Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Established Dockerfile for creating container for powerpwn #82

Open
wants to merge 257 commits into
base: main
Choose a base branch
from
Open

Established Dockerfile for creating container for powerpwn #82

wants to merge 257 commits into from

Conversation

shanko07
Copy link
Collaborator

Created a Dockerfile which mimics the devcontainer setup. We should be able to build our own container now, distribute it and allow folks to run powerpwn from the container. Probably would be good to setup an action to publish new versions of the container to docker hub or somewhere else. Also, suggest figuring out how to not need to install from sources (mostly a problem with the puppeteer stuff I think. Had to add the --no-sandbox so this would run properly in a container that is running as root.

mbrg and others added 30 commits September 10, 2022 20:53
@mbrg
intro _run_cmd
539c7de
@mbrg
add c2 test
2137de8
@mbrg
add test init
b93bec6
@mbrg
reorder images for docs
4030d7f
@mbrg
intro power_automate_setup dir
331c340
@mbrg
intro malicious_msft
126e42e
@mbrg
add req file
1acbc64
@mbrg
add pr validation
f552f3f
@mbrg
limit to 3.9 for now
17e4b1c
@mbrg
fix reqs
8d33065
@mbrg
add pytest-xdist
acbfd42
@mbrg
intro config files
31b1786
@mbrg
fix flake8
3ee1237
@mbrg
working tests
81fae5a
@mbrg
fix typo
380a535
@mbrg
mypy cfg file
82e70bd
@mbrg
fix fixtures
196cb66
@mbrg
fix mypy
c82df4f
@mbrg
add json load where needed
f7619e9
@mbrg
fix missing comma
0f7b50d
@mbrg
fix linters
1db5dc6
@mbrg
fix linters
482b13d
@mbrg
fix flake8
c57ecf5
@mbrg
increase coverage reqs
65aeea7
@mbrg
Merge pull request mbrg#6 from mbrg/i5-basics
eb0df06 
Improve naming, development environment and intro tests
@lanasalameh1
re-org dirs
1859f19
@lanasalameh1
fix bandit
cbc92d1
@lanasalameh1
fix bandit
917de50
@lanasalameh1
bandit
d35d95e
@lanasalameh1
Merge pull request mbrg#8 from mbrg/feature/working_branch
dafd654 
re-org dirs to allow cnn integration
ofrin-zen and others added 12 commits September 29, 2024 09:33
@ofrin-zen
Merge pull request mbrg#68 from mbrg/feature/windows-puppeteer-support
604d75a 
Feature/windows puppeteer support copilot hunter
@ofrin-zen
Merge pull request mbrg#69 from mbrg/feature/windows-puppeteer-suppor…
d628f64 
…t-copilot365

Launch puppeteer browser with windows default location for chrome.exe…
@AvishaiEZen
Update readme.md
4ae3035
@mbrg
install prereqs on the devcontainer
52b83b2
@shanko07
Add additional copilot studio hunter directories to package data
fe0eff6
@AvishaiEZen
adding env vars
feaf417
@AvishaiEZen
Merge pull request mbrg#76 from mbrg/dev-container-prereqs
14b8a27 
install prereqs on the devcontainer
@AvishaiEZen
updated the setup and devcontainer files
c0f37f1
@AvishaiEZen
small fix
449bb31
@AvishaiEZen
Merge pull request mbrg#81 from mbrg/80-container-fix-for-copilot-hunter
a3a7972 
task/i80 - container fix for copilot-hunter
@AvishaiEZen
Merge pull request mbrg#77 from shanko07/main
1fa2420 
Add additional copilot studio hunter directories to package data
@shanko07
Established Dockerfile for creating container for powerpwn
d3fb4d5
@shanko07
Copy link
Collaborator Author

---no-sandbox is not the most secure idea, but it seems like the risk would be based on visiting a malicious site. Since we are not building the URLs based on user input, it seems safe to do this. Best practice would be to figure out how to build and run the container as a user instead of root. This would require the python package for powerpwn to be installed in that user's home area instead of the default location. seems like more effort than worth at the moment

ofrin-zen and others added 14 commits November 15, 2024 21:50
@ofrin-zen
initial version for power pages pen testing
b0376fe
@AvishaiEZen
Update powerpages.py
08e0a16
@ofrin-zen
add api
008c4bf
@ofrin-zen
Merge branch 'feature/anonymous_powerpages_check' of https://github.c…
99deb3a 
…om/mbrg/power-pwn into feature/anonymous_powerpages_check
@ofrin-zen
wip
b10b547
@AvishaiEZen
Update powerpages.py
2abf361
@ofrin-zen
fix flake8
d7cd9e5
@ofrin-zen
Merge branch 'feature/anonymous_powerpages_check' of https://github.c…
3d0af01 
…om/mbrg/power-pwn into feature/anonymous_powerpages_check
@ofrin-zen
timeout to all GETs
53146f3
@ofrin-zen
help command
5ef6d3e
@ofrin-zen
added package to setup.cfg
12ad1b4
@ofrin-zen
Merge pull request mbrg#83 from mbrg/feature/anonymous_powerpages_check
c02b0c8 
power pages module
@shanko07
Merge branch 'mbrg:main' into main
e3f7c49
@shanko07
Added a webserver to the container that exposes the final_results dir…
d6841da 
…ectory for easy download by inexperienced users
@mbrg
Copy link
Owner

mbrg commented Nov 18, 2024

---no-sandbox is not the most secure idea, but it seems like the risk would be based on visiting a malicious site. Since we are not building the URLs based on user input, it seems safe to do this. Best practice would be to figure out how to build and run the container as a user instead of root. This would require the python package for powerpwn to be installed in that user's home area instead of the default location. seems like more effort than worth at the moment

I'd be worried to pick and up run a "run security tool" off the internet with root prv

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AvishaiEZen AvishaiEZen Awaiting requested review from AvishaiEZen

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@shanko07 @mbrg @lanasalameh1 @jakevis @AvishaiEZen @eltociear @ofrin-zen