Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hahwul/backbomb
💣 Dockerized penetration-testing/bugbounty/app-sec testing environment
https://github.com/hahwul/backbomb
appsec bugbounty docker docker-image environment golang hacking pentest security tools
Last synced: 3 months ago
JSON representation
💣 Dockerized penetration-testing/bugbounty/app-sec testing environment
- Host: GitHub
- URL: https://github.com/hahwul/backbomb
- Owner: hahwul
- License: mit
- Archived: true
- Created: 2020-11-22T13:32:50.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2021-11-24T20:09:50.000Z (about 3 years ago)
- Last Synced: 2024-09-24T11:03:09.097Z (3 months ago)
- Topics: appsec, bugbounty, docker, docker-image, environment, golang, hacking, pentest, security, tools
- Language: Go
- Homepage:
- Size: 467 KB
- Stars: 31
- Watchers: 4
- Forks: 8
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-hacking-lists - hahwul/backbomb - 💣 Dockerized penetration-testing/bugbounty/app-sec testing environment (Go)
README
> Cool Guys Don't Look At Explosions 😎💣
- [What is BackBomb?](#what-is-backbomb-)
- [Getting started](#getting-started)
* [Requirements](#requirements)
* [Installation](#installation)
- [Usage](#usage)
* [Initialization](#initialization)
* [Run](#run)
* [Update](#update)
* [Uninstall](#uninstall)
- [Persistant data and result](#persistant-data-and-result)
- [Contributors](#contributors)## What is BackBomb?
Dockerized penetration-testing/bugbounty/app-sec testing environment## Getting started
### Requirements
This tool uses a docker cli. Docker installation is required.https://docs.docker.com/get-docker
### Installation
```
$ go get -u github.com/hahwul/backbomb
```## Usage
```
.----. .--. .---. .-. .-..----. .----. .-. .-..----.
| {} } / {} \ / ___}| |/ / | {} }/ {} \| `.' || {} }
| {} }/ /\ \\ }| |\ \ | {} }\ /| |\ /| || {} }
`----' `-' `-' `---' `-' `-'`----' `----' `-' ` `-'`----'Dockerized penetration-testing/bugbounty/app-sec testing environment
Cool Guys Don't Look At Explosions 😎💣Usage:
backbomb [command]Available Commands:
help Help about any command
init Initialization backbomb docker image
run Start backbomb
update Update hahwul/backbomb image
version Show versionFlags:
--config string config file (default is $HOME/.backbomb.yaml)
-h, --help help for backbombUse "backbomb [command] --help" for more information about a command.
```### Initialization
```
$ backbomb init
```After initialization, the docker image and volume are prepared 😎
```
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hahwul/backbomb latest 749a17299401 23 hours ago 3.97GB
```
```
$ docker volume list | grep backbomb
local backbomb
```### Run
`run` command allows you to omit and drive additional docker execution options, such as `--mount`.
```
$ backbomb run
```sample
```
$ backbomb run
INFO[0000] Starting backbomb 💣
INFO[0000] The docker client object has been created
INFO[0000] Container creating job successful
INFO[0000] 02267b3954516c500e0d4e826c5c4af8d911a1d391352cd3f915e98975b20f83
INFO[0000] Connecting backbomb container
☁ /project ll
total 0... testing all the things 😁 ...
☁ /project exit
INFO[0014] Start the shutdown process.
INFO[0014] Finish
```### Update
You can use the update command to update the image.
```
$ backbomb update
INFO[0000] Start update image to latest
INFO[0000] Pulling backbomb latest image
INFO[0003] Finish!
```### Uninstall
Coming soon!## Persistant data and result
The `/app` path is backbomb [PV(Persistent Volume)](https://docs.docker.com/storage/volumes/) which stores data that needs to be maintained continuously, including Postgres. This means sharing data between the host and the docker, and of course it is not stored on a remote server. Since db interlocking services such as metasploit and find domain are established in advance, you can use them comfortably without any additional interlocking process.e.g
```
☁ /project msfconsole
...snip..
+ -- --=[ 2087 exploits - 1127 auxiliary - 354 post ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops ]
+ -- --=[ 7 evasion ]Metasploit tip: When in a module, use back to go
back to the top level promptmsf6 > db_status
[*] Connected to msf. Connection type: postgresql.
msf6 > workspace
* default
```## Contributors
![](/CONTRIBUTORS.svg)