Updated Docker documentation. Added Makefile for Docker image building.

jtesta · jtesta · commit baaa3e752fb1 · 2021-06-08T23:53:51.000-04:00
diff --git a/Makefile.docker b/Makefile.docker
@@ -0,0 +1,19 @@
+VERSION = $(shell grep SSH_MITM_VERSION *.patch | grep -E -o "\"(.*)\"" | head -1 | tr -d "\"")
+ifeq ($(VERSION),)
+  $(error "could not determine version!")
+endif
+
+FORWARDING_ENABLED = $(shell sysctl net.ipv4.ip_forward | grep -E -o "net.ipv4.ip_forward = 1")
+ifeq ($(FORWARDING_ENABLED),)
+  $(warning "IP forwarding is not enabled.  Building the image may fail.  Fix with: sysctl net.ipv4.ip_forward=1")
+endif
+
+all:
+	@echo "\nBuilding Docker image for SSH-MITM ${VERSION}\n"
+	docker build -t positronsecurity/ssh-mitm:${VERSION} .
+	docker tag positronsecurity/ssh-mitm:${VERSION} positronsecurity/ssh-mitm:latest
+
+upload:
+	docker login
+	docker push positronsecurity/ssh-mitm:${VERSION}
+	docker push positronsecurity/ssh-mitm:latest
diff --git a/README.md b/README.md
@@ -22,12 +22,28 @@ Of course, the victim's SSH client will complain that the server's key has chang
 * v1.0: May 16, 2017: Initial revision.
 
 
-## To Do
+## Running The Docker Image
 
-The following list tracks areas to improve:
+The quickest & easiest way to get started is to use the Docker image with SSH MITM pre-built.
 
-* Add port forwarding support.
-* Create wrapper script that detects when user is trying to use key authentication only, and de-spoof them automatically.
+1.) Obtain the image from Dockerhub with:
+
+    $ docker pull positronsecurity/ssh-mitm
+
+2.) Next, run the container with:
+
+    $ mkdir -p ${PWD}/ssh_mitm_logs && docker run --network=host -it --rm -v ${PWD}/ssh_mitm_logs:/home/ssh-mitm/log positronsecurity/ssh-mitm
+
+3.) Enable IP forwarding and NATing routes on your host machine:
+
+    # echo 1 > /proc/sys/net/ipv4/ip_forward
+    # iptables -P FORWARD ACCEPT
+    # iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
+    # iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2222
+
+4.) Find targets on the LAN, and ARP spoof them (see below).
+
+5.) Shell and SFTP sessions will be logged in the `ssh_mitm_logs` directory.
 
 
 ## Initial Setup
