-
Notifications
You must be signed in to change notification settings - Fork 344
Docker
A docker image is available on the Github Container Registry. You can get it by running:
docker pull ghcr.io/sensepost/gowitness:latest
Using the docker container means you need to take into account that the gowitness binary will run in the container, but in order for you to access the database and files generated by gowitness (depending on the writers you configure), you need to mount a volume into the container to persist those.
The basic way to invoke gowitness via docker, without saving anything is:
docker run --rm ghcr.io/sensepost/gowitness gowitnessHowever, that itself is not very useful, as any output generated (db & screenshots) will get blown away when the command finishes and the container is cleaned up. Instead, we can mount in a volume to persist data. Do that with:
docker run --rm -v $(pwd):/data ghcr.io/sensepost/gowitness gowitnessThis way, the current working directory will get the data (db & screenshots) gowitness generates.
A more complete example of taking a screenshot with docker is therefore:
docker run --rm -v $(pwd):/data ghcr.io/sensepost/gowitness gowitness scan single -u https://www.google.com --write-dbThis will create a gowitness.sqlite3 database and a screenshots/ directory in the current working directory just as if the gowitness binary was invoked from your local system.
The gowitness report server by default listens on localhost on port 7171. In the docker world, this server needs to be told to listen on all interfaces, and then a mapping needs to be added to expose that port to your host. This can be done with:
docker run --rm -v $(pwd):/data -p7171:7171 ghcr.io/sensepost/gowitness gowitness report serve --host 0.0.0.0 --port 7171This command should be run in the directory where the gowitness.sqlite3 and screenshots/ file and directory lives. Of course, if you customised those in the screenshotting phase, you would need to update the paths accordingly.
If you have an nmap file or a targets list you would like to access in the container, using the volume mount to /data means the gowitness binary in the container will find your files there. For example:
docker run --rm -v $(pwd):/data -p7171:7171 ghcr.io/sensepost/gowitness gowitness scan nmap -f /data/nmap.xmlAn example docker-compose.yml file is provided here which is configured with Traefik to have authentication enabled in front of the report server. This way you could expose the server to a wider network to consume.