diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index d422441b..00000000 --- a/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -FROM ubuntu:jammy-20230425 - -ENTRYPOINT /bin/bash -RUN apt update -RUN apt install \ - python3 \ - python3-pip \ - python3-protobuf \ - python3-openssl \ - python3-twisted \ - python3-yaml \ - python3-distro \ - git \ - protobuf-compiler \ - libexpat1 \ - libexpat1-dev \ - libpython3-dev \ - python-is-python3 \ - zip \ - default-jdk \ - adb \ - -y - -COPY / /tmp -RUN cd /tmp && \ - python setup.py bdist_wheel -RUN pip install /tmp/dist/drozer*.whl -RUN pip install --upgrade protobuf \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 00000000..b7209e8f --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,56 @@ +FROM alpine:3.19.1 as builder +RUN apk add --no-cache \ + openjdk11-jdk \ + python3-dev \ + git \ + py3-pip \ + py3-openssl \ + py3-twisted \ + py3-yaml \ + protobuf-dev \ + bash \ + gcc \ + py3-wheel && \ + pip install --no-cache-dir --break-system-packages \ + protobuf==4.25.2 \ + distro && \ + git clone https://github.com/WithSecureLabs/drozer/ /tmp/drozer && \ + cd /tmp/drozer && \ + python setup.py bdist_wheel + +FROM alpine:3.19.1 +RUN --mount=target=/builder,from=builder,source=/tmp/drozer/dist apk add --no-cache \ + openjdk11-jre-headless \ + python3 \ + bash \ + musl-dev \ + gcc \ + python3-dev \ + libffi-dev \ + py3-pip && \ + pip install --no-cache-dir --break-system-packages \ + pyOpenSSL \ + service_identity \ + twisted \ + pyyaml \ + protobuf==4.25.2 \ + distro && \ + pip install /builder/drozer*.whl --no-cache-dir --break-system-packages && \ + apk del --purge --no-cache \ + py3-pip \ + gcc \ + bash \ + musl-dev \ + python3-dev \ + libffi-dev \ + alpine-baselayout \ + alpine-keys \ + libc-utils \ + apk-tools && \ + rm -rf /root \ + /etc/apk \ + /lib/apk \ + /usr/share/apk \ + /var/lib/apk \ + /usr/lib/python3.11/ensurepip +ENTRYPOINT ["drozer"] diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 00000000..7e746246 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,51 @@ +# Description + +WithSecure's official Docker image for [drozer](https://labs.withsecure.com/tools/drozer)'s computer client. + +drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. Its primary use case is simulating a rogue application on the device. A penetration tester does not have to develop an app with custom code to interface with a specific content provider. Instead, drozer can be used with little to no programming experience required to show the impact of letting certain components be exported on a device. + +This is a Docker image that uses OpenJDK 11 to compile and run the drozer computer agent. The `alpine:3.19.1` Docker image is used for both the build stage and the final image. + +# Build and Install + +A pre-built image can be pulled by running: + +```docker pull withsecurelabs/drozer``` + +Alternatively, to build this container yourself, use the `docker build` command, pointing it towards WithSecure's GitHub repository: + +```docker build -t withsecurelabs/drozer https://github.com/WithSecureLabs/drozer.git#develop:docker``` + +The source Dockerfile is available [here](https://github.com/WithSecureLabs/drozer/blob/develop/docker/Dockerfile). + +# Run and Connect + +## Option 1: connect to the phone via network + +If the target phone and PC are on the same network, this tends to be the easiest approach. + +1. Ensure that the drozer agent is running on the target device, and that the embedded server has been started. +2. Then, to run drozer and connect to the phone, run: ```docker run --net host -it withsecurelabs/drozer console connect --server ``` + +If a system shell is required (for example, to inspect and retrieve any files downloaded by drozer), you can: +1. Ensure that the drozer agent is running on the target device, and that the embedded server has been started. +2. Obtain a shell into the container: ```docker run --net host -it --entrypoint sh withsecurelabs/drozer``` +3. Then run the drozer command to connect to the phone: ```drozer console connect --server ``` + +## Option 2: connect to the phone via USB + +If network communications is restricted, `adb` port forwarding can be used to forward TCP traffic via USB. + +1. First, forward port 31415 to the phone via ADB: ```adb forward tcp:31415 tcp:31415``` +2. Ensure that the drozer agent is running on the target device, and that the embedded server has been started. +3. Then, to run drozer and connect to the phone, run: ```docker run --net host -it withsecurelabs/drozer console connect --server localhost``` + +If a system shell is required (for example, to inspect and retrieve any files downloaded by drozer), you can: +1. First, forward port 31415 to the phone via ADB: ```adb forward tcp:31415 tcp:31415``` +2. Ensure that the drozer agent is running on the target device, and that the embedded server has been started. +3. Obtain a shell into the container: ```docker run --net host -it --entrypoint sh withsecurelabs/drozer``` +4. Then run the drozer command to connect to the phone: ```drozer console connect --server localhost``` + +# Usage + +Refer to the [drozer README.md](https://github.com/WithSecureLabs/drozer/blob/develop/README.md#usage) and [Wiki](https://github.com/WithSecureLabs/drozer/wiki) on GitHub. \ No newline at end of file