I often find myself needing to leverage the incredibly useful tool Nmap which is used for network/port scanning and so much more. Usually I will find a server that I can justify installing it on and just leave it there for when required or build and leave a virtual machine running Kali Linux. I figured it would perhaps be a better move to build a Docker container with Nmap that I could execute when the need arose in any environment which supports Docker style containerisation.
For those who are interested I shall provide the GitHub and DockerHub links for this work.
What Container OS to use?
When creating my container I knew I wanted to keep it as small as possible – the Linux version that came to mind is called Alpine Linux which comes in at about 4MB, yes MEGABYTES. You can read more on their website https://alpinelinux.org/
Having decided on a version of Linux to act as my container it’s time to write the Dockerfile which is essentially my recipe – step by step instructions that Docker can use to build the container. Below we have the current version, I’ll break down what each line does so we know what is going on. I advise you reference the above GitHub/DockerHub links as I won’t update the section below on this blog every time I make a change.
FROM alpine:latest MAINTAINER Alex Bytes [email protected] LABEL Name=nmap Version=1.0.1 RUN apk add nmap --no-cache && rm -f /var/cache/apk/* ENTRYPOINT ["nmap"]
First off we have the ‘FROM’ declaration which informs Docker I wish to use the Alpine Linux image, I also specifically state I want it to use the latest version of Alpine
This is pretty self-explanatory, a name and contact address for the person or organisation which maintains this container image
Again this is a simple declaration which provides a name and some version information
Now we have something more interesting. This block of text is doing the hard work, well what little work there is. This line of code will be executed within the Alpine Linux container and will install Nmap then tidy up the package cache to make sure the image is as small as possible
When my container runs I want to ensure it is executing in the install Nmap software context
Using Nmap Docker Container
OK so we have a Dockerfile and all is good, how about we give it a shot? I’m assuming you have a system with Docker installed, I have an Ubuntu server I spun up to demo this process.
Right now I have no images in my local repository –
[email protected]:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE [email protected]:~#
I’m going to tell Docker to look on DockerHub for a specific image (bytesizedalex/nmap) and then pull it down to my local repository.
[email protected]:~# docker pull bytesizedalex/nmap Using default tag: latest latest: Pulling from bytesizedalex/nmap 88286f41530e: Pull complete 72acd67fc4dc: Pull complete Digest: sha256:2869f90c08980a7ebbcdd9465af09c1a62ffd2051f32424c2670645e4a5bd84f Status: Downloaded newer image for bytesizedalex/nmap:latest [email protected]:~#
Note as I did not specify a version it assumed the latest version, Docker then pulled down the two layers required and if we check our repository again we should see the image.
[email protected]:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE bytesizedalex/nmap latest fc347f40f390 12 days ago 17.48 MB [email protected]:~#
Now we can run the container and feed it the desired Nmap command to execute – I shall provide some examples below.
[email protected]:~# docker run bytesizedalex/nmap 192.168.1.5 -p 443 Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-06 18:17 UTC Nmap scan report for TEST.localdomain (192.168.1.5) Host is up (0.00056s latency). PORT STATE SERVICE 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 0.56 seconds [email protected]:~#
[email protected]:~# docker run bytesizedalex/nmap 192.168.1.5 -p 20-100 Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-06 18:18 UTC Nmap scan report for TEST.localdomain (192.168.1.5) Host is up (0.00049s latency). Not shown: 79 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 1.58 seconds [email protected]:~#
There is of course a lot more you can do with Nmap and many ways to handle containers, this post does not try to cover all that – it’s just to give you an idea of what can be done.