A Security Operations Center (SOC) homelab environment built on Raspberry Pi and Docker. This project provides an instant, containerized cybersecurity testing and Security Operations platform with pre-configured scripts for running various security tools, vulnerability assessments, and penetration testing exercises.
Key Features:
Fully containerized environment using Docker Multiple security-focused Linux distributions (Parrot Security, Kali Linux) Vulnerable web application for practice (DVWA, Juice shop) Pre-installed penetration testing tools Persistent data storage for your work
- Raspberry Pi (or any arm based Linux system)
- Docker installed (scripts will install Docker if not present)
- Sudo privileges
- Internet connection for initial setup
-
Clone this repository:
git clone https://github.com/swayanbasu04/Instant_lab cd Instant_lab -
Make the main script executable:
chmod +x start_main.sh
-
Run the main menu:
./start_main.sh
-
Select your desired container from the interactive menu (1-5)
Description: Full-featured Parrot Security OS container with comprehensive penetration testing tools.
Included Tools:
- Network scanning:
nmap,net-tools - Web application testing:
nikto,gobuster,sqlmap - Password cracking:
hashcat,john,hydra - Exploitation:
metasploit-framework - Network analysis:
tcpdump,tshark - Reconnaissance:
recon-ng,dnsmap - SSL/TLS testing:
sslscan - And many more...
Usage:
./start_parrot.sh
# or choose option 1 from start_main.shFeatures:
- Network host mode for full network access
- Mounted work directory at
/work - Persistent storage
Description: Dedicated Metasploit Framework container for exploitation and vulnerability assessment.
Usage:
./start_msf.sh
# or choose option 2 from start_main.shFeatures:
- Full Metasploit Framework
- Persistent data in
msf/directory (mapped to container's/root/) - Network host mode
Description: Lightweight network protocol analyzer container.
Usage:
./start_tshark.sh
# or choose option 3 from start_main.shUse Cases:
- Network traffic analysis
- Packet capture and inspection
- Protocol troubleshooting
Description: Custom-built Kali Linux container with pre-installed security tools.
Included Tools:
- Similar toolkit as Parrot Security
- Based on
kalilinux/kali-rolling:latest - Customizable via
rkali/Dockerfile
Usage:
./start_rkali.sh
# or choose option 4 from start_main.shDescription: Damn Vulnerable Web Application - A deliberately vulnerable PHP/MySQL web application for security training.
Usage:
./start_dvwa.sh
# or choose option 5 from start_main.shAccess: http://localhost:8888
Default Credentials:
- Username:
admin - Password:
password
Practice Areas:
- SQL Injection
- XSS (Cross-Site Scripting)
- CSRF (Cross-Site Request Forgery)
- File Inclusion
- Command Injection
- And more...
Description: OWASP Juice Shop - A modern, intentionally vulnerable JavaScript web application for security training and awareness.
Usage:
./start_juice.sh
# or choose option 6 from start_main.shAccess: http://localhost:3000
Features:
- Modern web application vulnerabilities
- Over 100 security challenges
- Gamified learning experience
- Real-world vulnerability patterns
- Multi-language support
- RESTful API testing
Practice Areas:
- Broken Authentication
- Broken Access Control
- Sensitive Data Exposure
- XML External Entities (XXE)
- Insecure Deserialization
- Injection Attacks
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
Description: Elasticsearch, Logstash, and Kibana (ELK) stack for log aggregation, analysis, and visualization. A powerful SIEM (Security Information and Event Management) platform for security monitoring and threat detection.
Usage:
./start_elk.sh
# or choose option 7 from start_main.shAccess:
- Kibana:
http://localhost:5601 - Elasticsearch:
http://localhost:9200 - Logstash API:
http://localhost:9600 - Logstash Beats Input:
port 5044
Components:
- Elasticsearch: Distributed search and analytics engine for storing and indexing logs
- Logstash: Data processing pipeline for ingesting, transforming, and forwarding logs
- Kibana: Visualization and exploration interface for analyzing data
-
Permissions: After first-time Docker installation, you may need to log out and back in, or run:
newgrp docker
-
Data Persistence: Use the
work/andmsf/directories to store your files persistently across container sessions. -
Network Mode: Parrot Security and Metasploit containers use
--network hostfor full network access. Be cautious when using these tools. -
Resource Usage: Monitor your Raspberry Pi's resources when running multiple containers simultaneously.
-
Updates: Keep your containers updated:
docker pull parrotsec/security docker pull kalilinux/kali-rolling docker pull vulnerables/web-dvwa
Docker not starting:
sudo systemctl start docker
sudo systemctl enable dockerPermission denied:
sudo usermod -aG docker $USER
newgrp dockerContainer won't start:
# Check Docker is running
docker ps
# View logs
docker logs <container-id>