docker-compose up
docker run -p 8080:8080 --name zap --rm -it owasp/zap2docker-stable zap.sh -daemon -port 8080 -host 0.0.0.0 -config api.addrs.addr(0).name=172.17.0.1 -config api.addrs.addr(1).name=172.17.0.2 -config api.addrs.addr(2).name=zap -config api.addrs.addr(3).name=localhost -config api.key=<key that is also to be supplied in the app-tester via config>
-config api.disablekey=true
insteaddocker run --name pt-redis -p 6379:6379 --rm -it redis:alpine
config.local.json
follows:
"host": {
"ip": "127.0.0.1"
},
"redis": {
"clientCreationOptions": {
"port": 6379,
"host": "172.17.0.3"
}
},
"emissary": {
"protocol": "http",
"ip": "172.17.0.2",
...
}
...
~/Source/purpleteam-app-scanner npm start
npm start
npm start -- test
host-net-compose.yml
docker-compose up
docker run -p 8080:8080 --name zap --rm -it owasp/zap2docker-stable zap.sh -daemon -port 8080 -host 0.0.0.0 -config api.addrs.addr(0).name=172.17.0.1 -config api.addrs.addr(1).name=172.17.0.2 -config api.addrs.addr(2).name=zap -config api.addrs.addr(3).name=localhost -config api.key=<key that is also to be supplied in the app-tester via config>
-config api.disablekey=true
insteaddocker run --name pt-redis -p 6379:6379 --rm -it redis:alpine
config.local.json
remains the same as above technique:npm start
config.local.json
follows:
"host": {
"ip": "127.0.0.1"
},
"redis": {
"clientCreationOptions": {
"port": 6379,
"host": "172.17.0.3"
}
},
"testers": {
"app": {
"url": "http://127.0.0.1:3000",
"active": true
},
...
To build and run, copy and modify the docker commands in the package.json
Image names created by running docker-compose
are: <project>_<service>
, where
config.local.json
of the CLI should be as following:
"purpleteamApi": {
"protocol": "http",
"ip": "127.0.0.1"
}
~/Source/purpleteam npm start -- test
config.local.json
remains unchanged from non container running
bridge-net-compose.yml
This technique currently doesn’t work, because containers attached to a user-defined bridge can not access the host.
docker-compose up
docker run -p 8080:8080 --name zap --rm -it owasp/zap2docker-stable zap.sh -daemon -port 8080 -host 0.0.0.0 -config api.addrs.addr(0).name=172.17.0.1 -config api.addrs.addr(1).name=172.17.0.2 -config api.addrs.addr(2).name=zap -config api.addrs.addr(3).name=localhost -config api.key=<key that is also to be supplied in the app-tester via config>
-config api.disablekey=true
insteaddocker run --name pt-redis -p 6379:6379 --rm -it redis:alpine
config.local.json
remains the same as above technique:npm start
config.local.json
follows:
"host": {
"ip": "172.25.0.110"
},
"redis": {
"clientCreationOptions": {
"port": 6379,
"host": "172.17.0.3"
}
},
"testers": {
"app": {
"url": "http://127.0.0.1:3000",
"active": true
},
...
~/Source/purpleteam-orchestrator npm run dc-build-orchestrator
~/Source/purpleteam-orchestrator npm run dc-up-orchestrator
config.local.json
of the CLI should be as following:
"purpleteamApi": {
"protocol": "http",
"ip": "172.25.0.110"
}
~/Source/purpleteam npm start -- test
orchestrator-testers-compose.yml
Assuming the orchestrator-testers-compose.yml
has been run and the user-defined bridge network exists,
~/Source/purpleteam-app-emissary docker-compose up --scale zap=2
The two Zap containers are then accessible at http://172.25.0.2:8080/
and http://172.25.0.3:8080/
Change app-scanner
config.local.json
from:
"host": {
"ip": "127.0.0.1"
},
"redis": {
"clientCreationOptions": {
"port": 6379,
"host": "172.17.0.3"
}
},
...
to:
"host": {
"ip": "172.25.0.120"
},
"redis": {
"clientCreationOptions": {
"port": 6379,
"host": "redis" // when using with docker-compose
}
},
...
Change orchestrator
config.local.json
from:
"redis": {
"clientCreationOptions": {
"port": 6379,
"host": "172.17.0.3"
}
},
"testers": {
"app": {
"url": "http://127.0.0.1:3000",
"active": true
},
...
to:
"redis": {
"clientCreationOptions": {
"port": 6379,
"host": "redis" // when using with docker-compose
}
},
"testers": {
"app": {
"url": "http://172.25.0.120:3000",
"active": true
},
...
~/Source/purpleteam-app-scanner docker build --build-arg LOCAL_GROUP_ID=$(id -g) --build-arg LOCAL_USER_ID=$(id -u) --tag purpleteam-app_scanner-img .
Supposing the compose_pt-net
user-defined bridge is already created from the previous docker-compose.yml
files (you can check this with docker network ls
then docker network inspect compose_pt-net
)
~/Source/purpleteam-app-scanner docker run --network=compose_pt-net --ip="172.25.0.120" -e "NODE_ENV=local" -p 3000:3000 -it --rm --name purpleteam-app_scanner-cont purpleteam-app_scanner-img