-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
64 lines (47 loc) · 1.5 KB
/
Dockerfile
File metadata and controls
64 lines (47 loc) · 1.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# X-POSURE v4.0 - Enterprise Credential Scanner
# "The shit your DevOps forgot."
#
# Build: docker build -t xposure .
# Run: docker run -it xposure example.com
# API: docker run -p 8080:8080 xposure --api
FROM python:3.11-slim
LABEL maintainer="SnailSploit"
LABEL version="4.0.0"
LABEL description="Autonomous credential harvesting system"
# Set environment variables
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1
# Create non-root user for security
RUN groupadd -r xposure && useradd -r -g xposure xposure
# Set work directory
WORKDIR /app
# Install system dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
gcc \
&& rm -rf /var/lib/apt/lists/*
# Copy requirements first for layer caching
COPY requirements.txt .
# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt
# Copy application code
COPY . .
# Install the package
RUN pip install --no-cache-dir -e .
# Create data directory for persistence
RUN mkdir -p /data && chown -R xposure:xposure /data
VOLUME /data
# Set database path to persistent volume
ENV XPOSURE_DB_PATH=/data/xposure.db
# Switch to non-root user
USER xposure
# Default port for API server
EXPOSE 8080
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD python -c "import xposure; print('OK')" || exit 1
# Default entrypoint
ENTRYPOINT ["python", "-m", "xposure"]
# Default command (show help)
CMD ["--help"]