfile b/files/kiterunner/Dockerfile index e9b922e..993caa0 100644 --- a/files/kiterunner/Dockerfile +++ b/files/kiterunner/Dockerfile @@ -1,12 +1,14 @@ # Use Alpine Linux as the base image FROM alpine:latest -# Set environment variables -ENV KR_VERSION="v1.0.2" \ - KR_DIR="/usr/local/kiterunner" +ARG KR_DIR=${KR_DIR} \ + RELEASE_VERSION=${RELEASE_VERSION} + +ENV KR_DIR=${KR_DIR} \ + RELEASE_VERSION=${RELEASE_VERSION} # Install dependencies -RUN apk update && apk add --no-cache \ +RUN KR_DIR="$KR_DIR" apk update && apk add --no-cache \ bash \ build-base \ git \ @@ -15,7 +17,7 @@ RUN apk update && apk add --no-cache \ # Clone kiterunner repository and build WORKDIR $KR_DIR -RUN git clone --depth=1 --branch "$KR_VERSION" https://github.com/assetnote/kiterunner.git . \ +RUN RELEASE_VERSION="$RELEASE_VERSION" git clone --depth=1 --branch "$RELEASE_VERSION" https://github.com/assetnote/kiterunner.git . \ && make build \ && ln -s $(pwd)/dist/kr /usr/local/bin/kr