diff --git a/ docker-compose.production.yml b/ docker-compose.production.yml deleted file mode 100644 index 6e0da79..0000000 --- a/ docker-compose.production.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: "3.9" -services: - well-known: - build: - context: docker/vault - image: git.nixc.us/colin/vault:production \ No newline at end of file diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..fe01e84 --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,143 @@ +labels: + hostname: "macmini7" +clone: + git: + image: woodpeckerci/plugin-git + settings: + partial: false + depth: 1 +steps: + # Build Step for staging Branch + build-staging: + name: build-staging + image: woodpeckerci/plugin-docker-buildx + secrets: [REGISTRY_USER, REGISTRY_PASSWORD] + volumes: + - /var/run/docker.sock:/var/run/docker.sock + commands: + - echo "Building application for staging branch" + - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us + - echo compose build + - docker compose -f docker-compose.staging.yml build + when: + - branch: main + - event: push + - path: + include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ] + + deploy-new: + name: deploy-new + when: + - branch: main + - path: + include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ] + image: woodpeckerci/plugin-docker-buildx + secrets: [REGISTRY_USER, REGISTRY_PASSWORD] + volumes: + - /var/run/docker.sock:/var/run/docker.sock + commands: + - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us + - echo compose push + - docker compose -f docker-compose.staging.yml push + # - docker stack deploy --with-registry-auth -c ./stack.staging.yml $${CI_REPO_NAME}-staging + + # # Wait for Deploy to Complete + # wait-for-deploy-staging: + # name: wait-for-deploy-staging + # image: woodpeckerci/plugin-git + # commands: + # - echo "Waiting for staging deploy step to complete rollout." + # - sleep 60 + # when: + # - branch: main + # - event: push + + # # Run Automated Tests on staging Branch + # test-staging: + # name: run-tests-staging + # image: git.nixc.us/colin/playwright:latest + # secrets: [ base_url ] + # when: + # - branch: main + # - event: push + # - path: + # include: [ 'tests/', 'src/','docker-compose.staging.yml', 'docker-compose.production.yml', '*.tests.ts' ] # Specify paths relevant to tests + # volumes: + # - /var/run/docker.sock:/var/run/docker.sock:ro + + cleanup-staging: + name: cleanup-staging + when: + - branch: main + - path: + include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ] + image: woodpeckerci/plugin-docker-buildx + secrets: [REGISTRY_USER, REGISTRY_PASSWORD] + volumes: + - /var/run/docker.sock:/var/run/docker.sock + commands: + # - docker stack rm $${CI_REPO_NAME}-staging + ## added fault tolerance for docker stack rm + # - for i in {1..5}; do docker stack rm ${CI_REPO_NAME}-staging && break || sleep 10; done + - docker compose -f docker-compose.staging.yml down + - docker compose -f docker-compose.staging.yml rm -f + + # Build Step for staging Branch + build-build-push-production: + name: build-build-push-production + image: woodpeckerci/plugin-docker-buildx + secrets: [REGISTRY_USER, REGISTRY_PASSWORD] + volumes: + - /var/run/docker.sock:/var/run/docker.sock + commands: + - echo "Building application for staging branch" + - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us + - echo compose build + - docker compose -f docker-compose.production.yml build + - docker compose -f docker-compose.production.yml push + when: + - branch: production + - event: push + - path: + include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ] + + # Deploy to Production Branch + deploy-production: + name: deploy-production + image: woodpeckerci/plugin-docker-buildx + secrets: [REGISTRY_USER, REGISTRY_PASSWORD] + volumes: + - /var/run/docker.sock:/var/run/docker.sock + commands: + - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us + # - docker stack deploy --with-registry-auth -c ./stack.production.yml $${CI_REPO_NAME} + when: + - branch: production + - event: push + # - path: + # include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ] + + + # # Wait for Deploy to Complete + # wait-for-deploy-production: + # name: wait-for-deploy-production + # image: woodpeckerci/plugin-git + # commands: + # - echo "Waiting for deploy step to complete rollout." + # - sleep 60 + # when: + # - branch: production + # - event: push + + # # Run Post-Deployment Smoke Tests + # post-deploy-smoke-tests-git-nixc-us: + # name: run-post-deploy-smoke-tests-git-nixc-us + # image: git.nixc.us/colin/playwright:latest + # # secrets: [TEST_USER, TEST_PASSWORD] + # environment: + # - BASE_URL=https://git.nixc.us + # when: + # - branch: production + # - event: push + # # - path: + # # include: [ 'stack.production.yml', 'stack.staging.yml', 'docker-compose.staging.yml', 'docker-compose.production.yml', 'Dockerfile', '*.tests.ts' ] \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..06f62d5 --- /dev/null +++ b/README.md @@ -0,0 +1,14 @@ + +## Nikto Web Vulnerability Scanner +[Nikto](https://github.com/sullo/nikto) from Sullo is a web server assessment tool. It is designed to find various default and insecure files, configurations and programs on any type of web server. + +Call it without arguments to display the full help: + +`docker run --rm git.nixc.us/colin/nikto` + +Basic usage +`docker run --rm git.nixc.us/colin/nikto -h https://www.example.com` + +To save the report in a specific format, mount /tmp as a volume: + +`docker run --rm -v $(pwd):/tmp git.nixc.us/colin/nikto -h http://www.example.com -o /tmp/out.json` diff --git a/docker-compose.production.yml b/docker-compose.production.yml new file mode 100644 index 0000000..826e94f --- /dev/null +++ b/docker-compose.production.yml @@ -0,0 +1,6 @@ +version: "3.9" +services: + nikto: + build: + context: docker/nikto + image: git.nixc.us/colin/nikto:production diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml new file mode 100644 index 0000000..44330b5 --- /dev/null +++ b/docker-compose.staging.yml @@ -0,0 +1,6 @@ +version: "3.9" +services: + nikto: + build: + context: docker/nikto + image: git.nixc.us/colin/nikto:staging diff --git a/docker/nikto/Dockerfile b/docker/nikto/Dockerfile new file mode 100644 index 0000000..c1d84d3 --- /dev/null +++ b/docker/nikto/Dockerfile @@ -0,0 +1,36 @@ +FROM alpine:latest + +RUN apk add --update git + +#force fresh git clone each build. +ADD https://api.github.com/repos/sullo/nikto/git/refs/heads/master version.json +RUN mkdir /source /nikto && cd /source && git clone https://github.com/sullo/nikto.git + +RUN mv /source/nikto/program/* /nikto/ + +ENV PATH="/nikto:${PATH}" + +RUN echo 'Selecting packages to Nikto.' \ + && apk update \ + && apk add --no-cache --virtual .build-deps \ + perl \ + perl-net-ssleay \ + && echo 'Cleaning cache from APK.' \ + && rm -rf /var/cache/apk/* \ + && echo 'Creating the nikto group.' \ + && addgroup nikto \ + && echo 'Creating the user nikto.' \ + && adduser -G nikto -g "Nikto user" -s /bin/sh -D nikto \ + && echo 'Changing the ownership.' \ + && chown -R nikto.nikto /nikto \ + && echo 'Creating a random password for root.' \ + && export RANDOM_PASSWORD=`tr -dc A-Za-z0-9 < /dev/urandom | head -c44` \ + && echo "root:$RANDOM_PASSWORD" | chpasswd \ + && unset RANDOM_PASSWORD \ + && echo 'Locking root account.' \ + && passwd -l root \ + && echo 'Finishing image.' + +USER nikto + +ENTRYPOINT ["nikto.pl"] \ No newline at end of file