Dockerfile

FROM ruby:2.7.2-alpine3.12 AS builder
LABEL maintainer="Rapid7"

ARG BUNDLER_CONFIG_ARGS="set clean 'true' set no-cache 'true' set system 'true' set without 'development test coverage'"
ENV APP_HOME=/usr/src/metasploit-framework
ENV BUNDLE_IGNORE_MESSAGES="true"
WORKDIR $APP_HOME

COPY Gemfile* metasploit-framework.gemspec Rakefile $APP_HOME/
COPY lib/metasploit/framework/version.rb $APP_HOME/lib/metasploit/framework/version.rb
COPY lib/metasploit/framework/rails_version_constraint.rb $APP_HOME/lib/metasploit/framework/rails_version_constraint.rb
COPY lib/msf/util/helper.rb $APP_HOME/lib/msf/util/helper.rb

RUN apk add --no-cache \
      autoconf \
      bison \
      build-base \
      ruby-dev \
      openssl-dev \
      readline-dev \
      sqlite-dev \
      postgresql-dev \
      libpcap-dev \
      libxml2-dev \
      libxslt-dev \
      yaml-dev \
      zlib-dev \
      ncurses-dev \
      git \
    && echo "gem: --no-document" > /etc/gemrc \
    && gem update --system \
    && bundle config $BUNDLER_ARGS \
    && bundle install --jobs=8 \
    # temp fix for https://github.com/bundler/bundler/issues/6680
    && rm -rf /usr/local/bundle/cache \
    # needed so non root users can read content of the bundle
    && chmod -R a+r /usr/local/bundle


FROM ruby:2.7.2-alpine3.12
LABEL maintainer="Rapid7"

ENV APP_HOME=/usr/src/metasploit-framework
ENV NMAP_PRIVILEGED=""
ENV METASPLOIT_GROUP=metasploit

# used for the copy command
RUN addgroup -S $METASPLOIT_GROUP

RUN apk add --no-cache bash sqlite-libs nmap nmap-scripts nmap-nselibs postgresql-libs python2 python3 ncurses libcap su-exec alpine-sdk python2-dev openssl-dev

RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)
RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which nmap)

COPY --from=builder /usr/local/bundle /usr/local/bundle
RUN chown -R root:metasploit /usr/local/bundle
COPY . $APP_HOME/
RUN chown -R root:metasploit $APP_HOME/
RUN chmod 664 $APP_HOME/Gemfile.lock
RUN gem update --system
RUN cp -f $APP_HOME/docker/database.yml $APP_HOME/config/database.yml
RUN curl -O https://bootstrap.pypa.io/get-pip.py && python get-pip.py && rm get-pip.py
RUN pip install impacket

WORKDIR $APP_HOME

# we need this entrypoint to dynamically create a user
# matching the hosts UID and GID so we can mount something
# from the users home directory. If the IDs don't match
# it results in access denied errors.
ENTRYPOINT ["docker/entrypoint.sh"]

CMD ["./msfconsole", "-r", "docker/msfconsole.rc", "-y", "$APP_HOME/config/database.yml"]
bump default ruby version to 2.7.2 2020-10-20 10:38:08 -05:00			`FROM ruby:2.7.2-alpine3.12 AS builder`
more docker work 2017-11-28 21:35:20 +01:00			`LABEL maintainer="Rapid7"`
Dockerfile and Docker Compose for Metasploit 2016-07-18 12:38:57 -06:00
updates Dockerfile for bundler 2 support 2020-10-02 12:56:38 -05:00			`ARG BUNDLER_CONFIG_ARGS="set clean 'true' set no-cache 'true' set system 'true' set without 'development test coverage'"`
change docker root exec 2018-10-21 22:30:01 +02:00			`ENV APP_HOME=/usr/src/metasploit-framework`
more docker work 2017-11-28 21:35:20 +01:00			`ENV BUNDLE_IGNORE_MESSAGES="true"`
Dockerfile and Docker Compose for Metasploit 2016-07-18 12:38:57 -06:00			`WORKDIR $APP_HOME`

change docker root exec 2018-10-21 22:30:01 +02:00			`COPY Gemfile* metasploit-framework.gemspec Rakefile $APP_HOME/`
more docker work 2017-11-28 21:35:20 +01:00			`COPY lib/metasploit/framework/version.rb $APP_HOME/lib/metasploit/framework/version.rb`
			`COPY lib/metasploit/framework/rails_version_constraint.rb $APP_HOME/lib/metasploit/framework/rails_version_constraint.rb`
			`COPY lib/msf/util/helper.rb $APP_HOME/lib/msf/util/helper.rb`
Dockerfile and Docker Compose for Metasploit 2016-07-18 12:38:57 -06:00
Dockerfile: Use Multi-Stage Build 2018-10-04 01:54:35 +02:00			`RUN apk add --no-cache \`
more docker work 2017-04-22 02:10:00 +02:00			`autoconf \`
			`bison \`
			`build-base \`
			`ruby-dev \`
update to ruby 2.6.1 and alpine 3.9 2019-02-05 17:57:38 +01:00			`openssl-dev \`
more docker work 2017-04-22 02:10:00 +02:00			`readline-dev \`
			`sqlite-dev \`
			`postgresql-dev \`
			`libpcap-dev \`
			`libxml2-dev \`
			`libxslt-dev \`
			`yaml-dev \`
			`zlib-dev \`
			`ncurses-dev \`
git is really needed in docker too 2017-07-17 09:41:47 -05:00			`git \`
lock rubygems version for Docker image 2019-12-16 10:05:07 -06:00			`&& echo "gem: --no-document" > /etc/gemrc \`
updates Dockerfile for bundler 2 support 2020-10-02 12:56:38 -05:00			`&& gem update --system \`
			`&& bundle config $BUNDLER_ARGS \`
bump default ruby version to 2.7.2 2020-10-20 10:38:08 -05:00			`&& bundle install --jobs=8 \`
remove bundle cache after install 2018-10-04 13:23:55 +02:00			`# temp fix for https://github.com/bundler/bundler/issues/6680`
reduce docker image size 2018-10-04 16:21:46 +02:00			`&& rm -rf /usr/local/bundle/cache \`
			`# needed so non root users can read content of the bundle`
			`&& chmod -R a+r /usr/local/bundle`

Dockerfile: Use Multi-Stage Build 2018-10-04 01:54:35 +02:00
bump default ruby version to 2.7.2 2020-10-20 10:38:08 -05:00			`FROM ruby:2.7.2-alpine3.12`
Dockerfile: Use Multi-Stage Build 2018-10-04 01:54:35 +02:00			`LABEL maintainer="Rapid7"`

change docker root exec 2018-10-21 22:30:01 +02:00			`ENV APP_HOME=/usr/src/metasploit-framework`
Dockerfile: Use Multi-Stage Build 2018-10-04 01:54:35 +02:00			`ENV NMAP_PRIVILEGED=""`
change docker root exec 2018-10-21 22:30:01 +02:00			`ENV METASPLOIT_GROUP=metasploit`
Dockerfile: Use Multi-Stage Build 2018-10-04 01:54:35 +02:00
change docker root exec 2018-10-21 22:30:01 +02:00			`# used for the copy command`
			`RUN addgroup -S $METASPLOIT_GROUP`
Dockerfile: Use Multi-Stage Build 2018-10-04 01:54:35 +02:00
bump default ruby version to 2.7.2 2020-10-20 10:38:08 -05:00			`RUN apk add --no-cache bash sqlite-libs nmap nmap-scripts nmap-nselibs postgresql-libs python2 python3 ncurses libcap su-exec alpine-sdk python2-dev openssl-dev`
Dockerfile: Use Multi-Stage Build 2018-10-04 01:54:35 +02:00
add caps to ruby 2017-04-27 10:55:03 +02:00			`RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)`
more docker work 2017-11-28 21:35:20 +01:00			`RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which nmap)`
add caps to ruby 2017-04-27 10:55:03 +02:00
fix compatibility with --chown flag with COPY 2019-09-09 23:02:26 -05:00			`COPY --from=builder /usr/local/bundle /usr/local/bundle`
			`RUN chown -R root:metasploit /usr/local/bundle`
			`COPY . $APP_HOME/`
			`RUN chown -R root:metasploit $APP_HOME/`
fix permissions bug Gemfile.lock 2019-09-09 12:59:19 +02:00			`RUN chmod 664 $APP_HOME/Gemfile.lock`
update rubygems and bundler in final container 2020-10-02 15:52:02 -05:00			`RUN gem update --system`
change docker root exec 2018-10-21 22:30:01 +02:00			`RUN cp -f $APP_HOME/docker/database.yml $APP_HOME/config/database.yml`
bump default ruby version to 2.7.2 2020-10-20 10:38:08 -05:00			`RUN curl -O https://bootstrap.pypa.io/get-pip.py && python get-pip.py && rm get-pip.py`
Adding impacket dependency to Dockerfile 2020-09-12 20:42:39 -07:00			`RUN pip install impacket`
change docker root exec 2018-10-21 22:30:01 +02:00
reduce docker image size 2018-10-04 16:21:46 +02:00			`WORKDIR $APP_HOME`
change docker root exec 2018-10-21 22:30:01 +02:00
another approach 2018-02-17 20:12:35 +01:00			`# we need this entrypoint to dynamically create a user`
			`# matching the hosts UID and GID so we can mount something`
			`# from the users home directory. If the IDs don't match`
change docker root exec 2018-10-21 22:30:01 +02:00			`# it results in access denied errors.`
another approach 2018-02-17 20:12:35 +01:00			`ENTRYPOINT ["docker/entrypoint.sh"]`

change docker root exec 2018-10-21 22:30:01 +02:00			`CMD ["./msfconsole", "-r", "docker/msfconsole.rc", "-y", "$APP_HOME/config/database.yml"]`