Address
304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

VulnReport Docker Container – DIY Pentest Reporting

I (not so) recently setup a VulnReport Docker container in my lab, and I wanted to share the process.

VulnReport Docker – Introduction

If you have never used it before, VulnReport is an, “Open-source pentesting management and automation platform by Salesforce Product Security”.

I’ve pushed to use this at work as a vulnerability management and reporting platform. It makes life a bit easier on the reporting end, and allows for things like finding templates and report generation.

For more information, you can always visit the GitHub repository.

Prerequisites

First, I setup a new Ubuntu server VM.

VulnReport Docker - Ubuntu Setup

I went through the install using default settings for the most part, and finished the process.

VulnReport Docker - Install Complete

Next, when that was complete, I updated all the already installed packages.

VulnReport Docker - Apt Update and Upgrade

I also updated my distribution, since the ISO that I was using was only on 16.04.

When that finished, I installed Docker.

The Digital Ocean tutorial made it super easy, and I had Docker up and running fairly quickly.

VulnReport Docker - Docker Status

VulnReport Docker – Installation

With my system and Docker installed, it was time to create the VulnReport container.

First, I pulled down the existing container. I know that this one is a bit old, but it makes life easier than creating one of my own for now.

VulnReport Docker - Container Pull

Next, I ran the container, making sure to add the -t flag for a TTY.

VulnReport Docker - Container Run

I was then able to interact with my newly configured container.

VulnReport Docker - Docker Interact

Inside of the new container, I started up all the requisite services.

sudo /etc/init.d/redis-server start
service postgresql start

Next, I ran the SEED script, to handle the first configuration. When that was complete, I was able to run nohup start.sh, and start the service!

VulnReport Docker - Start

Verification

With my service running, it was time to verify that the install was successful.

When I visited the IP of my virtual machine, I saw a VulnReport login page.

VulnReport Docker - Login

Using the default credentials of admin/admin, I was able to successfully login to the dashboard!

VulnReport Docker - Dashboard

VulnReport Docker – Conclusion

While this post only covers the basic installation of VulnReport, I think it is useful to have in a lab environment.

We are not using this on my team at work, but we are moving towards this solution. That said, I’m hoping to use this setup for mock reports as well as various interviews/certifications/etc.

If you have any configuration tweaks or suggestions, or even another platform to check out, then please let me know!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.