-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Expand file tree
/
Copy pathDockerfile
More file actions
109 lines (95 loc) · 4.32 KB
/
Dockerfile
File metadata and controls
109 lines (95 loc) · 4.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
###########################################################################################################
###########################################################################################################
## ##
## Please read the Wiki Installation section on set-up using Docker prior to building this container. ##
## BeEF does NOT allow authentication with default credentials. So please, at the very least ##
## change the username:password in the config.yaml file to something secure that is not beef:beef ##
## before building or you will be denied access and have to rebuild anyway. ##
## ##
###########################################################################################################
###########################################################################################################
# ---------------------------- Start of Builder 0 - Gemset Build ------------------------------------------
FROM ruby:3.4.7-slim-bookworm AS builder
COPY . /beef
# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files.
# Then add bundler/gem dependencies and install.
# Finally change permissions of bundle installs so we don't need to run as root.
RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
git \
curl \
libssl-dev \
xz-utils \
pkg-config \
make \
g++ \
libcurl4-openssl-dev \
ruby-dev \
libyaml-dev \
libffi-dev \
zlib1g-dev \
libsqlite3-dev \
sqlite3 \
&& bundle install --gemfile=/beef/Gemfile --jobs=`nproc` \
&& rm -rf /usr/local/bundle/cache \
&& chmod -R a+r /usr/local/bundle \
&& rm -rf /var/lib/apt/lists/*
# ------------------------------------- End of Builder 0 -------------------------------------------------
# ---------------------------- Start of Builder 1 - Final Build ------------------------------------------
FROM ruby:3.4.7-slim-bookworm
LABEL maintainer="Beef Project" \
source_url="github.com/beefproject/beef" \
homepage="https://beefproject.com/"
# BeEF UI/Hook port
ARG UI_PORT=3000
ARG PROXY_PORT=6789
ARG WEBSOCKET_PORT=61985
ARG WEBSOCKET_SECURE_PORT=61986
# Create service account to run BeEF and install BeEF's runtime dependencies
RUN adduser --home /beef --gecos beef --disabled-password beef \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
curl \
wget \
espeak \
lame \
openssl \
libreadline-dev \
libyaml-dev \
libxml2-dev \
libxslt-dev \
libncurses5-dev \
libsqlite3-dev \
sqlite3 \
zlib1g \
bison \
nodejs \
firefox-esr \
&& apt-get -y clean \
&& rm -rf /var/lib/apt/lists/*
# Install geckodriver for Selenium tests
# Pin version and verify checksum to mitigate supply chain attacks
ENV GECKODRIVER_VERSION=v0.36.0
ENV GECKODRIVER_SHA256=0bde38707eb0a686a20c6bd50f4adcc7d60d4f73c60eb83ee9e0db8f65823e04
RUN wget -q "https://github.com/mozilla/geckodriver/releases/download/${GECKODRIVER_VERSION}/geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" \
&& echo "${GECKODRIVER_SHA256} geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" | sha256sum -c - \
&& tar -xzf "geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" -C /usr/local/bin \
&& chmod +x /usr/local/bin/geckodriver \
&& rm "geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz"
# Use gemset created by the builder above
COPY --chown=beef:beef . /beef
COPY --from=builder /usr/local/bundle /usr/local/bundle
# Ensure we are using our service account by default
USER beef
# Expose UI, Proxy, WebSocket server, and WebSocketSecure server ports
EXPOSE $UI_PORT $PROXY_PORT $WEBSOCKET_PORT $WEBSOCKET_SECURE_PORT
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "-fS", "localhost:$UI_PORT" ]
WORKDIR /beef
ENTRYPOINT ["/beef/beef"]
# ------------------------------------- End of Builder 1 -------------------------------------------------