Deploying Invicti Shark for PHP – Docker
Invicti Shark enables you to carry out interactive security testing (IAST) in your web application in order to confirm more vulnerabilities and further minimize false positives.
For Invicti Shark to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.
The most principled way of deploying Invicti Shark in a Docker scenario is to simply layer the Invicti Shark modifications onto your already existing container definition.
This simple example will demonstrate how you can deploy Invicti Shark together with your web application. There are 4 steps to do this.
Step 1. Create your target in Invicti Enterprise
For this example, we will assume that the URL for your target is http://sharkexample.com:60000.
Go to Invicti Enterprise and create a new target with your URL. From New Scan, select this URL for the scan, then enable Invicti Shark. Download the Shark agent file shark.php, and save this file for use later on.
Step 2. Define the web application image
- This simple web application will be defined through the following file structure:
/testphp-docker/ /testphp-docker/Dockerfile /testphp-docker/websrc/ /testphp-docker/websrc/index.php /testphp-docker/websrc/test.php
- Create your /testphp-docker/Dockerfile file to read as follows:
FROM php:7.3.28-apache #setup the web pages COPY --chown=www-data:www-data websrc/ /var/www/html
- Create your /testphp-docker/websrc/index.php file to read as follows:
<?php echo "<h1>Test PHP Site Example for Docker Deployment</h1>"; echo "<br>"; echo "Welcome to the main page."; echo "<br>"; echo "<a href='test.php'>Go to the test page.</a>"; ?>
- Create your /testphp-docker/websrc/test.php file to read as follows:
<?php echo "<h1>Test PHP Site Example for Docker Deployment</h1>"; echo "<br>"; echo "Welcome to the test page."; echo "<br>"; ?>
- Build the image with:
cd /testphp-docker docker build -t testphp-docker .
Step 3. Define the Shark layer image
- The Shark layer will be defined through the following file structure:
/testphp-docker-shark/ /testphp-docker-shark/Dockerfile /testphp-docker-shark/shark.php
- Copy the shark.php file you created in the first step to your docker host into the /testphp-docker-shark directory.
- Create your /testphp-docker-shark/Dockerfile file to read as follows:
FROM testphp-docker # assumes the web application is in /var/www/html # setup Invicti Shark RUN mkdir /shark WORKDIR /shark COPY shark.php . # add .htaccess file for Invicti Shark RUN printf "\nphp_value auto_prepend_file /shark/shark.php\n" > /var/www/html/.htaccess \ && chown www-data:www-data /var/www/html/.htaccess
- Build and run your image with:
cd /testphp-docker-shark docker build -t testphp-docker-shark . docker run -d -p 60000:80 --name mytestphp testphp-docker-shark
Step 4. Test and scan your web application
Point your browser to your web application. In this example, http://sharkexample.com:6000 to confirm it is running as intended.