diff --git a/docker/Dockerfile.backend b/docker/Dockerfile.backend new file mode 100644 index 0000000..2ef5f9d --- /dev/null +++ b/docker/Dockerfile.backend @@ -0,0 +1,103 @@ +# NeuroSploit v3 - Optimized Multi-Stage Dockerfile +# Dramatically reduces build time and image size +# Supports ARM64 (Apple Silicon) and AMD64 + +# ============================================================================= +# STAGE 1: Go Tools Builder +# ============================================================================= +FROM golang:1.22-alpine AS go-builder + +RUN apk add --no-cache git + +WORKDIR /build + +# Install Go tools in parallel where possible +RUN go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest & \ + go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest & \ + go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest & \ + go install -v github.com/tomnomnom/waybackurls@latest & \ + go install -v github.com/ffuf/ffuf/v2@latest & \ + wait + +RUN go install -v github.com/projectdiscovery/katana/cmd/katana@latest & \ + go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest & \ + go install -v github.com/lc/gau/v2/cmd/gau@latest & \ + go install -v github.com/tomnomnom/gf@latest & \ + go install -v github.com/tomnomnom/qsreplace@latest & \ + wait + +RUN go install -v github.com/hahwul/dalfox/v2@latest & \ + go install -v github.com/OJ/gobuster/v3@latest & \ + go install -v github.com/jaeles-project/gospider@latest & \ + go install -v github.com/tomnomnom/anew@latest & \ + wait + +# Optional tools (less critical) +RUN go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest 2>/dev/null || true +RUN go install -v github.com/hakluke/hakrawler@latest 2>/dev/null || true + +# ============================================================================= +# STAGE 2: Python Dependencies +# ============================================================================= +FROM python:3.11-slim AS python-deps + +WORKDIR /app + +COPY backend/requirements.txt . + +RUN pip install --no-cache-dir --user -r requirements.txt && \ + pip install --no-cache-dir --user arjun wafw00f + +# ============================================================================= +# STAGE 3: Final Runtime Image +# ============================================================================= +FROM python:3.11-slim AS runtime + +# Install only essential runtime dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + curl \ + wget \ + git \ + dnsutils \ + nmap \ + sqlmap \ + jq \ + ca-certificates \ + libpcap0.8 \ + && rm -rf /var/lib/apt/lists/* \ + && apt-get clean + +WORKDIR /app + +# Copy Go binaries from builder (may be partial if some tools failed) +COPY --from=go-builder /go/bin/ /usr/local/bin/ + +# Note: Rust tools (feroxbuster) removed for faster builds +# Install via: cargo install feroxbuster (if needed) + +# Copy Python packages +COPY --from=python-deps /root/.local /root/.local +ENV PATH=/root/.local/bin:$PATH + +# Copy application code +COPY backend/ ./backend/ +COPY prompts/ ./prompts/ + +# Create data directories +RUN mkdir -p data/reports data/scans data/recon /root/.config/nuclei + +# Download wordlists (small subset for faster builds) +RUN mkdir -p /opt/wordlists && \ + wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt -O /opt/wordlists/common.txt || true && \ + wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt -O /opt/wordlists/subdomains-5000.txt || true + +# Update nuclei templates (runs on first startup if needed) +RUN nuclei -update-templates -silent 2>/dev/null || true + +# Health check +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD curl -f http://localhost:8000/api/health || exit 1 + +EXPOSE 8000 + +CMD ["python", "-m", "uvicorn", "backend.main:app", "--host", "0.0.0.0", "--port", "8000"] diff --git a/docker/Dockerfile.backend.lite b/docker/Dockerfile.backend.lite new file mode 100644 index 0000000..7a577ad --- /dev/null +++ b/docker/Dockerfile.backend.lite @@ -0,0 +1,32 @@ +# NeuroSploit v3 - LITE Dockerfile (Fast Build) +# Minimal image without external security tools +# Use this for development or when you don't need the recon tools + +FROM python:3.11-slim + +# Install minimal dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + curl \ + ca-certificates \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /app + +# Install Python dependencies +COPY backend/requirements.txt . +RUN pip install --no-cache-dir -r requirements.txt + +# Copy application code +COPY backend/ ./backend/ +COPY prompts/ ./prompts/ + +# Create data directories +RUN mkdir -p data/reports data/scans data/recon + +# Health check +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD curl -f http://localhost:8000/api/health || exit 1 + +EXPOSE 8000 + +CMD ["python", "-m", "uvicorn", "backend.main:app", "--host", "0.0.0.0", "--port", "8000"] diff --git a/docker/Dockerfile.frontend b/docker/Dockerfile.frontend new file mode 100644 index 0000000..c8a1493 --- /dev/null +++ b/docker/Dockerfile.frontend @@ -0,0 +1,29 @@ +# Build stage +FROM node:20-alpine AS builder + +WORKDIR /app + +# Copy package files +COPY frontend/package*.json ./ + +# Install dependencies +RUN npm install + +# Copy source code +COPY frontend/ ./ + +# Build the application +RUN npm run build + +# Production stage +FROM nginx:alpine + +# Copy built assets +COPY --from=builder /app/dist /usr/share/nginx/html + +# Copy nginx configuration +COPY docker/nginx.conf /etc/nginx/conf.d/default.conf + +EXPOSE 80 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/docker/Dockerfile.tools b/docker/Dockerfile.tools new file mode 100644 index 0000000..7108622 --- /dev/null +++ b/docker/Dockerfile.tools @@ -0,0 +1,90 @@ +# NeuroSploit v3 - Security Tools Runner Container +# Ephemeral container for running security tools in isolation + +FROM golang:1.22-alpine AS go-builder + +RUN apk add --no-cache git build-base + +WORKDIR /build + +# Install essential Go security tools +RUN go install -v github.com/ffuf/ffuf/v2@latest && \ + go install -v github.com/OJ/gobuster/v3@latest && \ + go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest && \ + go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest && \ + go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest && \ + go install -v github.com/projectdiscovery/katana/cmd/katana@latest && \ + go install -v github.com/hahwul/dalfox/v2@latest && \ + go install -v github.com/tomnomnom/waybackurls@latest + +# Rust tools builder +FROM rust:1.75-alpine AS rust-builder + +RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static pkgconf + +# Install feroxbuster +RUN cargo install feroxbuster --locked + +# Final runtime image +FROM alpine:3.19 + +# Install runtime dependencies and tools +RUN apk add --no-cache \ + bash \ + curl \ + wget \ + nmap \ + nmap-scripts \ + python3 \ + py3-pip \ + git \ + jq \ + bind-tools \ + openssl \ + libpcap \ + ca-certificates \ + nikto \ + && rm -rf /var/cache/apk/* + +# Install Python security tools +RUN pip3 install --no-cache-dir --break-system-packages \ + sqlmap \ + wfuzz \ + dirsearch \ + arjun \ + wafw00f \ + whatweb 2>/dev/null || pip3 install --no-cache-dir --break-system-packages sqlmap wfuzz + +# Copy Go binaries +COPY --from=go-builder /go/bin/* /usr/local/bin/ + +# Copy Rust binaries +COPY --from=rust-builder /usr/local/cargo/bin/feroxbuster /usr/local/bin/ + +# Install dirb +RUN apk add --no-cache dirb 2>/dev/null || \ + (wget -q https://downloads.sourceforge.net/project/dirb/dirb/2.22/dirb222.tar.gz && \ + tar -xzf dirb222.tar.gz && cd dirb222 && ./configure && make && make install && \ + cd .. && rm -rf dirb222*) || true + +# Create wordlists directory +RUN mkdir -p /opt/wordlists /opt/output + +# Download common wordlists +RUN wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt \ + -O /opt/wordlists/common.txt && \ + wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/directory-list-2.3-medium.txt \ + -O /opt/wordlists/directory-list-medium.txt && \ + wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/raft-large-files.txt \ + -O /opt/wordlists/raft-files.txt && \ + wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt \ + -O /opt/wordlists/subdomains-5000.txt + +# Update nuclei templates +RUN nuclei -update-templates -silent 2>/dev/null || true + +# Set working directory +WORKDIR /opt/output + +# Default command +ENTRYPOINT ["/bin/bash", "-c"] diff --git a/docker/nginx.conf b/docker/nginx.conf new file mode 100644 index 0000000..d1c91e2 --- /dev/null +++ b/docker/nginx.conf @@ -0,0 +1,47 @@ +server { + listen 80; + server_name localhost; + + root /usr/share/nginx/html; + index index.html; + + # Gzip compression + gzip on; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml; + + # API proxy + location /api { + proxy_pass http://backend:8000; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300s; + proxy_connect_timeout 75s; + } + + # WebSocket proxy for scan updates + location /ws { + proxy_pass http://backend:8000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 86400; + proxy_send_timeout 86400; + } + + # Frontend routes - serve index.html for SPA + location / { + try_files $uri $uri/ /index.html; + } + + # Cache static assets + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + } +}