threatcode · khulnasoft-bot · Sep 22, 2025 · Sep 23, 2025 · Sep 23, 2025 · Sep 29, 2025
diff --git a/.DS_Store b/.DS_Store
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,5 @@
+.git
+.gitignore
+README.md
+*.md
+.DS_Store
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -0,0 +1,103 @@
+name: Publish Docker images
+
+on:
+  push:
+    tags: ['v*']
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to tag (e.g., 1.0.0)'
+        required: true
+        default: 'latest'
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/sn1per
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+            type=semver,pattern={{version}}
+            type=sha,format=long,prefix=sha-
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push Kali Linux image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }},ghcr.io/${{ github.repository_owner }}/sn1per:kali
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=ghac,mode=max
+
+      - name: Build and push BlackArch Linux image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile.blackarch
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ghcr.io/${{ github.repository_owner }}/sn1per:blackarch
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=ghac,mode=max
+
+      - name: Create and push multi-arch manifest
+        if: github.event_name != 'pull_request'
+        run: |
+          docker pull ghcr.io/${{ github.repository_owner }}/sn1per:kali
+          docker pull ghcr.io/${{ github.repository_owner }}/sn1per:blackarch
+
+          docker manifest create ghcr.io/${{ github.repository_owner }}/sn1per:latest \
+            --amend ghcr.io/${{ github.repository_owner }}/sn1per:kali \
+            --amend ghcr.io/${{ github.repository_owner }}/sn1per:blackarch
+
+          docker manifest push ghcr.io/${{ github.repository_owner }}/sn1per:latest
+
+      - name: Update README with image details
+        run: |
+          # This is a simplified version that just logs the image details
+          # You can expand this to update the README.md file directly if needed
+          echo "Docker images have been successfully built and pushed to:"
+          echo "- ghcr.io/${{ github.repository_owner }}/sn1per:latest"
+          echo "- ghcr.io/${{ github.repository_owner }}/sn1per:kali"
+          echo "- ghcr.io/${{ github.repository_owner }}/sn1per:blackarch"
+
+          # Uncomment and modify the following to update README.md directly
+          # echo "\n## Docker\n\n### Pull the latest image\n\n```bash\ndocker pull ghcr.io/${{ github.repository_owner }}/sn1per:latest\n```\n" > README.docker.md
+          # cat README.md | sed "/## Docker/,/## /{/## /!d;}" | sed "/## Docker/r README.docker.md" > README.new.md
+          # mv README.new.md README.md
+          # rm README.docker.md
+          # 
+          # git config --global user.name 'GitHub Actions'
+          # git config --global user.email 'actions@github.com'
+          # git add README.md
+          # git commit -m "docs: Update Docker image references" || echo "No changes to commit"
+          # git push
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.DS_Store
diff --git a/Dockerfile b/Dockerfile
@@ -1,34 +1,94 @@
+# Build stage for reducing final image size
+FROM docker.io/kalilinux/kali-rolling:latest as builder
+
+# Set environment variables
+ENV DEBIAN_FRONTEND=noninteractive \
+    LANG=C.UTF-8 \
+    LC_ALL=C.UTF-8
+
+# Install build dependencies
+RUN set -x && \
+    echo 'deb http://http.kali.org/kali kali-rolling main contrib non-free' > /etc/apt/sources.list && \
+    echo 'deb-src http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list && \
+    apt-get update -yqq && \
+    apt-get install -yqq --no-install-recommends \
+        git \
+        ca-certificates \
+        curl \
+        gnupg \
+        && rm -rf /var/lib/apt/lists/*
+
+# Final stage
 FROM docker.io/kalilinux/kali-rolling:latest
 
-LABEL org.label-schema.name='Sn1per - Kali Linux' \
-    org.label-schema.description='Automated pentest framework for offensive security experts' \
-    org.label-schema.usage='https://github.com/1N3/Sn1per' \
-    org.label-schema.url='https://github.com/1N3/Sn1per' \
-    org.label-schema.vendor='https://sn1persecurity.com' \
-    org.label-schema.schema-version='1.0' \
-    org.label-schema.docker.cmd.devel='docker run --rm -ti xer0dayz/sniper' \
-    MAINTAINER="@xer0dayz"
-
-RUN echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" > /etc/apt/sources.list && \
-    echo "deb-src http://http.kali.org/kali kali-rolling main contrib non-free" >> /etc/apt/sources.list
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN set -x \
-        && apt -yqq update \
-        && apt -yqq full-upgrade \
-        && apt clean
-RUN apt install --yes metasploit-framework
-
-RUN sed -i 's/systemctl status ${PG_SERVICE}/service ${PG_SERVICE} status/g' /usr/bin/msfdb && \
-    service postgresql start && \
-    msfdb reinit
-
-WORKDIR /usr/src/app
-
-RUN apt --yes install git bash
-RUN git clone https://github.com/1N3/Sn1per.git \
-    && cd Sn1per \
-    && ./install.sh \
-    && sniper -u force
-
-CMD ["sniper"]
+# Set metadata
+LABEL org.opencontainers.image.title='Sn1per - Kali Linux' \
+    org.opencontainers.image.description='Automated pentest framework for offensive security experts' \
+    org.opencontainers.image.documentation='https://github.com/threatcode/Sn1per' \
+    org.opencontainers.image.source='https://github.com/threatcode/Sn1per' \
+    org.opencontainers.image.url='https://github.com/threatcode/Sn1per' \
+    org.opencontainers.image.vendor='Sn1per Security' \
+    org.opencontainers.image.licenses='GPL-3.0' \
+    org.opencontainers.image.authors='@xer0dayz' \
+    org.opencontainers.image.version='latest' \
+    maintainer="@xer0dayz"
+
+# Set environment variables
+ENV DEBIAN_FRONTEND=noninteractive \
+    LANG=C.UTF-8 \
+    LC_ALL=C.UTF-8 \
+    HOME=/home/sniper \
+    PATH="${HOME}/.local/bin:${PATH}"
+
+# Create non-root user and set up working directory
+RUN set -x && \
+    groupadd -r sniper && \
+    useradd -r -g sniper -d ${HOME} -s /bin/bash sniper && \
+    mkdir -p ${HOME} && \
+    chown -R sniper:sniper ${HOME}
+
+# Install system dependencies
+RUN set -x && \
+    echo 'deb http://http.kali.org/kali kali-rolling main contrib non-free' > /etc/apt/sources.list && \
+    echo 'deb-src http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list && \
+    apt-get update -yqq && \
+    apt-get install -yqq --no-install-recommends \
+        git \
+        bash \
+        python3 \
+        python3-pip \
+        python3-setuptools \
+        metasploit-framework \
+        postgresql \
+        postgresql-client \
+        && rm -rf /var/lib/apt/lists/*
+
+# Configure PostgreSQL for Metasploit
+RUN set -x && \
+    mkdir -p /var/run/postgresql && \
+    chown -R postgres:postgres /var/run/postgresql && \
+    chmod 2777 /var/run/postgresql && \
+    sed -i 's/systemctl status ${PG_SERVICE}/service ${PG_SERVICE} status/g' /usr/bin/msfdb
+
+# Switch to non-root user
+USER sniper
+WORKDIR ${HOME}
+
+# Clone and install Sn1per
+RUN set -x && \
+    git clone --depth 1 https://github.com/threatcode/Sn1per.git ${HOME}/Sn1per && \
+    cd ${HOME}/Sn1per && \
+    chmod +x install.sh && \
+    ./install.sh && \
+    sniper -u force
+
+# Set up volumes for persistent data
+VOLUME ["${HOME}/.msf4", "${HOME}/.sniper"]
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD sniper --version || exit 1
+
+# Default command
+ENTRYPOINT ["sniper"]
+CMD ["--help"]
diff --git a/Dockerfile.blackarch b/Dockerfile.blackarch
@@ -1,9 +1,69 @@
-FROM docker.io/blackarchlinux/blackarch:latest
+# Build stage for reducing final image size
+FROM docker.io/blackarchlinux/blackarch:latest as builder
 
-# Upgrade system
-RUN pacman -Syu --noconfirm
+# Install build dependencies
+RUN pacman -Syu --noconfirm --needed \
+    git \
+    base-devel \
+    && pacman -Scc --noconfirm
 
-# Install sn1per from official repository
-RUN pacman -Sy sn1per --noconfirm
+# Final stage
+FROM ghcr.io/blackarchlinux/blackarch:latest
 
-CMD ["sn1per"]
+# Set metadata
+LABEL org.opencontainers.image.title='Sn1per - BlackArch Linux' \
+    org.opencontainers.image.description='Automated pentest framework for offensive security experts' \
+    org.opencontainers.image.documentation='https://github.com/threatcode/Sn1per' \
+    org.opencontainers.image.source='https://github.com/threatcode/Sn1per' \
+    org.opencontainers.image.url='https://github.com/threatcode/Sn1per' \
+    org.opencontainers.image.vendor='Sn1per Security' \
+    org.opencontainers.image.licenses='GPL-3.0' \
+    org.opencontainers.image.authors='@xer0dayz' \
+    org.opencontainers.image.version='latest' \
+    maintainer="@xer0dayz"
+
+# Set environment variables
+ENV LANG=C.UTF-8 \
+    LC_ALL=C.UTF-8 \
+    HOME=/home/sniper
+
+# Create non-root user and set up working directory
+RUN set -x && \
+    groupadd -r sniper && \
+    useradd -r -g sniper -d ${HOME} -s /bin/bash sniper && \
+    mkdir -p ${HOME} && \
+    chown -R sniper:sniper ${HOME}
+
+# Install Sn1per and clean up in a single layer
+RUN set -x && \
+    pacman -Syu --noconfirm --needed \
+        sn1per \
+        python \
+        python-pip \
+        postgresql \
+        postgresql-libs \
+    && pacman -Scc --noconfirm
+
+# Configure PostgreSQL for Metasploit
+RUN set -x && \
+    mkdir -p /var/run/postgresql && \
+    chown -R postgres:postgres /var/run/postgresql && \
+    chmod 2777 /var/run/postgresql && \
+    if [ -f /usr/bin/msfdb ]; then \
+        sed -i 's/systemctl status ${PG_SERVICE}/pg_ctl status -D ${PGDATA}/g' /usr/bin/msfdb; \
+    fi
+
+# Switch to non-root user
+USER sniper
+WORKDIR ${HOME}
+
+# Set up volumes for persistent data
+VOLUME ["${HOME}/.msf4", "${HOME}/.sniper"]
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD sn1per --version || exit 1
+
+# Default command
+ENTRYPOINT ["sn1per"]
+CMD ["--help"]