Dockerfile & Trickest YAML Configuration
In this section, we will guide you through the main principles of creating and building Dockerfiles that can be integrated into the Trickest platform.
Each tool will typically consist of files organized in a specific structure to ensure compatibility with Trickest's system.
Tool File Structure Overview
tool-name
├── Dockerfile
├── trickest.yaml
└── run.sh (optional, only if needed)
Dockerfile
This is the file that will be used to generate the Docker image of the tool. If you are unfamiliar with the Docker and its concepts, you can learn more on this link.
To create efficient and light Docker images, follow best practices. But do keep in mind that although having small (in size) images (which means faster startup time) is essential, it is even more critical to have stable images. It's all about finding a compromise here, but pick stability if you have to choose.
Downloading the tool
Use one of the methods listed in versioning conventions to download a specific version of the tool into the docker image.
Example Dockerfile
FROM golang:1.17.3-alpine AS build-env
RUN apk add --no-cache git
RUN go install -v github.com/author/tool-name@latest
FROM alpine:3.15.0
RUN apk -U upgrade --no-cache \
&& apk add --no-cache bind-tools ca-certificates
COPY --from=build-env /go/bin/tool-name /usr/local/bin/
ENTRYPOINT ["tool-name"]
run.sh
If the tool you use only supports stdin as an input, check out Parameterizing stdin/stdout where you will learn how to create run.sh and configure the tool to be compatible with Trickest platform.
It is important to remember to copy run.sh it to your Docker image and configure it as the image ENTRYPOINT
ADD run.sh /app/
RUN chmod +x /app/run.sh
RUN apk add bash
ENTRYPOINT ["/app/run.sh"]
Input/output folders
You need to create two folders: /hive/in and /hive/out in the final image. These will be used by the platform to store and manage the tool's input/output.
RUN mkdir -p /hive/in /hive/out
Tips for better docker images
Compiled languages (e.g. golang)
- Use multi-stage builds to reduce the final image size
- Use
-alpineimages when possible
Python
- You should almost always use
python:<version>-slim. This is a variant that has less packages installed, resulting in a smaller image. - If you run into any problems with
-slim, the official image should be your second choice. - Try to stay away from
alpine, because it might cause some unexpected issues.
Tagging
Remeber to always tag your images properly according to the versioning guide.
trickest.yaml Configuration File
The trickest.yaml file is essential for integrating tools into the Trickest platform, specifically designed for the Workflow Editor. This YAML file contains all the necessary data for the tool to be displayed appropriately and configured within the platform.
Overview of trickest.yaml Structure
The YAML file is structured to provide comprehensive details about the tool, including its functionality, usage, and output handling. Below is a detailed explanation of each field in the trickest.yaml file:
Example
This is an example of YAML Structure
name: my-private-tool
description: This is an example of a private tool
category: Recon
source_url: https://github.com/my-tool
docker_image: user/image:tag
command:
output_parameter: -o
output_type: file
license_info:
name: MIT
url: https://github.com/example-repository/LICENSE.md
inputs:
input-parameter:
command: -d
description: This is description of input parameter
order: 0
visible: true
type: string
Tool Identification and Description
| Name | Description | Required | Example |
|---|---|---|---|
| name | Name of the tool | Yes | amass |
| description | Short description of the tool. The "About" section of GitHub is an excellent starting point if available | Yes | The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques. |
| category | High-level category of the tool | No | Recon |
| source_url | Original repository's URL | Yes | https://github.com/OWASP/Amass |
Docker Image and Command Execution
| Name | Description | Required | Example |
|---|---|---|---|
| docker_image | Docker image URL. We use quay.io for hosting images | Yes | quay.io/trickest/amass:v3.10.5 |
| command | Command that should be executed on the container when the node runs | Yes | /bin/amass enum |
| output_parameter | Command line parameter that designates the tool's output path | Yes | -o |
| output_type | Output type (file or folder) | Yes | file |
| license_info.name | Name of the tool's license | Yes | Apache 2.0 |
| license_info.url | URL of the tool's license | Yes | https://github.com/OWASP/Amass/blob/main/LICENSE |
Versioning Note
The docker_image value should always use a Versioning Conventions. Never use :latest.Parameters
The parameters structure is as follows:
| Name | Description | Example |
|---|---|---|
| command | Command line parameter used by the tool | -d |
| name | Name to identify the parameter in the node | domain |
| parameter_type | Type of the parameter (string, file, folder, or boolean) | string |
| description | Short description of the parameter | Domain names separated by commas |
| order | The index of the parameter. The order is followed when building the final command | 0 |
Next up: Versioning Conventions