WebSnort Docker Container

One of the first things I like to do when I start looking at a PCAP during an investigation is run it through snort to see if it finds anything suspicious. You can easily do this at the command line with  snort -dv -r test.pcap but the output is not great.

I have been using a tool called websnort for better output recently and decided it was time to put it into a docker container for easy portability.

Screen Shot 2016-08-25 at 7.48.51 AM

To run it: 
docker run -d -p 8080:8080 jgamblin/websnort

If you want to build your own the  dockerfile is:
FROM ubuntu:latest
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get install python-pip snort -y
RUN chmod a+r /etc/snort/snort.conf
RUN pip install websnort
CMD websnort

Protip:
 malware-traffic-analysis.net has great PCAPs for testing your security tools.

Site Footer