This project provides a flexible Docker-based environment primarily focused on deploying offensive security tools and exploring attack surfaces. It has been streamlined to remove default vulnerable target machines, allowing you to integrate your own targets or focus solely on attack infrastructure.
✅ Pentesting Tools
- Kali Linux container with full toolset (
controller) - Pre-configured for network-wide access
- Direct container shell access
✅ Network Isolation
- Dedicated pentest-lab bridge network (172.20.0.0/16)
- All services on same network
- Internal DNS resolution
- Port forwarding for external access
✅ Data Persistence
- Persistent volumes for all services (findings, payloads, logs, reports)
- Centralized findings repository
- Full logging and evidence collection
- Payload storage
✅ Easy Management
- Simplified
docker-compose.ymlfor attack infrastructure - One-command startup (via
lab.sh) - Shared volume between containers
- Documented credentials and access points
We've significantly upgraded the lab management experience:
Before running the lab, it's recommended to ensure your host system has all necessary dependencies.
- Function: Checks for
git,docker,docker-compose, andpandoc(for reporting). Provides installation commands if dependencies are missing. - Usage:
Remember to set executable permissions for
./setup-host.sh
setup-host.shin your Unix-like environment:chmod +x setup-host.sh
The lab.sh script is now your central hub for managing the pentesting lab. It supports scenario-based deployment and an interactive menu.
- Function: Run
lab.shwithout any arguments to launch a user-friendly interactive menu for all lab operations. - Usage:
./lab.sh
- Function: All previous
lab.shcommands are still available, now supporting scenario-based deployment. - Usage:
Remember to set executable permissions for
# Start a specific lab scenario (e.g., metasploit) ./lab.sh up metasploit # Stop the currently active lab ./lab.sh down # Check status of the active lab ./lab.sh status # View logs for a service in the active lab ./lab.sh logs metasploit-db # Access a shell in a service (e.g., controller) ./lab.sh shell controller
lab.shin your Unix-like environment:chmod +x lab.sh
The Covenant C2 framework can now be easily deployed as a lab scenario.
- Function: The first time you start the Covenant lab, it will automatically clone its repository and build the Docker image. Subsequent runs will be much faster.
- Usage:
Access the Covenant web interface at
./lab.sh up covenant
https://localhost:7443. Note: Building Covenant requires a working internet connection within the Docker build environment. Remember to set executable permissions forsetup-covenant.shin your Unix-like environment:chmod +x setup-covenant.sh
A lightweight and flexible reporting solution using Markdown and pandoc has been integrated.
- Function: Convert Markdown report files into professional-looking PDF documents.
- Usage:
- Copy the template:
cp reports/template.md reports/my_project_report.md
- Edit your report: Fill in your findings in
reports/my_project_report.md. - Generate PDF:
This will create
./generate-report.sh reports/my_project_report.md
reports/my_project_report.pdf. Dependencies: This feature requirespandocand a LaTeX distribution (e.g., TeX Live) installed on your host system.setup-host.shwill check forpandoc. For best results, it's recommended to install theEisvogelpandoc template. Remember to set executable permissions forgenerate-report.shin your Unix-like environment:chmod +x generate-report.sh
- Copy the template:
For a quick setup and deployment of a default lab, you can use the following one-liner from your Unix-like terminal:
./setup-host.sh && ./lab.sh up metasploitThis command will:
- Check and prompt you to install host dependencies like Docker and
pandoc. - Start the
metasploitlab scenario.
| Service | IP | Port | Username | Password | Notes |
|---|---|---|---|---|---|
| Controller | 172.20.0.x | - | root | - | Kali Linux with tools |
| Evil-WinRM Controller | 172.23.0.x | - | root | - | Controller for Evil-WinRM operations |
| Findings Storage | (Internal) | - | - | - | Centralized storage for findings, payloads, logs, reports |
pentest-lab Network (172.20.0.0/16) - Placeholder for your custom target network
│
└── [172.20.0.x] Controller (Kali Linux)
└── Access to your custom targets
└── [172.23.0.x] Evil-WinRM Controller (LinWinPwn)
└── Connects to your custom Windows targets via WinRM
pentest-lab/
├── findings/ # Documentation of findings
│ └── FINDINGS.md # Main findings tracker
├── payloads/ # Exploits and wordlists
│ ├── exploit/ # Exploit code
│ ├── shellcode/ # Reverse shells
│ └── wordlist/ # Custom wordlists
├── tools/ # Custom scripts (including cloned Covenant repo)
├── reports/ # Report generation
├── logs/ # Container logs
│ ├── controller/ # Controller activity
│ └── evil-winrm-controller/ # Evil-WinRM Controller activity
├── volumes/ # Persistent container data
└── docker/ # Custom Dockerfiles (e.g., for custom attack tools)
Edit environment variables in docker-compose.yml:
environment:
- ROOT_PASSWORD=your_password
- ADMIN_PASSWORD=your_password# Stop all services
docker-compose down
# Remove volumes (data reset)
docker-compose down -v
# Remove all custom images
docker-compose down --rmi alldocker-compose logs controller
docker-compose logs evil-winrm-controllerdocker network ls
docker network inspect pentest-lab- Use with VPN or air-gapped network for safety
- Review the new
docker-compose.ymlto understand the current attack infrastructure. - Integrate your own custom target machines into the network for practice.
- Customize Dockerfiles for specific practice scenarios.
- Document all findings in
findings/FINDINGS.md.
For issues or questions:
- Check Docker logs:
docker-compose logs <service> - Review Dockerfiles in
docker/directory
Ready to practice? Start with:
./setup-host.sh
./lab.sh # for interactive menu
./lab.sh up <scenario_name> # e.g., ./lab.sh up metasploit
./lab.sh shell controller