Skip to content

Using Docker

Jose Enrique Hernandez edited this page Oct 24, 2022 · 16 revisions

The Attack Range can also be run from a docker container. This minimizes the dependencies and packages you would otherwise have to install to build a lab environment for adversary simulation & detection engineering research.

This article describes three different scenarios to use the container.

Note: Make sure to only delete the container when your Attack Range environment has been destroyed. You would otherwise lose the terraform state files and would have to delete all the created resources manually.

Scenario 1: Docker Standalone

In the first scenario, we don't pass any settings from our host computer and execute everything from the docker container including creating a configuration file and setting up the cloud provider tokens to build a range.

[Host computer]
$ docker pull splunk/attack_range
$ docker run -it splunk/attack_range

[Docker container]
# aws configure ( or az login )
# python attack_range.py configure
# python attack_range.py build

Scenario 2: Bring your own configuration

In this scenario, we pass an existing Attack Range configuration file from the host computer to the container using docker volumes. We still need to configure the cloud provider tokens to build a range manually.

[Host computer]
$ docker pull splunk/attack_range
$ docker run -it -v ${PWD}:/attack_range/config splunk/attack_range

[Docker container]
# aws configure ( or az login )
# python attack_range.py --config config/attack_range.yml build

Scenario 3: Bring your own configuration, access tokens & SSH keys

In the last scenario, we pass a local configuration file, the existing local cloud provider tokens (Aws or Azure), and the local SSH keys using docker volumes to build a range.

[*nix host computer and AWS]
$ docker pull splunk/attack_range
$ docker run -it -v ~/.aws:/root/.aws -v ~/.ssh:/root/.ssh -v ${PWD}:/attack_range/config splunk/attack_range

[*nix host computer and Azure]
$ docker pull splunk/attack_range
$ docker run -it  -v ~/.azure:/root/.azure -v ~/.ssh:/root/.ssh -v ${PWD}:/attack_range/config splunk/attack_range

[Windows host computer and AWS]
$ docker pull splunk/attack_range
$ docker run -it -v ${HOME}\.aws:/root/.aws -v ${HOME}\.ssh:/root/.ssh -v ${PWD}:/attack_range/config splunk/attack_range

[Windows host computer and Azure]
$ docker pull splunk/attack_range
$ docker run -it -v ${HOME}\.azure:/root/.azure -v ${HOME}\.ssh:/root/.ssh -v ${PWD}:/attack_range/config splunk/attack_range

[Docker container]
# python attack_range.py --config config/attack_range.yml build