From de95a406075f87704ac3a884f3750d3656058891 Mon Sep 17 00:00:00 2001 From: Malfurious Date: Thu, 30 Mar 2023 02:46:43 -0400 Subject: Add sploit Docker image Signed-off-by: Malfurious Signed-off-by: dusoleil --- Dockerfile | 12 ++++++++++++ README.txt | 25 +++++++++++++++++++++++++ docker-entry.sh | 15 +++++++++++++++ 3 files changed, 52 insertions(+) create mode 100644 Dockerfile create mode 100755 docker-entry.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..cd4f53a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,12 @@ +FROM archlinux + +RUN pacman-key --init \ + && pacman -Syyu --needed --noconfirm git netcat python python-pip radare2 \ + && pacman -Scc --noconfirm + +COPY . /sploit +RUN pip install /sploit + +WORKDIR /home +ENTRYPOINT ["/sploit/docker-entry.sh"] +CMD ["--help"] diff --git a/README.txt b/README.txt index 1199c36..7684815 100644 --- a/README.txt +++ b/README.txt @@ -55,3 +55,28 @@ You can also directly run sploit scripts with the following shebang ``` #!/usr/bin/env sploit ``` + +Docker Image +-------------- +In addition to a local pip install, sploit is also deployable via Docker. Build +the image using the supplied Dockerfile with: +``` +$ docker build -t sploit . +``` + +The container runs in the style of an application, and therefore expects to be +interactive. Also note that it is useful to mount your working directory in the +container, so that the running sploit instance can actually access your target +files or expose its pipes to you (the default working dir of the container is +/home). Therefore a basic command to run a containerized sploit would be: +``` +$ docker run --rm -it -v $PWD:/home sploit exploit.py ./target target_args +``` + +The use of Scuba (pip install scuba) is recommended to make using ephemeral, +interactive containers more convenient. In this case it has the added benefit +of automatically creating and executing within an unprivileged user inside the +container: +``` +$ scuba --image sploit exploit.py ./target target_args +``` diff --git a/docker-entry.sh b/docker-entry.sh new file mode 100755 index 0000000..3d3e770 --- /dev/null +++ b/docker-entry.sh @@ -0,0 +1,15 @@ +#!/bin/sh +ENTRYPOINT=sploit + +# We want to support scuba as a convenient front-end for invoking containers. +# However, scuba doesn't actually pass arguments to the image entrypoint +# correctly. Instead, it treats the entrypoint as a shell equivalent, and +# instructs it to run its own generated command script. We can't determine +# whether scuba is invoked with a command or a multi-line alias, so we just grab +# the last line from command.sh for simplicity and pass it as args to the real +# entrypoint. +if [ -d /.scuba ]; then + $ENTRYPOINT $(tail -n 1 /.scuba/command.sh) +else + $ENTRYPOINT $@ +fi -- cgit v1.2.3