DEV Community

Cover image for Building a Docker container for kiterunner
darkmage
darkmage

Posted on

Building a Docker container for kiterunner

#docker #fuzzing #api #linux

In the last few weeks, I've finally wrangled my head around Docker a bit.

As a demo, I've built a docker container for kiterunner.

Kiterunner is an API-fuzzing tool, very useful for bug bounty hunters and pen-testers. Shoutouts to @insiderphd for introducing me to the tool. I should have watched that video sooner!

Like any good tool, it requires some installation stuff beforehand.

I realized this is a good opportunity to begin integrating Docker into my workflow in a potentially useful way.

To quickly get Docker installed on debian or ubuntu:

# Install Docker
sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
Enter fullscreen mode Exit fullscreen mode

If you have Docker installed, you can simply:

docker run darkmagex6/kiterunner <params>
Enter fullscreen mode Exit fullscreen mode

I set it up so that you can pass parameters directly to the container.
Now, I have not yet dealt with an easy way to write output directly from the container to the local filesystem, but you can use docker cp for that.

docker cp darkmagex6/kiterunner:<filename> <destination>
Enter fullscreen mode Exit fullscreen mode

The Dockerfile for my kiterunner setup:
edit: swapped from debian to alpine and reduced number of RUN commands

FROM    alpine:latest
RUN     wget https://github.com/assetnote/kiterunner/releases/download/v1.0.2/kiterunner_1.0.2_linux_amd64.tar.gz && \
     tar -xvzf kiterunner_1.0.2_linux_amd64.tar.gz && \
     wget https://wordlists-cdn.assetnote.io/data/kiterunner/routes-small.kite.tar.gz && \
     wget https://wordlists-cdn.assetnote.io/data/kiterunner/routes-large.kite.tar.gz && \
     tar -xvzf routes-small.kite.tar.gz && \
     tar -xvzf routes-large.kite.tar.gz && \
     rm -rf kiterunner_1.0.2_linux_amd64.tar.gz routes-small.kite.tar.gz routes-large.kite.tar.gz
ENTRYPOINT ["./kr"]
Enter fullscreen mode Exit fullscreen mode

There's probably a better way to do this, but it is working.

If you enjoy this content or found it helpful in any way and want to show me some support, please check out my Twitch streams at https://twitch.tv/darkmage666.

Also check out my homepage: https://evildojo.com

You can support me on Patreon at: https://patreon.com/darkmage

Top comments (1)

Collapse
 
rj1 profile image
rj1

quick question - why do you have docker download/install go, to then go on and use a prebuilt go binary in the end?

Read next

sheosi profile image

A delightful OS - The kernel

sheosi -

stn1slv profile image

Integration Digest: September 2024

Stanislav Deviatov -

devkishor8007 profile image

Nodejs | Docker | Multi-stage

Kishor Kc -

getambassador2024 profile image

Mastering API Throttling: Techniques and Best Practices for Optimal Performance

Ambassador -