search

R0X4R / Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
MIT License
780 stars 178 forks source link

Containerising Garud & All its dependencies #36

Closed frost19k closed 2 years ago

frost19k commented 2 years ago

Containerisation simplifies the installation process for the user & allows maintainers to control the installation environment. In the future, workflows can be created to automatically push pre-built images to Docker Hub.

As it stands, the current image is 810MB in size.

frost19k commented 2 years ago

I'll remove subzy & I have verified amass works without error. As do all the other tools. The only thing I didn't verify is notify.

Although, aquatone's -chrome-path needs to be $CHROME_BIN inside the container. I forgot to add that change before making the commit. My bad.

R0X4R commented 2 years ago

Hii @frost19k,

Have you checked all these commits. Is it working fine or you have encountered any error?

frost19k commented 2 years ago

I have built the latest commit on two separate machines with a clean Buildkit cache. Both builds succeeded. I have manually verified that the requisite tools exist in /usr/local/bin & that the expected directory tree in ~/ is correct & gf's patterns are properly copied to /root/.gf (.gf cannot be moved to /Garud)

Changing HOME to /Garud is more an aesthetic change IMHO. It looks nicer when .config is mounted to /Garud than /root

Having said all this - there are a lot of moving parts to Garud & it is possible that I may have missed something. Although - I wanna assure you that I tested extensively (issue #35, for e.g.) & you can assign any future Docker related issues to me.

R0X4R commented 2 years ago

Hii @frost19k,

Thank you for your time and contribution. I'm approving this pr and linking this pr with your issue. Also can you please send me your Twitter id.

Thanks and regards, R0X4R

frost19k commented 2 years ago

Hey, thanks for accepting my PR. This is the first time I've had a PR accepted! :-D

I have plans to further develop the container in such a way that the User doesn't have to configure Namespaces & I'm also looking into workflows to automate publishing the container to Docker Hub. Then users can simply docker pull & docker run!

My twitter is @hoodlytwokeys - but I'm not at all active on Social Media! :-P

R0X4R commented 2 years ago

Thank you @frost19k, for making Garud better. If you can make Garud into DockerHub container it would be very helpful. Also wishing you all the best for the future :)

Your contribution is not listed in https://github.com/R0X4R/Garud/blob/master/.github/contributors.md Also wrote a tweet about this https://twitter.com/R0X4R/status/1468227278576435206

Thanks again!