feat: build for release

artis3n · Mar 15, 2020 · 7e51b91 · 7e51b91
1 parent e9485be
commit 7e51b91
Show file tree

Hide file tree

Showing 7 changed files with 78 additions and 15 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
-FROM kalilinux/kali-rolling:latest
+FROM kalilinux/kali-rolling:latest AS base
 LABEL maintainer="Artis3n <dev@artis3nal.com>"
 
-ENV TERM=xterm
+ARG DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get update \
     && apt-get install -y --no-install-recommends amass awscli curl \
@@ -20,6 +20,7 @@ RUN apt-get update \
     # Remove apt-get cache from the layer to reduce container size
     && rm -rf /var/lib/apt/lists/*
 
+# Initialize Metasploit database
 RUN service postgresql start && msfdb init
 
 # Install and configure AutoRecon
@@ -29,19 +30,22 @@ RUN mkdir /tools \
     && pip3 install -r requirements.txt \
     && ln -s /tools/AutoRecon/autorecon.py /usr/local/bin/autorecon
 
+ENV TERM=xterm
+
+# Need to start postgresql any time the container comes up
+# systemctl enable postgresql doesn't seem to take effect
+# I blame systemd, but this works at least
+CMD service postgresql start && /bin/bash
+
+FROM base AS wordlists
+
 # Install Seclists
 RUN mkdir -p /usr/share/seclists \
-    # This clone takes a million years.
-    # The apt-get install seclists command doesn't work from the Dockerfile, however.
+    # The apt-get install seclists command isn't installing the wordlists, so clone the repo.
     && git clone --depth 1 https://github.com/danielmiessler/SecLists.git /usr/share/seclists
 
 # Prepare rockyou wordlist
 RUN mkdir -p /usr/share/wordlists \
     && cp /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt.tar.gz /usr/share/wordlists/ \
     && cd /usr/share/wordlists \
     && tar -xzf rockyou.txt.tar.gz
-
-# Need to start postgresql any time the container comes up
-# systemctl enable postgresql doesn't seem to take effect
-# I blame systemd, but this works at least
-CMD service postgresql start && /bin/bash
diff --git a/Makefile b/Makefile
@@ -1,9 +1,35 @@
 #!/usr/bin/make
+SHELL=/bin/bash
+
+.PHONY: all
+all: install build
 
 .PHONY: install
 install:
-	if [ ! -f /usr/local/bin/dive ]; then wget https://github.com/wagoodman/dive/releases/download/v0.9.2/dive_0.9.2_linux_amd64.deb && sudo apt install ./dive_0.9.2_linux_amd64.deb && rm dive*.deb; else echo "Dive installed, taking no action"; fi;
+	if [ ! -f /usr/local/bin/dive ]; then scripts/install-dive.sh; else echo "Dive installed, taking no action"; fi;
+
+.PHONY: size-base
+size-base:
+	dive build --no-cache --target base -t test/kali .
+
+.PHONY: size-wordlists
+size-wordlists:
+	dive build --no-cache --target wordlists -t test/kali .
 
 .PHONY: size
 size:
 	dive build --no-cache -t test/kali .
+
+.PHONY: build
+build: build-all
+
+.PHONY: build-all
+build-all: build-base build-full
+
+.PHONY: build-base
+build-base:
+	docker build --target base -t test/kali:base .
+
+.PHONY: build-full
+build-full:
+	docker build --target wordlists -t test/kali:full .
diff --git a/README.md b/README.md
@@ -5,25 +5,46 @@ A kalilinux/kali-rolling container with extra juice.
 [![GitHub Workflow Status](https://img.shields.io/github/workflow/status/artis3n/kali-artis3n/Docker%20Image%20CI)](https://github.com/artis3n/kali-artis3n/actions)
 [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/artis3n/kali-artis3n)](https://github.com/artis3n/kali-artis3n/releases)
 [![Docker Pulls](https://img.shields.io/docker/pulls/artis3n/kali)](https://hub.docker.com/r/artis3n/kali)
-![Docker Image Size (tag)](https://img.shields.io/docker/image-size/artis3n/kali/latest)
+![Docker Image Size (tag)](https://img.shields.io/docker/image-size/artis3n/kali/latest?label=Full%20image%2C%20compressed)
+![Docker Image Size (tag)](https://img.shields.io/docker/image-size/artis3n/kali/latest-no-wordlists?label=No%20wordlists%2C%20compressed)
 ![GitHub last commit](https://img.shields.io/github/last-commit/artis3n/kali-artis3n)
 ![GitHub](https://img.shields.io/github/license/artis3n/kali-artis3n)
 [![GitHub followers](https://img.shields.io/github/followers/artis3n?style=social)](https://github.com/artis3n/)
 [![Twitter Follow](https://img.shields.io/twitter/follow/artis3n?style=social)](https://twitter.com/Artis3n)
 
 The [kalilinux/kali-rolling](https://www.kali.org/docs/containers/official-kalilinux-docker-images/) container comes with no pre-installed services.
 It is meant to be lightweight and clocks in around 118 MB.
-This container, uncompressed, is around 3.5 GB.
+You must configure every service and tool you need from that base image.
+
+This container, uncompressed, is around 3.5 GB (or 2.0 GB without wordlists).
 It installs and pre-configures a number of frequently uses Kali tools.
 It is meant to allow you to quickly get up and running with a Kali environment on an ephemeral host.
 Don't spend time configuring and tweaking - pull, run, execute, pwn.
 
+## Wordlists
+
 A premium is placed on keeping this image as small as is reasonable given its intended purpose.
-For example, `searchploit` is installed in this image but `searchsploit -u` is not run to install exploitdb-papers because this increases the image size by 6GB increase.
-However, `seclists` is installed even though it increases the build image by 1.6 GB because those wordlist files are commonly used.
+For example, `searchploit` is installed in this image but `searchsploit -u` is not run to install exploitdb-papers because this increases the image size by 6GB.
+
+Seclists and Rockyou are pre-installed by default in the `latest` and semver tags, e.g. `1`, `1.2`, `1.2.0`. This increases the image size by 1.5 GB. Therefore, if you do not need wordlists, you can use the `<tagname>-no-wordlists` tag. For example:
+
+```bash
+docker pull artis3n/kali:latest-no-wordlists
+```
+
+Currently, only `latest` is built without wordlists, as `latest-no-wordlists`. The semver tags (e.g. `1`, `1.2`, `1.2.0`) are built with wordlists.
+
+## Image efficiency (Dive)
+
 Efficiency of the build image is checked with [dive](https://github.com/wagoodman/dive):
 
-![Dive image efficiency](resources/dive-efficiency.png)
+With wordlists:
+
+![Dive image with wordlists efficiency](resources/dive-efficiency-wordlists.png)
+
+Without wordlists:
+
+![Dive image without wordlists efficiency](resources/dive-efficiency-base.png)
 
 <small>Last checked: 2020-03-15</small>
 
@@ -40,8 +61,10 @@ Download the image:
 
 ```bash
 docker pull artis3n/kali:latest
+docker pull artis3n/kali:latest-no-wordlists
 # or
 docker pull docker.pkg.github.com/artis3n/kali-artis3n/kali:latest
+docker pull docker.pkg.github.com/artis3n/kali-artis3n/kali:latest-no-wordlists
 ```
 
 Run the container:
@@ -124,3 +147,7 @@ A pull request is also welcome.
 
 For any new tools, you must add validation tests to `.github/workflows/ci.yml`. Use the existing tests as a baseline.
 These tests ensure the tools are installed and pre-configured correctly.
+
+### Recognition
+
+Thanks @anitgandhi for help optimizing the Dockerfile and build images.
diff --git a/resources/dive-efficiency-base.png b/resources/dive-efficiency-base.png
diff --git a/resources/dive-efficiency-wordlists.png b/resources/dive-efficiency-wordlists.png
diff --git a/resources/dive-efficiency.png b/resources/dive-efficiency.png
diff --git a/scripts/install-dive.sh b/scripts/install-dive.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -e
+
+wget https://github.com/wagoodman/dive/releases/download/v0.9.2/dive_0.9.2_linux_amd64.deb
+sudo apt install ./dive_0.9.2_linux_amd64.deb
+rm dive*.deb