Initial commit

Author: evs-cp

Dockerfile

@@ -0,0 +1,49 @@
+# used Image is docker-specialised ubuntu
+FROM phusion/baseimage
+
+ENV GIT_APP_ID=000000
+ENV GIT_APP_SECRET=0000000
+ENV PORT=3000
+
+EXPOSE ${PORT}
+
+# Install all needed requirements
+RUN /bin/sh -c    'apt-get update && apt-get upgrade -y -o Dpkg::Options::="--force-confold"; \
+curl -sL https://deb.nodesource.com/setup_8.x | bash - ; \
+apt-get install --yes \
+mongodb \
+git \
+gcc \
+g++ \
+make;\
+apt-get install --yes \
+nodejs; \
+npm i -g yarn; \
+yarn global add typescript; \
+yarn global add pm2; \
+git clone https://github.com/samdenty/injectify.git /Injectify; \
+cd /Injectify; \
+rm -rf /var/lib/apt/lists/*; '
+
+# Autostart MongoDB
+#Initialize My_Init_Folder first
+RUN mkdir -p /etc/my_init.d
+COPY mongod_start.sh /Injectify/mongod_start.sh
+
+# Copy needed server.config.js and insert given ENV values
+COPY server.config.js /Injectify/server.config.js
+COPY env.sh /Injectify/env.sh
+
+RUN /bin/sh -c 'chmod +x /Injectify/mongod_start.sh; \
+chmod +x /Injectify/env.sh; '
+
+#RUN /bin/bash -c "sed -i 's/MY_APP_ID/${GIT_APP_ID}/g' /Injectify/server.config.js; \
+#sed -i 's/MY_APP_SECRET/${GIT_APP_SECRET}/g' /Injectify/server.config.js; \
+#sed -i 's/express: 3000,/express: ${PORT},/g' /Injectify/server.config.js; "
+
+
+# Building the finished tool
+WORKDIR /Injectify
+RUN /bin/sh -c 'cd /Injectify; yarn run install:all; '
+
+CMD /Injectify/env.sh; /Injectify/mongod_start.sh; /usr/bin/yarn run deploy > /tmp/injectify.log; tail -f /tmp/injectify.log

README.md

@@ -0,0 +1,39 @@
+# docker-injectify
+
+## Description
+This image allows to run [Injectify](https://github.com/samdenty/injectify) by samdenty localy inside of a docker container with a local database.
+
+Injectify is a web based MiTM tool, similiar to BeEF (although completely unrelated in terms of source code). It uses modern web technologies such as ReactJS, Redux, Typescript and Webpack.
+
+----------------------------------------
+
+[github.com/evait-security/docker-injectify]( https://github.com/evait-security/docker-injectify)
+
+
+# Build
+
+git clone https://github.com/evait-security/docker-injectify
+
+cd docker-injectify
+
+docker build -t injectify .
+
+# Instructions
+
+## Requirements
+
+To use Injectify properly, you first need to [register a new OAuth-Application](https://github.com/settings/applications/new) in Github. In the field ** *Authorization callback URL* ** you need to input your url **(with http)** where the finished Injectify-Website will be available , *e.g http://192.168.0.53:3000*. All other fields in the form can be choosen freely.
+
+*Note: The default port of Injectify is 3000 but can be changed at startup*
+
+## Run the container
+```bash
+docker run -d --name Injectify -e GIT_APP_ID=<your-app-id> -e GIT_APP_SECRET=<your-app-secret> evait/injectify:latest
+
+```
+
+## Advanced usage
+To change the port to listen to, you can change the *PORT*-Enviroment variable
+```bash
+docker run -d --name Injectify -p <desired-port>:<desired-port> -e PORT=<desired-port> -e GIT_APP_ID=<your-app-id> -e GIT_APP_SECRET=<your-app-secret> evait/injectify:latest
+```

env.sh

@@ -0,0 +1,4 @@
+#! /bin/bash
+sed -i 's/MY_APP_ID/'"$GIT_APP_ID"'/g' /Injectify/server.config.js
+sed -i 's/MY_APP_SECRET/'"$GIT_APP_SECRET"'/g' /Injectify/server.config.js
+sed -i 's/express: 3000,/express: '"$PORT"',/g' /Injectify/server.config.js

mongod_start.sh

@@ -0,0 +1,2 @@
+#! /bin/bash
+/usr/bin/mongod --config /etc/mongodb.conf --fork

server.config.js

@@ -0,0 +1,209 @@
+module.exports = {
+  injectify: {
+    /**
+     * WARNING: Anyone in the below array
+     * will have full access to all the projects
+     * along with the ability to execute server-side
+     * Javascript in the superuser control panel
+     *
+     * http://caius.github.io/github_id/
+     */
+    superusers: [
+      13242392 // @samdenty99
+    ],
+
+    /**
+     * Your GitHub application configuration
+     */
+    github: {
+      client_id: 'MY_APP_ID',
+      client_secret: 'MY_APP_SECRET',
+      scope: 'read:user gist'
+    },
+
+    /**
+     * MongoDB configuration
+     * Passed directly to node-mongodb-native
+     */
+    mongodb: 'mongodb://localhost:27017',
+
+    /**
+     * The port on which to host the website
+     */
+    express: 3000,
+
+    /**
+     * Make it available over the internet without port forwarding
+     */
+    localtunnel: {
+      enable: false,
+      /**
+       * Set the below variable to use a custom fixed domain
+       * Subdomains must be lowercase and between 4 and 63 alphanumeric characters.
+       *
+       * Set to false to default to random domain
+       */
+      subdomain: false
+    },
+
+    /**
+     * Enable compression - can be disabled to reduce cpu usage
+     */
+    compression: true,
+
+    /**
+     * Server-side code execution in modules
+     */
+    serverExecution: {
+      /**
+       * Commands to enable, comment out to disable them
+       */
+      enabledCommands: [
+        '_',
+        'SHELL',
+        'FUNCTION',
+        'OBJECT',
+        'NUMBER',
+        'STRING',
+        'WRITE',
+        'BOOLEAN',
+        'ARRAY',
+      ]
+    },
+
+    /**
+     * Rate limiting
+     */
+    rateLimiting: {
+      /**
+       * Injectify project API aka 'View JSON'
+       *
+       * This requires a lot of CPU to perform (database side)
+       */
+      api: {
+        windowMs: 2 * 60 * 1000,
+        max: 70,
+        delayAfter: 10,
+        delayMs: 300,
+        message: JSON.stringify({
+          success: false,
+          reason: 'Too many requests, please try again later'
+        }, null, '    ')
+      },
+      inject: {
+        /**
+         * The Inject client auth API
+         *
+         * Every time a client loads / reloads the page the
+         * auth API is called by the client from the websocket.
+         */
+        auth: {
+          windowMs: 2 * 60 * 1000,
+          max: 100,
+          headers: false, // As little as possible information should be sent to target
+          statusCode: 204, // URL will be displayed in targets console if an error code is returned
+          message: '',
+          delayAfter: 30,
+          delayMs: 100
+        },
+        /**
+         * The Inject websocket data limiter
+         *
+         * Prevents the client from flooding the server with
+         * websocket messages, this can often happen due to an
+         * infinite loop.
+         */
+        websocket: {
+          windowMs: 2 * 1000,
+          max: 30 // tokens
+        },
+        /**
+         * The amount of tokens each request should subtract,
+         * from the max value above. Defaults to 1
+         */
+        tokens: {
+          pageGhost: 0.05, // Reducing will make mouse stutter
+          logger: 0.9,
+          modules: 1,
+          clientInfo: 1,
+        }
+      }
+    },
+
+    /**
+     * Shows / hides detailed log output
+     */
+    debug: true,
+    verbose: true,
+
+    /**
+     * Whether to run the server in development mode or not
+     * If set to yes
+     *  - Website is proxied to http://localhost:8080 (Webpack dev server)
+     * If set to no
+     *  - Website is loaded from ./interface/
+     */
+    dev: process.env.NODE_ENV && process.env.NODE_ENV.toLowerCase() === 'development',
+
+    /**
+     * Discord notifications
+     */
+    discord: {
+      webhook: 'INSERT_WEBHOOK_URL',
+      /**
+       * WidgetBot discord widgets
+       *
+       * Sign up at https://widgetbot.io, invite it to your server, make
+       * sure you enable the appropriate channel and replace the below values
+       *
+       * Crate documentation: https://docs.widgetbot.io
+       */
+      widgetbot: {
+        server: '335836376031428618',
+        channel: '377173106940182529',
+        options: '0002',
+        colors: {
+          toggle: '#3F51B5'
+        },
+        position: {
+          x: 'left',
+          y: 'bottom'
+        },
+        style: 'material',
+        beta: false
+      }
+    },
+
+    /**
+     * GitHub auto-follow a user
+     */
+    follow: {
+      enable: false,
+      username: 'samdenty99'
+    }
+  },
+  /**
+   * PM2 configuration
+   */
+  apps: [{
+    // PM2 process name
+    name: 'injectify',
+    // injectify server script
+    script: './src/main.js',
+    log_date_format: 'DD/MM/YY hh:mm',
+    // enable the NodeJS debugger
+    node_args: [
+      // '--inspect-port=0.0.0.0:18999'
+    ],
+    // show color in pm2 logs
+    args: [
+      '--color'
+    ],
+    // don't autoreload the server on changes
+    watch: false,
+    // set to production
+    env: {
+      'NODE_ENV': 'production'
+    }
+  }]
+}