matusso · matusso · Dec 7, 2024 · Dec 7, 2024 · Dec 7, 2024 · Dec 7, 2024
diff --git a/.github/workflows/kiterunner.yml b/.github/workflows/kiterunner.yml
@@ -4,15 +4,19 @@ on:
   push:
     branches:
       - main  # Change to your default branch if not main
+      - sonarcloud-kiterunner
   pull_request:
-    branches:
-      - main  # Change to your default branch if not main
+    types: [opened, synchronize, reopened]
 
 permissions:
   contents: read
   packages: write
   security-events: write
 
+env:
+  RELEASE_VERSION: "v1.0.2"
+  KR_DIR: "/usr/local/kiterunner"
+
 jobs:
   build-and-push:
     runs-on: ${{ matrix.os }}
@@ -24,10 +28,6 @@ jobs:
       - uses: actions/checkout@v3
       - uses: snyk/actions/setup@master
 
-      - name: Set release version
-        id: set_version
-        run: echo "RELEASE_VERSION=1.0.2" >> $GITHUB_ENV
-
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@v3
         with:
@@ -49,6 +49,7 @@ jobs:
       - name: Build and push Docker image
         run: |
           docker buildx build --push \
+            --build-arg KR_DIR=${{ env.KR_DIR }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} \
             --tag ghcr.io/${{ github.repository_owner }}/kiterunner:${{ env.RELEASE_VERSION }} \
             --tag ghcr.io/${{ github.repository_owner }}/kiterunner:latest \
             --platform linux/amd64,linux/arm64 ./files/kiterunner
@@ -74,4 +75,50 @@ jobs:
       - name: Upload SARIF Report to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: snyk.sarif
+          sarif_file: snyk.sarif
+
+  sonarcloud-kiterunner:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+
+    steps:
+      # Checkout the kiterunner  repository
+      - name: Checkout kiterunner Repository
+        uses: actions/checkout@v4
+        with:
+          repository: assetnote/kiterunner
+          path: kiterunner  # Optional: Clone into a specific directory
+          ref: ${{ env.RELEASE_VERSION }}
+
+      # Install dependencies
+      - name: Install dependencies
+        run: |
+          cd kiterunner
+          sudo apt update && sudo apt install -y \
+            build-essential \
+            git \
+            autoconf \
+            automake \
+            libtool-bin \
+            pkg-config \
+            libcurl4-openssl-dev \
+            libusb-1.0-0-dev \
+            libssl-dev \
+            udev \
+            && sudo rm -rf /var/lib/apt/lists/*
+
+      # SonarCloud Scan
+      - name: SonarCloud Scan
+        uses: sonarsource/sonarqube-scan-action@v4
+        continue-on-error: true
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          args: >
+            -Dsonar.organization=matusso
+            -Dsonar.projectKey=docker-builds:kiterunner
+            -Dsonar.verbose=true
+            -Dsonar.projectName=kiterunner
+            -Dsonar.sources=kiterunner
diff --git a/.github/workflows/mvt-project_sonarcloud.yml b/.github/workflows/mvt-project_sonarcloud.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      # Checkout the RouterSploit repository
+      # Checkout the mvt-project repository
       - name: Checkout mvt-project Repository
         uses: actions/checkout@v4
         with:
@@ -27,8 +27,8 @@ jobs:
         with:
           python-version: '3.13'
 
-      # Install Python dependencies
-      - name: Install Python dependencies
+      # Install dependencies
+      - name: Install dependencies
         run: |
           cd mvt
           sudo apt update && sudo apt install -y \
@@ -44,7 +44,7 @@ jobs:
             udev \
             && sudo rm -rf /var/lib/apt/lists/*
 
-      # SonarCloud Scan for RouterSploit
+      # SonarCloud Scan
       - name: SonarCloud Scan
         uses: sonarsource/sonarqube-scan-action@v4
         continue-on-error: true

diff --git a/.github/workflows/routersploit.yml b/.github/workflows/routersploit.yml
@@ -4,9 +4,9 @@ on:
   push:
     branches:
       - main  # Change to your default branch if not main
+      - sonarcloud-kiterunner
   pull_request:
-    branches:
-      - main  # Change to your default branch if not main
+    types: [opened, synchronize, reopened]
 
 permissions:
   contents: read

diff --git a/.github/workflows/routersploit_sonarcloud.yml b/.github/workflows/routersploit_sonarcloud.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - main
+      - sonarcloud-kiterunner
   pull_request:
     types: [opened, synchronize, reopened]
 

diff --git a/README.md b/README.md
@@ -1,90 +1,104 @@
-# docker-builds
+   # docker-builds
 
-## Security Tools Docker Images
+   ## Security Tools Docker Images
 
-This repository automates the process of building and publishing Docker images for various popular security tools.
+   This repository automates the process of building and publishing Docker images for various popular security tools.
 
-## About
+   ## About
 
-This project simplifies the deployment of essential security tools by containerizing them. Using these Docker images, you can quickly run tools without worrying about installation dependencies or conflicts on your host system.
+   This project simplifies the deployment of essential security tools by containerizing them. Using these Docker images, you can quickly run tools without worrying about installation dependencies or conflicts on your host system.
 
-The following security tools are included in this repository:
+   The following security tools are included in this repository:
 
-1. **[binwalk](https://github.com/ReFirmLabs/binwalk)**  
-   - A tool for analyzing binary files for embedded files and executable code.  
-   - Useful for reverse engineering firmware and binary analysis.
-   - [![ghcr.io/matusso/binwalk](https://github.com/matusso/docker-builds/actions/workflows/binwalk.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/binwalk.yml)
+   1. **[binwalk](https://github.com/ReFirmLabs/binwalk)**  
+      - A tool for analyzing binary files for embedded files and executable code.  
+      - Useful for reverse engineering firmware and binary analysis.
+      - [![ghcr.io/matusso/binwalk](https://github.com/matusso/docker-builds/actions/workflows/binwalk.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/binwalk.yml)
 
-2. **[dirsearch](https://github.com/maurosoria/dirsearch)**  
-   - A simple command-line tool designed to brute-force directories and files in web servers.  
-   - Helps uncover hidden directories and files for security assessments.
-   - [![ghcr.io/matusso/dirsearch](https://github.com/matusso/docker-builds/actions/workflows/dirsearch.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/dirsearch.yml)
+   2. **[dirsearch](https://github.com/maurosoria/dirsearch)**  
+      - A simple command-line tool designed to brute-force directories and files in web servers.  
+      - Helps uncover hidden directories and files for security assessments.
+      - [![ghcr.io/matusso/dirsearch](https://github.com/matusso/docker-builds/actions/workflows/dirsearch.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/dirsearch.yml)
 
-3. **[ghauri](https://github.com/r0oth3x49/ghauri)**  
-   - A fast and powerful SQL injection detection and exploitation tool.  
-   - Ideal for penetration testing web applications.
-   - [![ghcr.io/matusso/ghauri](https://github.com/matusso/docker-builds/actions/workflows/ghauri.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/ghauri.yml)
+   3. **[ghauri](https://github.com/r0oth3x49/ghauri)**  
+      - A fast and powerful SQL injection detection and exploitation tool.  
+      - Ideal for penetration testing web applications.
+      - [![ghcr.io/matusso/ghauri](https://github.com/matusso/docker-builds/actions/workflows/ghauri.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/ghauri.yml)
 
-4. **[metasploit-framework](https://github.com/rapid7/metasploit-framework)**  
-   - A comprehensive penetration testing framework.  
-   - Features exploits, payloads, and tools for security testing and research.
-   - [![ghcr.io/matusso/metasploit-framework](https://github.com/matusso/docker-builds/actions/workflows/metasploit-framework.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/metasploit-framework.yml)
+   4. **[metasploit-framework](https://github.com/rapid7/metasploit-framework)**  
+      - A comprehensive penetration testing framework.  
+      - Features exploits, payloads, and tools for security testing and research.
+      - [![ghcr.io/matusso/metasploit-framework](https://github.com/matusso/docker-builds/actions/workflows/metasploit-framework.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/metasploit-framework.yml)
+        [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=docker-builds%3Ametasploit-framework&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=docker-builds%3Ametasploit-framework)
 
-5. **[mvt-project](https://github.com/mvt-project/mvt)**  
-   - Mobile Verification Toolkit (MVT) for analyzing mobile devices.  
-   - Assists in detecting traces of known surveillance spyware.
-   - [![ghcr.io/matusso/mvt](https://github.com/matusso/docker-builds/actions/workflows/mvt-project.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/mvt-project.yml)
+   5. **[mvt-project](https://github.com/mvt-project/mvt)**  
+      - Mobile Verification Toolkit (MVT) for analyzing mobile devices.  
+      - Assists in detecting traces of known surveillance spyware.
+      - [![ghcr.io/matusso/mvt](https://github.com/matusso/docker-builds/actions/workflows/mvt-project.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/mvt-project.yml)
+        [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=docker-builds%3Amvt-project&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=docker-builds%3Amvt-project)
 
-6. **[kiterunner](https://github.com/assetnote/kiterunner)**  
-   - Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning fast speeds, but also bruteforcing routes/endpoints in modern applications..  
-   - [![ghcr.io/matusso/kiterunner](https://github.com/matusso/docker-builds/actions/workflows/kiterunner.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/kiterunner.yml)
+   6. **[kiterunner](https://github.com/assetnote/kiterunner)**  
+      - Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning fast speeds, but also bruteforcing routes/endpoints in modern applications..  
+      - [![ghcr.io/matusso/kiterunner](https://github.com/matusso/docker-builds/actions/workflows/kiterunner.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/kiterunner.yml)
+        [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=docker-builds%3Akiterunner&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=docker-builds%3Akiterunner)
 
-7. **[wafw00f](https://github.com/EnableSecurity/wafw00f)**  
-   - WAFW00F can detect a number of firewalls  
-   - [![ghcr.io/matusso/wafw00f](https://github.com/matusso/docker-builds/actions/workflows/wafw00f.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/wafw00f.yml)
+   7. **[wafw00f](https://github.com/EnableSecurity/wafw00f)**  
+      - WAFW00F can detect a number of firewalls  
+      - [![ghcr.io/matusso/wafw00f](https://github.com/matusso/docker-builds/actions/workflows/wafw00f.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/wafw00f.yml)
 
-8. **[routersploit](https://github.com/threat9/routersploit)**  
-   - The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.  
-   - [![ghcr.io/matusso/routersploit](https://github.com/matusso/docker-builds/actions/workflows/routersploit.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/routersploit.yml)
+   8. **[routersploit](https://github.com/threat9/routersploit)**  
+      - The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.  
+      - [![ghcr.io/matusso/routersploit](https://github.com/matusso/docker-builds/actions/workflows/routersploit.yml/badge.svg)](https://github.com/matusso/docker-builds/actions/workflows/routersploit.yml)
+        [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=docker-builds%3Aroutersploit&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=docker-builds%3Aroutersploit)
 
-## Multi-Architecture Support
+   ## Multi-Architecture Support
 
-All Docker images are built and published for the following architectures:
-- **amd64**: For x86_64 systems.
-- **arm64**: For ARM-based systems, including Apple M1/M2 and Raspberry Pi.
+   All Docker images are built and published for the following architectures:
+   - **amd64**: For x86_64 systems.
+   - **arm64**: For ARM-based systems, including Apple M1/M2 and Raspberry Pi.
 
-## Why Use This Project?
+   ## SonarCloud Scanning
 
-- **Consistency:** Pre-built Docker images ensure that the tools work as intended across various environments.  
-- **Convenience:** No need to manually install or configure dependencies for each tool.  
-- **Automation:** GitHub Actions automatically build and publish updated Docker images when changes are made to the repository.  
+   This repository integrates with SonarCloud to maintain high code quality and security standards.
+   Each pull request and push to the main branch is automatically analyzed using SonarCloud.
+   The analysis covers:
+      - Code smells
+      - Security hotspots
+      - Bugs
+      - Maintainability
 
-## How to Use
+   ## Why Use This Project?
 
-1. Pull the desired tool's Docker image:  
-```bash
-docker pull ghcr.io/matusso/<tool-name>
-```
+   - **Consistency:** Pre-built Docker images ensure that the tools work as intended across various environments.  
+   - **Convenience:** No need to manually install or configure dependencies for each tool.  
+   - **Automation:** GitHub Actions automatically build and publish updated Docker images when changes are made to the repository.  
 
-2. Run the tool:
-```bash
-docker run --rm -it ghcr.io/matusso/<tool-name> [tool-arguments]  
-```
+   ## How to Use
 
-#### Example
+   1. Pull the desired tool's Docker image:  
+   ```bash
+   docker pull ghcr.io/matusso/<tool-name>
+   ```
 
-To use dirsearch:
+   2. Run the tool:
+   ```bash
+   docker run --rm -it ghcr.io/matusso/<tool-name> [tool-arguments]  
+   ```
 
-```
-docker pull ghcr.io/matusso/dirsearch  
-docker run --rm -it ghcr.io/matusso/dirsearch -u https://example.com  
-```
+   #### Example
 
-#### Contributions
+   To use dirsearch:
 
-Contributions to add more tools or improve the existing ones are welcome. Please create a pull request or open an issue for discussion.
+   ```
+   docker pull ghcr.io/matusso/dirsearch  
+   docker run --rm -it ghcr.io/matusso/dirsearch -u https://example.com  
+   ```
 
+   #### Contributions
 
-#### License
+   Contributions to add more tools or improve the existing ones are welcome. Please create a pull request or open an issue for discussion.
 
-This repository is distributed under the MIT License. Please check the individual projects for their respective licenses.
+
+   #### License
+
+   This repository is distributed under the MIT License. Please check the individual projects for their respective licenses.
diff --git a/files/kiterunner/Dockerfile b/files/kiterunner/Dockerfile
@@ -1,12 +1,14 @@
 # Use Alpine Linux as the base image
 FROM alpine:latest
 
-# Set environment variables
-ENV KR_VERSION="v1.0.2" \
-    KR_DIR="/usr/local/kiterunner"
+ARG KR_DIR=${KR_DIR} \
+    RELEASE_VERSION=${RELEASE_VERSION}
+
+ENV KR_DIR=${KR_DIR} \
+    RELEASE_VERSION=${RELEASE_VERSION}
 
 # Install dependencies
-RUN apk update && apk add --no-cache \
+RUN KR_DIR="$KR_DIR" apk update && apk add --no-cache \
     bash \
     build-base \
     git \
@@ -15,7 +17,7 @@ RUN apk update && apk add --no-cache \
 
 # Clone kiterunner repository and build
 WORKDIR $KR_DIR
-RUN git clone --depth=1 --branch "$KR_VERSION"  https://github.com/assetnote/kiterunner.git . \
+RUN RELEASE_VERSION="$RELEASE_VERSION" git clone --depth=1 --branch "$RELEASE_VERSION"  https://github.com/assetnote/kiterunner.git . \
     && make build \
     && ln -s $(pwd)/dist/kr /usr/local/bin/kr