From dd25bcb6f846d75fd954323ae73352d7b75d4b5b Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Thu, 6 Jul 2023 01:08:34 +0200 Subject: [PATCH] Add a Docker image --- docker/Dockerfile | 41 +++++++++++++++++++++++++++++++++++++++++ docker/runmasscanned | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 docker/Dockerfile create mode 100755 docker/runmasscanned diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..973ac96 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,41 @@ +# This file is part of masscanned. +# Copyright 2021 - 2023 The IVRE project +# +# Masscanned is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Masscanned is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +# License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Masscanned. If not, see . + +FROM debian:12 AS builder + +ENV DEBIAN_FRONTEND noninteractive + +RUN echo "deb http://deb.debian.org/debian testing main" > /etc/apt/sources.list.d/testing.list && \ + apt-get -q update && \ + apt-get -qy --no-install-recommends install cargo ca-certificates curl && \ + curl -L https://github.com/ivre/masscanned/archive/refs/heads/master.tar.gz | tar zxf - && \ + cd masscanned-master && \ + cargo build --release + +FROM debian:12 +LABEL maintainer="Pierre LALET " + +COPY --from=builder /masscanned-master/target/release/masscanned /usr/local/bin/masscanned + +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get -q update && \ + apt-get -qy --no-install-recommends install iproute2 iptables && \ + apt-get clean && rm -rf /var/lib/apt/lists/* + +COPY runmasscanned /usr/local/bin/runmasscanned + +CMD /usr/local/bin/runmasscanned diff --git a/docker/runmasscanned b/docker/runmasscanned new file mode 100755 index 0000000..7953cb6 --- /dev/null +++ b/docker/runmasscanned @@ -0,0 +1,35 @@ +#! /bin/bash +# This file is part of masscanned. +# Copyright 2021 - 2023 The IVRE project +# +# Masscanned is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Masscanned is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public +# License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Masscanned. If not, see . + +iface="$(ip route get 0.0.0.1 | awk '/^0\.0\.0\.1 via / {print $5}')" +addrs="$(ip a show eth0 | awk '/ inet6? / {print $2}' | sed 's#/.*##' | tr '\n' ',' | sed 's#,$##')" + +if ! capsh --print | awk '/^Current: / {print $2}' | tr ',' '\n' | grep -q '^cap_net_admin$'; then + echo "WARNING: cannot run iptables (need capability cap_net_admin)" >&2 + exit 1 +fi + +for v in '' 6; do + for c in INPUT OUTPUT FORWARD; do + ip${v}tables -P $c DROP + done +done + +echo Interface: "$iface" +echo Addresses: "$addrs" + +/usr/local/bin/masscanned -i "$iface" --self-ip-list "$addrs"