HOUDINI (Hundreds of Offensive and Useful Docker Images for Network Intrusion) is a curated list of Network Security related Docker Images for Network Intrusion purposes. A lot of images are created and kept updated through our RAUDI project which is able to automatically update a Docker Image every time there is a new version.
HOUDINI is a collaborative project created by SecSI where everyone can contribute with new webapp features or just by adding a new tool. We are happy to share our knowledge with the open source community because we think that in this way we can all grow up and become better at our jobs.
proxyreconscannerreversingdisassemblerwebappfirmwareautomationcrackertunnelcode-auditdockermalwarefingerprintexploitationelasticsearchhardwarecloudmiscfuzzergitcryptonetworkingmobilebackdoortaintingphpjavascriptsniffingwordlists
3proxy
Tiny free proxy server.
docker run --name 3proxy -d -p 3128:3128 --env PROXY_LOGIN=pr0xyUser --env PROXY_PASSWORD=passw0rd secsi/3proxyAltdns
Generates permutations, alterations and mutations of subdomains and then resolves them.
docker run -it --rm -v <wordlist_src_dir>:/wordlists -v <output_dir>:/output secsi/altdns -i /wordlists/<subdomain_file> -o data_output -w /wordlists/<wordlist_file> -r -s /output/outfileAmass
In-depth subdomain enumeration written in Go.
docker run -it --rm -v <input_dir>:/.config/amass/ caffix/amass enum -share -d <target_url>Apktool
Docker Image: secsi/apktool
Official Doc: https://github.com/iBotPeaches/Apktool
Categories:reversingdisassembler
docker run -it --rm -v <input_dir>:/input secsi/apktool d <apk_file>Aquatone
a set of tools for performing reconnaissance on domain names.
Docker Image: hypnza/aquatone
Official Doc: https://github.com/michenriksen/aquatone
Categories:scannerrecon
docker run --rm hypnza/aquatone <command>Arachni
A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
docker run -d --net host --name arachni -p 222:22 -p 7331:7331 -p 9292:9292 arachni/arachni:latestBeEF
The Browser Exploitation Framework that focuses on the web browser
docker run -p 3000:3000 -p 6789:6789 -p 61985:61985 -p 61986:61986 --name beef beefBFAC
An automated tool that checks for backup artifacts that may disclose the web-application's source code.
docker run -it --rm secsi/bfac --url <target_url>Binwalk
Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
Docker Image: refirmlabs/binwalk
Official Doc: https://github.com/ReFirmLabs/binwalk
Categories:firmware
docker run refirmlabs/binwalk -hcelerystalk
Docker Image: sethsec/celerystalk
Official Doc: https://github.com/sethsec/celerystalk
Categories:automation
docker run -p 27007:27007 -ti sethsec/celerystalkCeWL
Docker Image: nocflame/cewl
Official Doc: https://github.com/digininja/CeWL
Categories:automationcracker
docker run -it --rm cewl <target_url>Chisel
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server.
docker run --rm -it jpillora/chisel --helpclair
Clair is an open source project for the [static analysis] of vulnerabilities in application containers
Docker Image: arminc/clair-local-scan
Official Doc: https://github.com/arminc/clair-local-scan
Categories:code-auditdockermalware
docker run -d --name clair-db arminc/clair-db:latest && docker run -p 6060:6060 --link clair-db:postgres -d --name clair arminc/clair-local-scan:v2.0.8_fe9b059d930314b54c78f75afe265955faf4fdc1CloudFail
docker run -it --rm secsi/cloudfailCMSeeK
CMS (Content Management Systems) Detection and Exploitation suite.
Docker Image: secsi/cmseek
Official Doc: https://github.com/Tuhinshubhra/CMSeeK
Categories:webappfingerprintexploitation
docker run -it --rm secsi/cmseek -u <target_url>crowbar
docker run -it --rm secsi/crowbarCryptoLyzer
Fast, flexible and comprehensive cryptographic settings analyzer library for Python with CLI.
docker run -it --rm coroner/cryptolyzer <target_url>CVE-Search
A tool to perform local searches for known vulnerabilities.
Docker Image: ttimasdf/cve-search
Official Doc: https://github.com/cve-search/cve-search
Categories:exploitation
docker run -d -p 5000:5000 --name cve ttimasdf/cve-search:withdbDatasploit
A tool to perform various OSINT techniques, aggregate all the raw data, visualize it on a dashboard, and facilitate alerting and monitoring on the data.
Docker Image: secsi/datasploit
Official Doc: https://github.com/DataSploit/datasploit
Categories:reconscanner
docker run -it --rm -v <config_file>:/datasploit/config.py secsi/datasploit -i <target_domain>Decker
Docker Image: stevenaldinger/decker
Official Doc: https://github.com/stevenaldinger/decker
Categories:automation
docker run -it --rm -v "$(pwd)/decker-reports/":/tmp/reports/ -v "$(pwd)/examples/":/decker-config/ -e DECKER_TARGET_HOST=<target_domain> stevenaldinger/decker:kali decker ./decker-config/example.hcldejavu
dejavu is the missing web UI for Elasticsearch.
Docker Image: appbaseio/dejavu
Official Doc: https://dejavu.appbase.io/
Categories:dockerelasticsearch
docker run -p 1358:1358 -d appbaseio/dejavudex2jar
Docker Image: secsi/dex2jar
Official Doc: https://github.com/pxb1988/dex2jar
Categories:hardwarereversing
docker run -it --rm -v <local_dir>:<container_dir> secsi/dex2jar -f <container_dir>/<apk_to_decompile>.apk -o <container_dir>/output.jarDirb
docker run -it --rm -v <wordlist_src_dir>:<wordlist_container_dir> secsi/dirb <target_url> <wordlist_container_dir>/<wordlist_file>dirsearch
HTTP(S) directory/file brute forcer.
Docker Image: secsi/dirsearch
Official Doc: https://github.com/maurosoria/dirsearch
Categories:scannerwebapp
docker run -it --rm secsi/dirsearch -u <target_url>dnscan
docker run -it --rm secsi/dnscan -d <target_url> -w subdomains-10000.txt -t 10 -R 1.0.0.1dnsenum
Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
Docker Image: guidelacour/dnsenum
Official Doc: https://github.com/fwaeytens/dnsenum/
Categories:reconscanner
docker run -it --rm guidelacour/dnsenum ./dnsenum.pl <target_domain> --file dns.txtdnstwist
Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
Docker Image: elceef/dnstwist
Official Doc: https://github.com/elceef/dnstwist
Categories:reconscanner
docker run -it elceef/dnstwistDorks Eye
Docker Image: secsi/dorks-eye
Official Doc: https://github.com/BullsEye0/dorks-eye
Categories:reconscanner
docker run -it --rm secsi/dorks-eye <command>dozzle
A small lightweight application with a web based interface to monitor Docker logs.
docker run --name dozzle -d --volume=/var/run/docker.sock:/var/run/docker.sock -p 8888:8080 amir20/dozzle:latestdvcs-ripper
Rip web accessible (distributed) version control systems: SVN/GIT/...
docker run -it --rm secsi/dvcs-ripperEyeWitness
Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
Docker Image: secsi/eyewitness
Official Doc: https://github.com/FortyNorthSecurity/EyeWitness
Categories:webappreconmisc
docker run --rm -it -v <input_dir>:/input secsi/eyewitness --web --single <target_url>Faraday
A new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analyze of the generated data during the process of a security audit.
Docker Image: faradaysec/faraday
Official Doc: https://github.com/infobyte/faraday
Categories:scannerexploitationfuzzerfingerprintautomationmisc
docker run -it --rm -v /path/to/my_doc_folder:/faraday-license -v /path/to/my_storage_folder:/faraday-storage -v /path/to/my_config_folder:/faraday-config faradaysec/faradayfast-recon
Docker Image: secsi/fast-recon
Official Doc: https://github.com/DanMcInerney/fast-recon
Categories:scannerrecon
docker run -it --rm secsi/fast-recon -d "<target_domain>"ffuf
Fast web fuzzer written in Go.
docker run -it --rm -v <wordlist_src_dir>:<wordlist_container_dir> secsi/ffuf -w <wordlist_container_dir>/<wordlist_file> -u <target_url>fierce
A DNS reconnaissance tool for locating non-contiguous IP space. A DNS scanner.
docker run -it --rm secsi/fierce --domain <target_url>Findomain
A tool that use Certificate Transparency logs to find subdomains.
Docker Image: edu4rdshl/findomain
Official Doc: https://github.com/Findomain/Findomain
Categories:scannerrecon
docker run --rm -it -v $(pwd):/opt/findomain findomain -c config.toml -t example.comFindsploit
docker run -it --rm secsi/findsploit <search_term>GetJS
docker run -it --rm secsi/getjs <command>Gitrob
Scan Github For Sensitive Files.
Docker Image: secsi/gitrob
Official Doc: https://github.com/michenriksen/gitrob
Categories:reconscannergit
docker run -it --rm secsi/gitrob <target>GitTools
A repository with 3 tools for pwn'ing websites with .git repositories available'.
Docker Image: secsi/gittools
Official Doc: https://github.com/internetwache/GitTool
Categories:reconscannergit
docker run -it --rm -v <input_dir>:/input -w /input secsi/gittools <command>gobuster
Directory/file & DNS busting tool written in Go.
docker run -it --rm secsi/gobuster dns -d <target_url>GoogD0rker
docker run -it --rm secsi/googd0rker -d <target_domain>GoSpider
Fast web spider written in Go.
Docker Image: secsi/gospider
Official Doc: https://github.com/jaeles-project/gospider
Categories:scannerwebapp
docker run -it --rm secsi/gospidergowitness
A golang, web screenshot utility using Chrome Headless.
Docker Image: leonjza/gowitness
Official Doc: https://github.com/sensepost/gowitness
Categories:scannerwebapp
docker run -it --rm -v $(pwd):/data leonjza/gowitness gowitnessGround control
Docker Image: secsi/ground-control
Official Doc: https://github.com/jobertabma/ground-control
Categories:misc
docker run -it --rm -p 80:80 -p 443:443 -p 8080:8080 -p 8443:8443 secsi/ground-controlHakrawler
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application.
Docker Image: secsi/hakrawler
Official Doc: https://github.com/hakluke/hakrawler
Categories:scannerwebapp
docker run -it --rm secsi/hakrawler <target_domain>hakrevdns
Small, fast tool for performing reverse DNS lookups en masse.
docker run -it --rm secsi/hakrevdnshashID
docker run -it --rm secsi/hashidhttprobe
Take a list of domains and probe for working HTTP and HTTPS servers
docker run -it --rm secsi/httprobeHTTrack
An easy-to-use offline browser utility
docker run -it --rm -v <local_dir>:/app -e HTTRACK_URI=<target_url> ralfbs/httrackhydra
Very fast network logon cracker which support many different services
docker run -it --rm -v <wordlist_src_dir>:/usr/share/wordlists secsi/hydra <command>impacket
Docker Image: secsi/impacket
Official Doc: https://github.com/SecureAuthCorp/impacket
Categories:networking
docker run -it --rm secsi/impacketJoomScan
Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site.
docker run -it --rm -v <local_dir>:/joomscan/reports secsi/joomscan -u <target_url>The JSON Web Token Toolkit
docker run -it --rm secsi/jwt_tool <JWT>knock
docker run -it --rm secsi/knockpy <target_url>LFI Suite
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner.
Docker Image: secsi/lfisuite
Official Doc: https://github.com/D35m0nd142/LFISuite
Categories:webappscannerexploitation
docker run -it --rm -v <input_dir>:/input secsi/lfisuiteLinkFinder
Discovers endpoint and their parameters in JavaScript files.
Docker Image: secsi/linkfinder
Official Doc: https://github.com/GerbenJavado/LinkFinder
Categories:reconwebapp
docker run -it --rm -v <output_dir>:/linkfinder/output secsi/linkfinder -i <target_url> -o /linkfinder/output/output.htmlMASSCAN
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes
Docker Image: secsi/masscan
Official Doc: https://github.com/robertdavidgraham/masscan
Categories:scanner
docker run -it --rm secsi/masscan -p<target_port> <target_ip_address>MassDNS
A high-performance DNS stub resolver in C.
docker run -it --rm -v <domain_src_dir>:<domain_container_dir> secsi/massdns <domain_container_dir>/<domain_list_file>Memcrashed DDOS Exploit Tool
Docker Image: secsi/memcrashed
Official Doc: https://github.com/649/Memcrashed-DDoS-Exploit
Categories:misc
docker run -it --rm secsi/memcrashedMetasploit
Docker Image: metasploitframework/metasploit-framework
Official Doc: https://github.com/rapid7/metasploit-framework/wiki
Categories:scannerexploitationfuzzernetworking
docker run -it --rm metasploitframework/metasploit-frameworkmitmproxy
SSL-capable man-in-the-middle HTTP proxy
Docker Image: mitmproxy/mitmproxy
Official Doc: https://github.com/mitmproxy/mitmproxy
Categories:proxyexploitation
docker run --rm -it -p 8080:8080 mitmproxy/mitmproxyMobile Security Framework
Docker Image: opensecurity/mobile-security-framework-mobsf
Official Doc: https://mobsf.github.io/docs
Categories:mobile
docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsfnetifyd
docker run -d -it --cap-add=net_admin --rm secsi/netifyd -I/E <interface>netshoot
netshoot: a Docker + Kubernetes network trouble-shooting swiss-army container
Docker Image: nicolaka/netshoot
Official Doc: https://github.com/nicolaka/netshoot
Categories:networkingdocker
docker run -it --net container:<container_name> nicolaka/netshootnikto
A web server scanner which performs comprehensive tests against web servers for multiple items
docker run -it --rm secsi/nikto -h <target_url>Nmap
Utility for network discovery and security auditing
docker run -it --rm --privileged secsi/nmap -p <target_port> <target_ip_address>Nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
Docker Image: projectdiscovery/nuclei
Official Doc: https://github.com/projectdiscovery/nuclei
Categories:scanner
docker run -it --rm projectdiscovery/nuclei -u <target_url>OpenVAS
The OpenVAS scanning Daemon
Docker Image: mikesplain/openvas
Official Doc: https://github.com/greenbone/openvas-scanner
Categories:scannerexploitation
docker run -it --rm -p 443:443 --name openvas mikesplain/openvasoxml_xxe
Docker Image: secsi/oxml_xxe
Official Doc: https://github.com/BuffaloWill/oxml_xxe
Categories:scannerwebapp
docker run -it --rm -p 4567:4567 secsi/oxml_xxepagodo
Google dork script to collect potentially vulnerable web pages and applications on the Internet.
docker run -it --rm secsi/pagodoPatator
A multi-purpose bruteforcer.
docker run -it --rm -v <wordlist_src_dir>:<wordlist_container_dir> lanjelot/patator <wordlist_container_dir>/<wordlist_file>Photon
Incredibly fast crawler which extracts urls, emails, files, website accounts and much more.
docker run -it --rm secsi/photonPivotSuite
A portable, platform independent and powerful network pivoting toolkit.
Docker Image: secsi/pivotsuite
Official Doc: https://github.com/RedTeamOperations/PivotSuite
Categories:networkingbackdoor
docker run -it --rm secsi/pivotsuite [options] <target_ip> <target_port>psalm
Docker Image: secsi/psalm
Official Doc: https://github.com/vimeo/psalm
Categories:code-audittaintingwebappphp
docker run -it --rm -v <local_dir>:/src secsi/psalm --root=/srcpureDNS
docker run -it --rm -v <input_dir>:/input secsi/purednsqark
Tool to look for several security related Android application vulnerabilities.
Docker Image: ledokun/qark
Official Doc: https://github.com/linkedin/qark
Categories:scannerexploitationfuzzermobile
docker run -it --rm -v /path/to/apk:/path/to/apk ledokun/qark --filepath /path/to/apk/sample.apk --timeout 3600Race The Web
Docker Image: secsi/race-the-web
Official Doc: https://github.com/TheHackerDev/race-the-web
Categories:
docker run -it --rm secsi/race-the-webRetire.js
Scanner detecting the use of JavaScript libraries with known vulnerabilities.
Docker Image: secsi/retire
Official Doc: https://github.com/RetireJS/retire.js
Categories:code-auditjavascriptscanner
docker run -it --rm secsi/retireroutersploit
Docker Image: secsi/routersploit
Official Doc: https://github.com/threat9/routersploit
Categories:exploitation
docker run -it --rm secsi/routersploitrshijack
Docker Image: kpcyrd/rshijack
Official Doc: https://github.com/kpcyrd/rshijack
Categories:networkingsniffing
docker run -it --init --rm --net=host kpcyrd/rshijack eth0 172.16.13.20:37386 172.16.13.19:23RustScan
Faster Nmap Scanning with Rust.
Docker Image: rustscan/rustscan
Official Doc: https://github.com/RustScan/RustScan
Categories:scannerexploitation
docker run -it --rm --name rustscan rustscan/rustscan:2.0 <rustscan arguments here> <target_ip>Sandcastle
A Python script for AWS S3 bucket enumeration.
Docker Image: secsi/sandcastle
Official Doc: https://github.com/0xSearches/sandcastle
Categories:scannercloud
docker run -it --rm secsi/sandcastlescanless
Utility for using websites that can perform port scans on your behalf.
docker run -it --rm secsi/scanlessSearchSploit
The official Exploit Database search tool.
Docker Image: reedcrif/searchsploit
Official Doc: https://github.com/rc042/searchsploit
Categories:automationexploitation
docker run --rm reedcrif/searchsploit [options]seclists
SecLists is a collection of multiple types of lists used during security assessments.
Docker Image: secsi/seclists
Official Doc: https://github.com/danielmiessler/SecLists
Categories:reconwordlists
docker run -d --name seclists --rm secsi/seclistsSimplyEmail
Email recon made fast and easy, with a framework to build on http://CyberSyndicates.com.
Docker Image: simplysecurity/simplyemail
Official Doc: https://simplysecurity.github.io/SimplyEmail/
Categories:recon
docker run -it --rm simplysecurity/simplyemail -all -e <target_domain>SlowHTTPTest
SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks by prolonging HTTP connections.
Docker Image: shekyan/slowhttptest
Official Doc: https://github.com/shekyan/slowhttptest
Categories:miscnetworking
docker run -it --rm shekyan/slowhttptest <args>Sn1per
Automated Pentest Recon Scanner.
Docker Image: xer0dayz/sn1per
Official Doc: https://github.com/1N3/Sn1per/
Categories:automationexploitationscannerreconfingerprintnetworkingfuzzer
docker run -it --rm xer0dayz/sn1per /sniper/sniper -t <target_url>SonarScanner CLI
Docker Image: sonarsource/sonar-scanner-cli
Official Doc: https://github.com/SonarSource/sonar-scanner-cli-docker
Categories:code-auditmiscscanner
docker run --rm -e SONAR_HOST_URL="http://{SONARQUBE_URL}" -e SONAR_LOGIN="myAuthenticationToken" -v "<YOUR_REPO>:/usr/src" sonarsource/sonar-scanner-clispidy
An easy command-line web crawler
Docker Image: secsi/spidy
Official Doc: https://github.com/rivermont/spidy
Categories:reconscannerwebapp
docker run --rm -it -v $PWD:/input -v $PWD:/data spidyspyse.py
docker run -it --rm secsi/spysepysqlmap
Automatic SQL injection and database takeover tool
Docker Image: secsi/sqlmap
Official Doc: https://github.com/sqlmapproject/sqlmap
Categories:webappfuzzerexploitation
docker run -it --rm secsi/sqlmap -u "<target_url>"SSLyze
SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.
docker run -it --rm nablac0d3/sslyze <target_url>Striker
An offensive information and vulnerability scanner.
Docker Image: secsi/striker
Official Doc: https://github.com/s0md3v/Striker
Categories:scannerreconwebapp
docker run -it --rm secsi/striker <target_domain>Subfinder
Modular subdomain discovery tool that can discover massive amounts of valid subdomains for any target.
Docker Image: projectdiscovery/subfinder
Official Doc: https://github.com/projectdiscovery/subfinder
Categories:recon
docker run -it --rm projectdiscovery/subfinder -d <target_domain>Sublist3r
A Fast subdomains enumeration tool for penetration testers.
Docker Image: secsi/sublist3r
Official Doc: https://github.com/aboul3la/Sublist3r
Categories:reconscanner
docker run -it --rm secsi/sublist3r -d <target_url>testssl.sh
Testing TLS/SSL encryption
Docker Image: drwetter/testssl.sh
Official Doc: https://github.com/drwetter/testssl.sh
Categories:cryptoscanner
docker run -it --rm drwetter/testssl.sh <target_domain>theHarvester
Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers).
Docker Image: secsi/theharvester
Official Doc: https://github.com/laramies/theHarvester
Categories:recon
docker run -it --rm secsi/theharvester -d <target_url> -b allWAFW00F
Identify and fingerprint Web Application Firewall (WAF) products protecting a website.
Docker Image: secsi/wafw00f
Official Doc: https://github.com/EnableSecurity/wafw00f
Categories:scannerwebapp
docker run -it --rm secsi/wafw00fWapiti
docker run --rm -it jorgeandrada/wapiti "<target_url>"Wappalyzer
Docker Image: wappalyzer/wappalyzer
Official Doc: https://github.com/AliasIO/wappalyzer
Categories:webappscannerreconfingerprint
docker run -it --rm wappalyzer/cli <target_url> [options]waybackpy
docker run -it --rm secsi/waybackpy --url "<target_url>" --user_agent "my-unique-user-agent" --oldestWfuzz
docker run -it --rm -v <wordlist_src_dir>:<wordlist_container_dir> ghcr.io/xmendez/wfuzz wfuzzWhatWeb
Next generation web scanner that identifies what websites are running.
Docker Image: secsi/whatweb
Official Doc: https://github.com/urbanadventurer/WhatWeb
Categories:reconwebapp
docker run -it --rm secsi/whatweb -v -a 3 <target_url>WPScan
Black box WordPress vulnerability scanner
Docker Image: wpscanteam/wpscan
Official Doc: https://github.com/wpscanteam/wpscan
Categories:webappscannerfingerprint
docker run -it --rm wpscanteam/wpscan --url <target_url>Xray
A tool for recon, mapping and OSINT gathering from public networks.
docker run -it --rm secsi/xrayXXEinjector
Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
Docker Image: secsi/xxeinjector
Official Doc: https://github.com/enjoiz/XXEinjector
Categories:exploitationwebapp
docker run -it --rm -v <local_dir>:/xxeinjector secsi/xxeinjector --host=<target_ip> --path=/etc --file=<filename> --sslysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Docker Image: frohoff/ysoserial
Official Doc: https://github.com/frohoff/ysoserial
Categories:webappexploitation
docker run -it --rm frohoff/ysoserial CommonsCollections1 <payload> '<command>'OWASP ZAP
Docker Image: owasp/zap2docker-stable
Official Doc: https://www.zaproxy.org/docs/docker/about/
Categories:webappexploitation
docker run -u zap -p 8080:8080 -i owasp/zap2docker-stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.key=<api-key>ZMap
Fast network scanner designed for Internet-wide network surveys
docker run -it --rm --net=host ilyaglow/zmap -p80 8.8.8.0/24