##0x01 引子


0x02 简介




  • RedCloud.py:使用Docker和Portainer启动/停止Web界面和应用模板
  • Portainer:Portainer Web界面
  • traefik:Traefik反向代理容器到Web界面,api和文件容器
  • templates :http.server提供基础设施的python3 容器
  • cert_gen:生成SSL证书的omgwtfssl容器。



0x03 环境信息

Centos 7




  1. 下载拉取RedCloud存储库
git clone https://github.com/khast3x/Redcloud.git
  1. 启动 redcloud.py



  • 在本地机器部署RedCloud
  • 通过SSH远程部署RedCloud
  • 远程部署Docker RedCloud
  • 停止本地应用或者docker机器
  • 停止远程部署
  • 列出所有可用的模板


[>] Metasploit - Nightly : Official bare Metasploit Alpine build. Includes beta features from dev branch.

[>] Metasploit - Stable + Postgresql : Debian Metasploit build with Postgres and additional helper scripts

[>] Empire : Pure Python & PowerShell post-exploitation

[>] Sn1per : Automated pentest framework for offensive security experts

[>] Metasploithelper : MetasploitHelper is meant to assist penetration testers in network penetration tests. Comes with everything installed

[>] Pentest-tools : Ubuntu build with: searchsploit, sqlmap, nmap, nikto, dnsutils, sn1per, knock, sqliv, pasko, uniscan, wpscan, ncrack, wfuzz, sublist3r, massdns

[>] Kali - Bare : Official Kali container. Install desired metapackages

[>] Kali - Full : Non-Official Kali container with kali-linux-full metapackage installed, built every night

[>] Tor Socks Proxy : The smallest (15 MB) docker image with Tor and Privoxy on Alpine Linux

[>] Multi Tor Socks Proxy : A multi TOR (x10) + privoxy socks proxy instances load-balancer

[>] GoPhish : Open-Source Phishing Toolkit

[>] gscript : Framework to rapidly implement custom droppers for all three major operating systems

[>] Spiderfoot : SpiderFoot automates OSINT to find out everything possible about your target.

[>] ZAP Proxy WebSwing : Official in-browser version of ZAP.

[>] Ubuntu Web VNC : Docker container images with VNC and http NoVNC

[>] Kali Web noVNC + LXDE : Kali Docker container with minimal LXDE

[>] Lockdoor Framework : Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

[>] DVWA : Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable

[>] JuiceShop : OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws.

[>] Vulnerable Wordpress : Vulnerable WordPress Installation

[>] Vulnerable Shellshock : Vulnerable Shellshock Installation - CVE-2014-6271

[>] Vulnerable SambaCry : Vulnerable Samba Installation - CVE-2017-7494

[>] OWASP Mutillidae II : Docker container for OWASP Mutillidae II Web Pen-Test Practice Application

[>] Network Utilities : A lightweight docker container with a set of networking tools<br>Use /bin/sh

[>] SoftEtherVPN : A simple SoftEther VPN server

[>] Cowrie Honeypot : SSH Honeypot that logs authentication attempts and interactions

[>] Endlessh tarpit : SSH tarpit that slowly sends an endless banner

[>] Beagle : Incident response and digital forensics tool which transforms data sources and logs into graphs. Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs and Raw Windows memory images.

[>] Nginx : High performance web server

[>] Httpd : Open-source HTTP server

[>] Caddy : HTTP/2 web server with automatic HTTPS

[>] MySQL : The most popular open-source database

[>] PostgreSQL : The most advanced open-source database

[>] Elasticsearch : Open-source search and analytics engine

[>] Gitlab CE : Open-source end-to-end software development platform

[>] Minio : A distributed object storage server built for cloud applications and devops

[>] Solr : Open-source enterprise search platform

[>] Joomla : Another free and open-source CMS

[>] Drupal : Open-source content management framework

[>] Odoo : Open-source business apps

[>] Urbackup : Open-source network backup

[>] Portainer Agent : Manage all the resources in your Swarm cluster

[>] Wordpress : Wordpress setup with a MySQL database

0x05 安装成功