Technologies: Ruby, Thor, Docker, Linux, Metasploit, Nmap
Penkit is a penetration testing suite that allows you to quickly spin up isolated software environments. Using the power and flexibility of Docker, Penkit can create environments for virtually any web-based vulnerability. Penkit has two components: the Penkit image catalog and the full featured CLI application.
Our goal with the Docker image catalog is to have a comprehensive selection of in-house Docker images that are carefully curated. This involves a stripped down build of Alpine Linux, our own package repository, and custom built top-level images. With this approach, we can cleanly replicate the vast majority of web software stacks.
The penkit CLI app (simply referred to as "penkit") is your interface to our library of images. Once you select an environment you would like to practice on, penkit fetches the most recent images, spins up the required virtual containers, and networks everything together — no Docker or programming knowlege is required. Once your software environment is running, penkit supplies you with any tool that you would need to exploit your target vulnerability.
Technologies: Docker, Linux, GPG, Bash
Lockbox is a docker image that is used to securely generate PGP keys. Running lockbox will generate a LUKS encrypted iso, build a file system, generate PGP keys in the newly created lockbox volume, and then dump the encrypted iso and your public key to your local file system. At no point do your keys touch an unencrypted volume.
Technologies: Python, Flask, SASS, Docker
Building this site (www.samlachance.com) was the first time I've done any major experimentaiton with Python and Flask. My professional website has needed a makeover for some time now so I decided to give Python/Flask a shot. I used the default Jinja2 templating engine, SASS for styles, and jQuery for scripting. The app is mostly static except for the Projects page which has some GitLab API integrations. The site is also running in Docker and the physical server runs Traefik for load balancing and SSL certificate acquisition.