search

RAJANAGORI / Nightingale

It's a Docker Environment for Pentesting which having all the required tool for VAPT.
https://nightingale.rajanagori.in/
GNU General Public License v3.0
207 stars 29 forks source link

Docker images can be versioned and divided based on usecases #17

Closed preetkaran20 closed 2 years ago

preetkaran20 commented 2 years ago

Is your feature request related to a problem? Please describe. The Docker images are not versioned so migrating to an older version is not possible. Apart from that everything in one image makes it very huge. I think we can build multiple images based on use-cases like one for mobile, one for web, one for network, and maybe one image for everything. This way we can give use-case-driven images that engineers can use as per their requirements.

Describe the solution you'd like So the solution is to build a base image (very small with minimal tools which are used everywhere) and extend it in multiple other images based on use cases.

RAJANAGORI commented 2 years ago

The reason for not putting the versioning of the docker image is the updated tools list from the previous to the new version. Also, putting everything under one roof is the main reason to create an environment so that users can do whatever he or she wants to do with any scopes.

Instead of up and running multiple containers of the different use cases user can only up and run the one container and can perform different opration at once.

preetkaran20 commented 2 years ago

I think there is confusion here:

  1. Updated tool list, I agree if there is some security risk but how about the newer version of a tool that is not working so users might not able to switch to older versions. E.g. say latest version of SSH has issues but now as only one docker image is there, there is no way for user to switch to older image. Also having one image will make it mandatory for users to update that image which should not be the right approach.

  2. I think it is good to have everything under one roof but why not give a few more images as explained above? So i was suggesting giving the option to add multiple images along with one with everything.

I am not suggesting having multiple containers running at the same time. I am suggesting to have more than one docker image such that if say a web application pentester is there they can just pick that image, another example is if someone want to do just network pentesting, can use just network pentesting tools so need just pentester docker image.