Awesome Open Source
Awesome Open Source

Offensive Dockerfiles

Security-oriented Docker containers, ready to fire!

This repository contains a collection of security-oriented tools as Dockerfiles.

This makes it easy to deploy various mission dependent tools using common cloud providers (AWS, Azure, Linode..).

The containers are built using Docker. Each container is made to suit required dependencies for each tool.

⭐️ Features

  • Cross-platform deploy helper script included
  • Manage cloud-based scans and attacks from your terminal
  • Datacenter fiber internet connection, but still from your terminal!
  • Keep your local environment clean from all those attack toolz
  • ☁️ Become a real nomad ninja ☁️
  • Mix and match with the Red Team Infractructure Guide and Red Baron!

Efforts have been made to keep Dockerfiles minimal.

🔍 Example with sqlmap:

git clone
cd Offensive-Dockerfiles/sqlmap
docker build -t sqlmap .
docker run -it sqlmap:latest --wizard

🔍 deployHelper binary demo:

🚀 Working:

Name Description
tulpar Web Vulnerability Scanner
nmap + Vulscan + Vulners scripts Latest Nmap Scripting Engine (NSE) modules, as well as the Vulscan NSE script and the vulners API to NSE script.
sqlmap Automatic SQL injection and database takeover tool
dcrawl Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names.
V3n0m Scanner Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
golismero The Web Knife
sqliv massive SQL injection vulnerability scanner
datasploit Performs OSINT on a domain / email / username / phone
gitminer Tool for advanced mining for content on Github
Cr3d0v3r Know the dangers of credential reuse attacks
UFONet UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
Striker Striker is an offensive information and vulnerability scanner
emailHarvester Email addresses harvester
BruteX Automatically brute force all services running on a target
BlackWidow A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website
Shiva Improved DOS exploit for wordpress websites (CVE-2018-6389)
Memcrashed This tool allows you to send forged UDP packets to Memcached servers obtained from
ctfr Domain enumeration, it just abuses of Certificate Transparency logs
twa A tiny web auditor with strong opinions
Photon Incredibly fast crawler designed for OSINT
CMSeek CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs
HashBuster Crack hashes in seconds

To push to repo (currently are sitting as forks)

  • CloudScraper
  • hershell
  • Merlin


  • Adding them as I go. Don't expect production-ready images
  • Uses either python-slim or python-alpine
  • Tools will show help dialog if no arguments are passed

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Python (1,143,903
Docker (34,505
Hacking (2,462
Osint (780
Infosec (765
Pentest (646
Offensive Security (179
Sqli (70
Related Projects