Docker Images - froyo75/SpREaD GitHub Wiki
Available Docker Images
Evilginx3
Evilginx3 is a standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication protection.
This container runs without any IOCs or Evilginx Eggs + custom IP blacklist to block access to vendor sandboxes (Original from YCSM)
Evilginx Folders Description
| Name | Description |
|---|---|
| app | Contains Evilginx configuration files including predefined phishlets + a custom IP blacklist file |
| clean.sh | Remove all containers + images (clean install) for debugging purposes |
| docker-compose.yml | Contains the Evilginx container deployment configuration settings |
| Dockerfile | Contains instructions to build a new Evilginx container image |
| startEvilGinx.sh | Bash script to automatically build and run new Evilginx container using docker-compose tool |
| stopEvilGinx.sh | Bash script to automatically stop and remove the Evilginx container using docker-compose tool |
[!NOTE] A version of Evilginx with CDN support is also available on Docker/evilginx-cdn to bypass network security filters. This version is preconfigured with the azureedge.net domain. The phish_sub parameters in the provided phislets are set with default endpoint names. Don't forget to modify them according to your configuration.
Start/Stop Evilginx container
./startEvilGinx.sh
# OR
./stopEvilGinx.sh
Get a bash shell in the container
docker exec -it evilginx /bin/bash
Run Evilginx in the running container using developer and debug mode
bash-5.1# evilginx -p /app/phishlets/ -developer -debug
Evilginx Config
./app/
Display Evilginx container logs
docker logs evilginx
Gophish
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.
This container runs a custom version of GoPhish without any IOCs and signature + custom 404 page using a mod version of "phish.go" file (Original from edermi-gophish_mods)
Gophish Folders Description
| Name | Description |
|---|---|
| app | Contains Gophish configuration files |
| clean.sh | Remove all containers + images (clean install) for debugging purposes |
| docker-compose.yml | Contains the Gophish container deployment configuration settings |
| Dockerfile | Contains instructions to build a new Gophish container image |
| startGoPhish.sh | Bash script to automatically build and run new Gophish container using docker-compose tool |
| stopGoPhish.sh | Bash script to automatically stop and remove the Gophish container using docker-compose tool |
| run.sh | Bash script that will be executed inside the container to start the Gophish server with custom settings defined in the "gophish.env" file |
| custom | Contains the custom Gophish config files including the 404 page + the mod version of "phish.go" file |
| gophish.env | Contains the environment variables that override the Gophish settings on the "config.json" file + in bonus the custom recipient parameter to track user clicks |
"gophish.env" file
ADMIN_LISTEN_URL=0.0.0.0:3333
ADMIN_USE_TLS=true
ADMIN_CERT_PATH=gophish_admin.crt
ADMIN_KEY_PATH=gophish_admin.key
PHISH_LISTEN_URL=0.0.0.0:8080
#PHISH_USE_TLS=example.crt
#PHISH_CERT_PATH=example.key
[email protected]
DB_NAME=sqlite3
DB_FILE_PATH=data/gophish.db
MIGRATIONS_PREFIX=db/db_
LOG_FILENAME=log/gophish.log
LOG_LEVEL=debug
RECIPIENT_PARAMETER=appid
Start/Stop GoPhish container
./startGoPhish.sh
# OR
./stopGoPhish.sh
Get a bash shell in the container
docker exec -it gophish /bin/bash
Gophish db(data) + Logs(log)
./app/
Display Gophish container logs
docker compose logs
Gophish-Evilginx
[!NOTE] This version is a fork of the original Gophish version with Evilginx integration.
This container also runs a customized version of Gophish without any IOCs or signatures, along with a custom 404 page.
[!WARNING] For compatibility reasons, the modified version of the "phish.go" file has been removed.
Mailu
Mailu is a simple yet full-featured mail server as a set of Docker images. It is free software (both as in free beer and as in free speech), open to suggestions and external contributions. The project aims at providing people with an easily setup, easily maintained and full-featured mail server while not shipping proprietary software nor unrelated features often found in popular groupware.
Mailu Folders Description
| Name | Description |
|---|---|
| app | Contains Mailu container's data |
| app/dkim | Folder to store the Mailu DKIM key which is automatically added when using configure_mailu Ansible role |
| clean.sh | Remove all containers + images (clean install) for debugging purposes |
| docker-compose.yml | Contains the Mailu container deployment configuration settings |
| Dockerfile | Contains instructions to build a new Mailu container image |
| startMailu.sh | Bash script to automatically build and run new Mailu container using docker-compose tool |
| stopMailu.sh | Bash script to automatically stop and remove the Mailu container using docker-compose tool |
| Ansible/roles/configure_mailu/templates/mailu.env.j2 | Mailu configuration file template which is automatically populated when using configure_mailu Ansible role |
Start/Stop Mailu container
./startMailu.sh
# OR
./stopMailu.sh
Monitoring the Mailu server
docker compose logs
NextCloud
NextCloud is an open source, self-hosted file sync and content collaboration platform with real-time document editing.
This service is designed to offer a self-hosted collaboration platform and file synchronization for storing data and content during a Red Team engagement.
NextCloud Folders Description
| Name | Description |
|---|---|
| app | Contains NextCloud container's data |
| clean.sh | Remove all containers + images (clean install) for debugging purposes |
| docker-compose.yml | Contains the NextCloud container deployment configuration settings |
| Dockerfile | Contains instructions to build a new NextCloud container image |
| startNextCloud.sh | Bash script to automatically build and run new NextCloud container using docker-compose tool |
| stopNextCloud.sh | Bash script to automatically stop and remove the NextCloud container using docker-compose tool |
| nextcloud.env | Contains the environment variables for setting up the NextCloud server. |
Start/Stop NextCloud container
./startNextCloud.sh
# OR
./stopNextCloud.sh
Monitoring the NextCloud server
docker compose logs
[!TIP] The Docker/nextcloud folder contains the maintenanceDB.sh for backing up or restoring the Nextcloud database.