Offensive Docker for CTF, Pentesting and Bug Bounty – VB

Offensive Docker
Offensive Docker is an image with the most used offensive tools to scan your targets and you can launch it easily locally or cloud. I chose docker technology because it allows me create an image and share publicly with the cybersecurity community and run multiples containers to analyze different targets.
The project repository is: Offensive Docker

How was it born?
When I began to learn offensive techniques I needed an environment with the most used tools to scan the targets in few minutes. So, the project provides:
– Portability
– Multiplatform
– Availability

Tools installed categories:
– Ports scanning
– Recon
– Wordlist
– Git repositories
– Brute Force
– Cracking
– OS Enumeration
– Exploits
– Windows
– Reverse shell

Programming languages:
– Go
– NodeJS
– Python
– Php
– Ruby

Services installed:
– Proxy squid.- to receive traffic from your browser or BurpSuite. It helps you to avoid geography restrictions to access to the targets.
– Openvpn.- to access to vpn network from platforms as Hackthebox or Tryhackme and practice offensive techniques.

There are some considerations to run the image, specifically to:
– VPN connections
– Store data
– Expose services
– Mount directories

Image customization
There are some tools where you need to customize the image, so I have created the next repo Docker Offensive Custom with the process to do a personal image with our private configurations like as:
– Use API Keys
– Store history commands.
– Alias or functions environment.

Virtual private server full automation

If you need to run the image in a cloud server I have create the next repo: Offensive Docker VPS to launch the image in Google Cloud Platform or Digital Ocean in a few minutes.
I have used tools like as: terraform and ansible to automate the tasks.


Arsenio Aguirre

I am husband and dad. I have more than 10 years of experience in the cybersecurity field, being my expertise on Identity and Access Management. I have participated in different webinars talking about Json Web Token standard and how to use it to protect APIs. Currently I am immersed in offensive security, I am learning and practicing pentesting and web hacking and why not practice with bug bounty programs where we have real targets to exploit vulnerabilities.

Friday Oct 30, 2020 - 04:15 PM CDT

Level 0, Red Team Village

Red Team


Briefing 1hr