bin/podman-cloud: add Pacu (AWS exploitation framework)

It is useful to have it directly available in the container.
fishilico · May 4, 2024 · b57b879 · b57b879
1 parent d56fba1
commit b57b879
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/bin/podman-cloud b/bin/podman-cloud
@@ -49,6 +49,8 @@
 #   - to get IAM policy for a project: gcloud projects get-iam-policy $PROJECT_ID
 #   - to list Compute instances: gcloud compute instances list
 #   - to get SSH config: gcloud compute config-ssh
+#
+# - Pacu (AWS exploitation framework) https://github.com/RhinoSecurityLabs/pacu
 
 set -e
 
@@ -77,6 +79,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
         mandoc \
         openssh-client \
         python3 \
+        python3-pip \
         python-is-python3 \
         unzip \
         vim && \
@@ -95,7 +98,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip && \
     unzip -q awscliv2.zip && \
     ./aws/install --bin-dir /usr/bin && \
-    rm -r awscliv2.zip aws
+    rm -r awscliv2.zip aws && \
+    pip3 install --break-system-packages pacu
 EOF
 }
 
@@ -171,6 +175,7 @@ SECCOMP_PROFILE='
                 "clone",
                 "clone3",
                 "close",
+                "close_range",
                 "connect",
                 "dup",
                 "dup2",
@@ -211,6 +216,7 @@ SECCOMP_PROFILE='
                 "getresgid",
                 "getresuid",
                 "getrlimit",
+                "getrusage",
                 "getsockname",
                 "getsockopt",
                 "gettid",
@@ -220,6 +226,7 @@ SECCOMP_PROFILE='
                 "lchown",
                 "lgetxattr",
                 "link",
+                "listxattr",
                 "lseek",
                 "lstat",
                 "madvise",
@@ -254,6 +261,7 @@ SECCOMP_PROFILE='
                 "rt_sigtimedwait",
                 "sched_getaffinity",
                 "sched_yield",
+                "sendfile",
                 "sendmmsg",
                 "sendmsg",
                 "sendto",
@@ -272,6 +280,7 @@ SECCOMP_PROFILE='
                 "statfs",
                 "statx",
                 "symlink",
+                "symlinkat",
                 "sync_file_range",
                 "sysinfo",
                 "tgkill",