Docker Penetration Testing Cheat Sheet (Full Guide)
Learn how to use Docker like a real hacker — without docker-compose. Build, manage, and save your own full hacking environment with total control.
“Hackers don’t just run containers. They weaponize them.”
1. Install Docker
1
2
3
4
5
sudo apt update
sudo apt install docker.io -y
sudo usermod -aG docker $USER
sudo systemctl start docker
sudo systemctl enable docker
Test it:
1
2
docker version
docker run hello-world
You may need to reboot for the user group to take effect.
2. Run a Kali Linux Container
1
docker pull kalilinux/kali-rolling
Interactive session with full power:
1
docker run -it --net=host --privileged --name kali_lab kalilinux/kali-rolling /bin/bash
Flags Breakdown
--net=host: Container shares host’s network (needed for tools like Bettercap, Nmap, etc.)--privileged: Grants access to host devices likewlan0--name: Set a name for easier container management
This is your hacker lab. Full access. No compromises.
3. Install Tools Inside the Container
Once inside Kali:
1
apt update && apt install -y metasploit-framework nmap bettercap net-tools netexec john hashcat sqlmap feroxbuster seclists exploitdb git python3-pip
Add anything else you need. It’s your custom lab.
4. Managing Docker Containers
| Action | Command |
|---|---|
| List running | docker ps |
| List all | docker ps -a |
| Start container | docker start kali_lab |
| Attach + Output | docker start -ai kali_lab |
| Exec new shell | docker exec -it kali_lab /bin/bash |
| Stop container | docker stop kali_lab |
| Remove container | docker rm kali_lab |
| Remove image | docker rmi kalilinux/kali-rolling |
Why docker start -ai?
This command starts the container and immediately attaches to its interactive output — meaning you land directly inside it like when you ran it the first time.
Think of it like “reviving your lab exactly where you left off.”
5. Saving Your Hacking Environment
By default, changes stay in the container. But if you delete it, they’re gone.
To save your work permanently:
1
docker commit kali_lab mykali/hacked
Export for backup:
1
docker save mykali/hacked -o mykali_backup.tar
Later, restore it:
1
docker load -i mykali_backup.tar
Always commit after major installs or configuration changes.
6. Networking for Hackers
If you used --net=host:
- Tools like
nmap,bettercap, andtcpdumpwork like on your host. - Wireless interfaces, raw packets, MITM tools — all functional.
If you don’t, you’re isolated on a virtual bridge and must expose ports manually with -p.
For real-world testing, use
--net=host. For isolated labs, bridges are fine.
7. Useful One-Liners for Practice Labs
1
2
3
4
5
docker run -it --rm vulnerables/web-dvwa
docker pull tleemcjr/metasploitable2
docker run -it tleemcjr/metasploitable2
docker run -d -p 3000:3000 bkimminich/juice-shop
docker search vuln
These are perfect for training and testing in your containerized lab.
8. Hacker Tips & Best Practices
- Use
--privilegedwhen doing hardware or packet-level work - Use
--net=hostto avoid painful port mapping issues - Use
docker commitafter setup, tool installs, or tweaks - Use
docker save/loadto back up and move environments - Avoid bloating your host — keep the dirty work in the container
Treat your container like a disposable VM with snapshot superpowers.
Quick Summary Table
| Action | Command |
|---|---|
| Run Kali | docker run -it --net=host --privileged --name kali_lab kalilinux/kali-rolling /bin/bash |
| Save Progress | docker commit kali_lab mykali/hacked |
| Backup Image | docker save mykali/hacked -o mykali_backup.tar |
| Restore Image | docker load -i mykali_backup.tar |
| Attach with Output | docker start -ai kali_lab |
| Exec Shell | docker exec -it kali_lab /bin/bash |
| Stop Container | docker stop kali_lab |
| Start Container | docker start kali_lab |
Final Word
Keep it dockerized. Keep it hacked.