HowTo: Running the Metasploit-Framework with Docker Compose

The Metasploit-Framework project on Github ships with a docker-compose file for use with Docker Compose. I love this feature, because you can run your favorite flavor/configuration of Linux (i.e. you are not forced to use Kali) and because you don't have to have this Ruby/RVM configuration that seems to break all too often.


Assuming you have Docker and Docker Compose installed, then the compose file that ships with Metasploit, will work right out of the box as long as you provide a valid mapping to a local .msf4 file. As I run Linux, this just simply means running:

touch ~/.msf4

Now from your Metasploit-framework cloned directory, simply run:

docker-compose up -d

This command will cause docker-compose to build your services as defined and it will also put these services in daemon mode. Now run:

docker-compose run -p 8880:8880 ms

NOTE: I'm running -p to "publish" port 8880 to the host. This step is necessary for any ports you might want to listen on.

If all goes according to plan, you should be in your MSFconsole prompt and ready for pwnage.


You can also run the other MSF utilities by specifying the name of the utility behind your service:

docker-compose run ms ./msfvenom [options]

Remember you have the .MSF4 directory mapped, so you should be able to export any needed data.

Now some may argue that it's worth running Ruby locally and not having to worry about all of this quirky syntax, to which I say, go for it.

Beware the JabberWock, my son!


Show Comments