diff options
| -rw-r--r-- | Dockerfile | 12 | ||||
| -rw-r--r-- | README.txt | 25 | ||||
| -rwxr-xr-x | docker-entry.sh | 15 |
3 files changed, 52 insertions, 0 deletions
diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..cd4f53a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,12 @@ +FROM archlinux + +RUN pacman-key --init \ + && pacman -Syyu --needed --noconfirm git netcat python python-pip radare2 \ + && pacman -Scc --noconfirm + +COPY . /sploit +RUN pip install /sploit + +WORKDIR /home +ENTRYPOINT ["/sploit/docker-entry.sh"] +CMD ["--help"] @@ -55,3 +55,28 @@ You can also directly run sploit scripts with the following shebang ``` #!/usr/bin/env sploit ``` + +Docker Image +-------------- +In addition to a local pip install, sploit is also deployable via Docker. Build +the image using the supplied Dockerfile with: +``` +$ docker build -t sploit . +``` + +The container runs in the style of an application, and therefore expects to be +interactive. Also note that it is useful to mount your working directory in the +container, so that the running sploit instance can actually access your target +files or expose its pipes to you (the default working dir of the container is +/home). Therefore a basic command to run a containerized sploit would be: +``` +$ docker run --rm -it -v $PWD:/home sploit exploit.py ./target target_args +``` + +The use of Scuba (pip install scuba) is recommended to make using ephemeral, +interactive containers more convenient. In this case it has the added benefit +of automatically creating and executing within an unprivileged user inside the +container: +``` +$ scuba --image sploit exploit.py ./target target_args +``` diff --git a/docker-entry.sh b/docker-entry.sh new file mode 100755 index 0000000..3d3e770 --- /dev/null +++ b/docker-entry.sh @@ -0,0 +1,15 @@ +#!/bin/sh +ENTRYPOINT=sploit + +# We want to support scuba as a convenient front-end for invoking containers. +# However, scuba doesn't actually pass arguments to the image entrypoint +# correctly. Instead, it treats the entrypoint as a shell equivalent, and +# instructs it to run its own generated command script. We can't determine +# whether scuba is invoked with a command or a multi-line alias, so we just grab +# the last line from command.sh for simplicity and pass it as args to the real +# entrypoint. +if [ -d /.scuba ]; then + $ENTRYPOINT $(tail -n 1 /.scuba/command.sh) +else + $ENTRYPOINT $@ +fi |