Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hahwul/backbomb

💣 Dockerized penetration-testing/bugbounty/app-sec testing environment
https://github.com/hahwul/backbomb

appsec bugbounty docker docker-image environment golang hacking pentest security tools

Last synced: about 1 month ago
JSON representation

💣 Dockerized penetration-testing/bugbounty/app-sec testing environment

Host: GitHub
URL: https://github.com/hahwul/backbomb
Owner: hahwul
License: mit
Archived: true
Created: 2020-11-22T13:32:50.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2021-11-24T20:09:50.000Z (almost 3 years ago)
Last Synced: 2024-09-24T11:03:09.097Z (about 1 month ago)
Topics: appsec, bugbounty, docker, docker-image, environment, golang, hacking, pentest, security, tools
Language: Go
Homepage:
Size: 467 KB
Stars: 31
Watchers: 4
Forks: 8
Open Issues: 4
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md

Awesome Lists containing this project

awesome-hacking-lists - hahwul/backbomb - 💣 Dockerized penetration-testing/bugbounty/app-sec testing environment (Go)

README

        


  


  

  


   

  

   

   

   

  

  

  

  

  



> Cool Guys Don't Look At Explosions 😎💣

- [What is BackBomb?](#what-is-backbomb-)

- [Getting started](#getting-started)

  * [Requirements](#requirements)

  * [Installation](#installation)

- [Usage](#usage)

  * [Initialization](#initialization)

  * [Run](#run)

  * [Update](#update)

  * [Uninstall](#uninstall)

- [Persistant data and result](#persistant-data-and-result)

- [Contributors](#contributors)

## What is BackBomb?

Dockerized penetration-testing/bugbounty/app-sec testing environment

## Getting started

### Requirements

This tool uses a docker cli. Docker installation is required. 

https://docs.docker.com/get-docker

### Installation

```

$ go get -u github.com/hahwul/backbomb

```

## Usage 

```

.----.   .--.   .---. .-. .-..----.  .----. .-.   .-..----. 

| {}  } / {} \ /  ___}| |/ / | {}  }/  {}  \|  `.'  || {}  }

| {}  }/  /\  \\     }| |\ \ | {}  }\      /| |\ /| || {}  }

`----' `-'  `-' `---' `-' `-'`----'  `----' `-' ` `-'`----' 

Dockerized penetration-testing/bugbounty/app-sec testing environment

	Cool Guys Don't Look At Explosions 😎💣

Usage:

  backbomb [command]

Available Commands:

  help        Help about any command

  init        Initialization backbomb docker image

  run         Start backbomb

  update      Update hahwul/backbomb image

  version     Show version

Flags:

      --config string   config file (default is $HOME/.backbomb.yaml)

  -h, --help            help for backbomb

Use "backbomb [command] --help" for more information about a command.

```

### Initialization

```

$ backbomb init

```

After initialization, the docker image and volume are prepared 😎

```

$ docker images

REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE

hahwul/backbomb                                  latest              749a17299401        23 hours ago        3.97GB

```

```

$ docker volume list | grep backbomb

local               backbomb

```

### Run

`run` command allows you to omit and drive additional docker execution options, such as `--mount`.

```

$ backbomb run

```

sample

```

$ backbomb run

INFO[0000] Starting backbomb 💣

INFO[0000] The docker client object has been created

INFO[0000] Container creating job successful

INFO[0000] 02267b3954516c500e0d4e826c5c4af8d911a1d391352cd3f915e98975b20f83

INFO[0000] Connecting backbomb container

☁  /project  ll

total 0

... testing all the things 😁 ...

☁  /project  exit

INFO[0014] Start the shutdown process.

INFO[0014] Finish

```

### Update

You can use the update command to update the image.

```

$ backbomb update

INFO[0000] Start update image to latest

INFO[0000] Pulling backbomb latest image

INFO[0003] Finish!

```

### Uninstall

Coming soon!

## Persistant data and result

The `/app` path is backbomb [PV(Persistent Volume)](https://docs.docker.com/storage/volumes/) which stores data that needs to be maintained continuously, including Postgres. This means sharing data between the host and the docker, and of course it is not stored on a remote server. Since db interlocking services such as metasploit and find domain are established in advance, you can use them comfortably without any additional interlocking process.

e.g

```

☁  /project  msfconsole

...snip..

+ -- --=[ 2087 exploits - 1127 auxiliary - 354 post       ]

+ -- --=[ 592 payloads - 45 encoders - 10 nops            ]

+ -- --=[ 7 evasion                                       ]

Metasploit tip: When in a module, use back to go

back to the top level prompt

msf6 > db_status

[*] Connected to msf. Connection type: postgresql.

msf6 > workspace

* default

```

## Contributors

![](/CONTRIBUTORS.svg)