Closed AnubisSec closed 3 years ago
Thank you! 🙌
One small change, please. Could you remove the first two lines, and rather add a new THANKS.md
in the project root with a line that says:
- Anubis (@AnubisOnSec)
The git commit history will record you as the original author for the plan.
Also, while I am thinking about this, the container you are referencing (https://hub.docker.com/r/anubissec/gobuster) is rather new, and I can't seem to find the Dockerfile
easily for it. Since there is no official Docker image for gobuster
I wonder if this isn't a good time to support inline Dockerfiles
in the plan?
I definitely see what you're saying. I noticed the same thing, that Gobuster doesn't have an official Dockerfile
which was my main reason for making my own. I can see the issue of supporting inline Dockerfiles
like that though.
Being relatively new to Docker dev stuff, I'm not totally sure the right answer. Would you rather just not support gobuster officially until there is an official Dockerfile
or do you have any other suggestions?
Thanks for your help and insight!
I can see the issue of supporting inline
Dockerfiles
like that though.
Could you elaborate on the issue you see maybe? I'm planning on adding this relatively soon actually.
Would you rather just not support gobuster officially until there is an official
Dockerfile
or do you have any other suggestions?
I'd love to support it! I think it's an issue one would have with many tools though (not just this one), so would like to make sure we have a big enough hammer here :D
Thanks for the discussion.
Could you elaborate on the issue you see maybe? I'm planning on adding this relatively soon actually.
I imagine allowing users to just reference any Dockerfile could lead to issues, as opposed to using "officially" supported Dockerfile's from the tool dev's. As I type it out, I understand that the supportability of this would be pretty difficult, but I guess it's just something to consider on compatibility.
And thank you so much! I can make the Dockerfile public so it can be reviewed, and then make the THANKS.md
if you'd like. If not, I can close this out while you determine next steps of supportability and just continue editing my own repo until then.
Totally up to you!
I took a quick stab at adding inline Dockerfile
support in this commit: https://github.com/sensepost/dwn/commit/0a9b2d1421bc9558c2710968c5e18185317a8ec1
The ffuf
plan should show what I have in mind. Running it should look something like this (the file wordlist.txt
is in the current working directory on my host):
❯ dwn run ffuf -u http://localhost/FUZZ -w wordlist.txt
(i) found plan for ffuf
(i) volume: /Users/leonjza/scratch/ffuf -> /data
(w) image for plan ffuf does not exist, quickly building it
(i) container for ffuf:dwnlocal built
(i) streaming container logs
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v1.3.0-git
________________________________________________
:: Method : GET
:: URL : http://localhost/FUZZ
:: Wordlist : FUZZ: wordlist.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405
________________________________________________
:: Progress: [6/6] :: Job [1/1] :: 0 req/sec :: Duration: [0:00:00] :: Errors: 6 ::
The ffuf
plan:
name: ffuf
image: ffuf
dockerfile: |
FROM golang:1-alpine
RUN apk --no-cache add git && \
go get github.com/ffuf/ffuf && \
mkdir -p /data
ENV PATH="/go/bin:${PATH}"
WORKDIR /data
VOLUME /data
ENTRYPOINT [ "ffuf" ]
detach: false
volumes:
.:
bind: /data
Ahh okay, yeah that looks really cool. I guess I was a bit confused by what you meant by inline
support. I like that a lot actually!
Awesome! Could you update this PR so that plan has the Dockerfile inline then we can close this off?
Added inline for Gobuster and added the THANKS.md
file you mentioned as well.
Thanks a ton for your help (and patience, a bit new to the whole Github contribution thing haha).
Thank you!
I love this project and would love to contribute to it, as small as this is, to add gobuster to the plan list. I find myself using this a lot and would love to have this included in this tool.
I've implemented it similarly to your other plans, so you should be able to just run
dwn run gobuster <command line args>
Let me know if you don't think this is a good add, or if you have any questions!
Thanks a ton for this awesome project!