Host requirements


This known issue is discussed in detail here.

Simple fix is to create the file /etc/docker/daemon.json and insert:

    "dns": ["", ""]

where is the first DNS server your machine requests records from, and is the fallback DNS server, google in this case.

IP Forwarding

In order for containers to communicate with the outside world to install packages, etc, forwarding will need to be enabled. Simple fix here.


In terms of size, images are about:

  • node 650MB
  • -slim 250MB
  • alpine 5MB


Useful commands


Stops containers and removes containers, networks, volumes, and images created by up:
docker-compose down
Analogous to the --rm of docker run --rm
Also check the flags
By default removes Containers for services defined in the Compose file, networks defined in the networks section of the Compose file, the default network if one is used.

Removes all images used by any service:
docker-compose down --rmi all

Test what your docker-compose.yml file content looks like after the substitution step has been performed:
docker-compose config

To test that the orchestrator’s npm commands (such as npm run dc-build) are passing the correct values to docker-compose:
From the purpleteam-orchestrator root directory run the following command and verify the substituted values:

docker-compose GROUP_ID=$(id -g) USER_ID=$(id -u) -f ./compose/orchestrator-testers-compose.yml config

docker CLI

Attach to a running container:
docker attach [container]

List all running containers:
docker container ls

List all containers:
docker container ls --all, -a

Stop all containers:
docker stop $(docker ps -a -q)

When a docker container won’t stop:
ps aux | grep docker
sudo killall -9 dockerd
sudo kill -9 <pid of anything with docker in the output>
sudo /etc/init.d/docker start

Inspect a container:
docker container inspect [container-id]

Inspect an image:
docker image inspect [image_id]

Remove all containers:
docker rm $(docker ps -a -q)
docker container prune options

List all images:
docker images -a
docker image ls -a

Remove a specific image:
docker rmi [image-name]

Remove all images:
docker rmi $(docker images -a -q)
docker image prune options

Docker history:
docker history --no-trunc [image_id]

Use dive to locate files in an image:

  1. Use dive
  2. docker create [image] returns container ID
  3. docker cp [container_id]:[source_path] [destination_path] can now view file contents
  4. docker rm [container_id]

Shell into running container:
docker exec -it [container_id] [bash || /bin/ash]

Tail stdout (and stderr, as Docker merges stdout and stderr) of a container, useful for watching Zap, Selenium or any other Emissary container logs:
docker logs --follow [container-name]
If you would like to send those logs to a file as well:
docker logs --follow [container-name] |tee output.log$(date '+%Y-%m-%d_%T')
If you would like to send those logs to a file without viewing them via your terminal:
docker logs --follow [container-name] > output.log$(date '+%Y-%m-%d_%T')

Shell into a running container once it’s running from a docker-compose command:
docker-compose exec [service-name-in-docker-compose-file] /bin/ash
Or as an npm script:
~/Source/purpleteam-orchestrator npm run dc-up-shell-app
On the app-scanner service of the orchestrator compose file, this was useful for:

  1. Verifying connectivity with sam local start-lambda running on the host:
    From within the container, find the hosts IP address becuase host.docker.internal isn’t implemented:
    /sbin/ip route | awk '/default/ { print $3 }' | awk '!seen[$0]++'
    • Either install and use curl
      su root
      apk --update --no-cache add curl
    • Or use wget with no install
      wget -O -
  2. Verifying connectivity with zap containers (Once the regex in the docker-compose file of purpleteam-s2-containers app-emissary was setup correctly, and of course watching what’s happening in the zap container with the docker logs command), like so:
    curl appemissary_zap_1:8080/UI
    curl appemissary_zap_2:8080/UI


List networks
docker network ls

Inspect specific network
docker network inspect <network-name>

Ip address info
ip addr show

Remove specific network
docker network rm <network-name>

iptables list
iptables -L

Workings for dockerising Orchestrator

  • List all open ports:
    ss -lntu
  • docker build --tag purpleteam-orchestrator-img .
    docker image ls
    docker run -e "NODE_ENV=local" -p 2000:2000 -it --rm --name purpleteam-orchestrator-cont purpleteam-orchestrator-img
  • Find ip address bound to a container
    docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' pt-orchestrator-cont
  • Find ip address of host from containers perspective, in alpine
    • Provides shell
      docker run -e "NODE_ENV=local" -p 2000:2000 -it --rm --name purpleteam-orchestrator-cont purpleteam-orchestrator-img /bin/sh
    • Provides IP address
      route | awk '/^default/ { print $2 }'
  • Testing that the orchestrator container can reach the app-tester
    apk add --no-cache curl
    Or, just use wget out of the box:
    wget -O -


  • Which comtainers are running as root:
    docker ps --quiet | xargs docker inspect --format '{{ .Id }}: User={{ .Config.User }}'
    Just redis

Useful resources