Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
I (not so) recently setup a VulnReport Docker container in my lab, and I wanted to share the process.
VulnReport Docker – Introduction
If you have never used it before, VulnReport is an, “Open-source pentesting management and automation platform by Salesforce Product Security”.
I’ve pushed to use this at work as a vulnerability management and reporting platform. It makes life a bit easier on the reporting end, and allows for things like finding templates and report generation.
For more information, you can always visit the GitHub repository.
Prerequisites
First, I setup a new Ubuntu server VM.
I went through the install using default settings for the most part, and finished the process.
Next, when that was complete, I updated all the already installed packages.
I also updated my distribution, since the ISO that I was using was only on 16.04.
When that finished, I installed Docker.
The Digital Ocean tutorial made it super easy, and I had Docker up and running fairly quickly.
VulnReport Docker – Installation
With my system and Docker installed, it was time to create the VulnReport container.
First, I pulled down the existing container. I know that this one is a bit old, but it makes life easier than creating one of my own for now.
Next, I ran the container, making sure to add the -t flag for a TTY.
I was then able to interact with my newly configured container.
Inside of the new container, I started up all the requisite services.
sudo /etc/init.d/redis-server start service postgresql start
Next, I ran the SEED script, to handle the first configuration. When that was complete, I was able to run nohup start.sh, and start the service!
Verification
With my service running, it was time to verify that the install was successful.
When I visited the IP of my virtual machine, I saw a VulnReport login page.
Using the default credentials of admin/admin, I was able to successfully login to the dashboard!
VulnReport Docker – Conclusion
While this post only covers the basic installation of VulnReport, I think it is useful to have in a lab environment.
We are not using this on my team at work, but we are moving towards this solution. That said, I’m hoping to use this setup for mock reports as well as various interviews/certifications/etc.
If you have any configuration tweaks or suggestions, or even another platform to check out, then please let me know!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.
