ReconFlow/Dockerfile at main · 1amrahul/ReconFlow · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# ReconFlow - Docker Image
# Multi-stage build for optimal image size

# ===========================================
# Stage 1: Builder
# ===========================================
FROM golang:1.24-alpine AS builder

# Install build dependencies
RUN apk update && apk add --no-cache \
    git \
    gcc \
    musl-dev \
    build-base \
    make

WORKDIR /build

# Copy go mod files
COPY go.mod go.sum ./

# Download dependencies
RUN go mod download

# Copy source code
COPY . .

# Build the application
RUN CGO_ENABLED=1 GOOS=linux go build -o reconflow \
    -ldflags="-w -s" \
    ./cmd/reconflow

# ===========================================
# Stage 2: Tools Installer
# ===========================================
FROM alpine:3.19 AS tools-installer

# Update package index and install base tools
RUN apk update && apk add --no-cache \
    git \
    go \
    curl \
    wget \
    bash \
    make \
    cmake \
    gcc \
    musl-dev \
    libpcap-dev \
    nmap \
    masscan \
    python3 \
    py3-pip \
    bind-tools \
    chromium \
    nodejs \
    npm

# Install Go-based recon tools
RUN go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest && \
    go install -v github.com/owasp-amass/amass/v4/...@master && \
    go install github.com/tomnomnom/assetfinder@latest && \
    go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest && \
    go install -v github.com/joohoi/ffuf@latest && \
    go install -v github.com/projectdiscovery/katana/cmd/katana@latest && \
    go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest && \
    go install github.com/lc/gau/v2/cmd/gau@latest && \
    go install github.com/tomnomnom/waybackurls@latest && \
    go install -v github.com/projectdiscovery/shuffledns/cmd/shuffledns@latest && \
    go install -v github.com/sensepost/gowitness@latest && \
    go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

# Download wordlists
RUN mkdir -p /wordlists && \
    wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/dns-names.txt -O /wordlists/subdomains.txt && \
    wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt -O /wordlists/dirb-common.txt && \
    wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/raft-small-directories.txt -O /wordlists/directories.txt && \
    wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/raft-large-words.txt -O /wordlists/words.txt

# ===========================================
# Stage 3: Runtime
# ===========================================
FROM alpine:3.19 AS runtime

# Update package index and install runtime dependencies
RUN apk update && apk add --no-cache \
    ca-certificates \
    curl \
    bash \
    nmap \
    bind-tools \
    chromium \
    nodejs \
    npm \
    python3 \
    libpcap \
    sqlite-libs \
    libstdc++ \
    libgcc

# Create non-root user for security
RUN addgroup -g 1000 reconflow && \
    adduser -u 1000 -G reconflow -s /bin/bash -D reconflow

# Create directories
RUN mkdir -p /app/output /wordlists /root/.config/subfinder && \
    chown -R reconflow:reconflow /app /wordlists

# Copy binary from builder
COPY --from=builder /build/reconflow /usr/local/bin/reconflow

# Copy installed tools from tools-installer
COPY --from=tools-installer /root/go/bin/ /usr/local/bin/
COPY --from=tools-installer /wordlists/ /wordlists/
COPY --from=tools-installer /root/.config/subfinder/ /home/reconflow/.config/subfinder/

# Download API keys for subfinder (passive sources)
RUN echo '{"sources": ["apidnsdumpster", "certspotter", "crtsh", "dig", "dnsdb", "dnsdumpster", "hackertarget", "ipapi", "passivetotal", "rapidDNS", "robtex", "securitytrails", "shodan", "threatbook", "virustotal", "whoisxmlapi"]}' > /home/reconflow/.config/subfinder/provider-config.yaml && \
    chown reconflow:reconflow /home/reconflow/.config/subfinder/provider-config.yaml

# Set environment variables
ENV PATH="/usr/local/bin:${PATH}"
ENV GOPATH="/root/go"
ENV HOME="/home/reconflow"
ENV DISPLAY=":99"

# Copy entrypoint script
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

# Switch to non-root user
USER reconflow

WORKDIR /app

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD pgrep reconflow > /dev/null || exit 1

ENTRYPOINT ["/entrypoint.sh"]
CMD ["--help"]