How to build a cyber security lab with docker

Key takeaways:

  • Create a cybersecurity lab using Docker with two main containers: Kali Linux for penetration testing and Metasploitable as a deliberately vulnerable target.

  • Install Docker, retrieve necessary images, deploy containers, and configure networking for communication between them.

  • Use Nmap from the Kali container to perform initial scans on the Metasploitable container, including discovery, port, OS, version, and vulnerability scans.

Docker is a powerful tool designed to facilitate the creation, deployment, and management of applications using containers. These containers encapsulate the application and all its dependencies, enabling seamless deployment across different environments. In cybersecurity, hands-on practice is paramount. Establishing your own lab environment offers a secure space to delve into vulnerabilities, refine techniques, and enhance your skills.

Getting started: Building the lab environment

The foundation of our cybersecurity lab consists of two Docker containers:

  • Kali linux: Renowned for its robust suite of penetration testing tools, Kali Linux is an ideal platform for security testing.
  • Metasploitable: A deliberately vulnerable system designed for practicing penetration testing methodologies.

Step 1: Docker installation and image retrieval

Begin by ensuring Docker is installed on your Linux machine. If you're on a Mac or Linux-based system, refer to Docker's official documentationhttps://docs.docker.com/ for installation instructions. Next, execute the following commands in the terminal to fetch the requisite Docker images:

docker pull kalilinux/kali-rolling
docker pull tleemcjr/metasploitable2
Pulling images

Step 2: Deploying the containers

Once the images are downloaded open two new terminals, deploy the containers using the following commands in each individual terminal:

docker run -it --name kali kalilinux/kali-rolling
docker run -it --name metasploitable tleemcjr/metasploitable2
Deploying containers

In the terminal where you ran this command docker run -it --name kali kalilinux/kali-rolling, run these commands as well:

apt-get update 
apt-get install iputils-ping -y
apt-get update
apt-get install nmap -y
Installing dependencies

Step 3: Network configuration

To enable communication between containers, open a new terminal, create a Docker network, and connect each container to it:

docker network create lab_network
docker network connect lab_network kali
docker network connect lab_network metasploitable
Creating docker network

Step 4: Testing connectivity

Verify connectivity between containers by executing pingPing is a network utility that tests the reachability of a host on an IP network by sending Echo Request messages and measuring the time it takes to receive an Echo Reply. It helps diagnose network connectivity and performance issues. commands:

docker exec kali ping -c 4 metasploitable
docker exec metasploitable ping -c 4 kali
Testing connectivity

This step ensures proper network setup and confirms accessibility between the lab components.

Conducting initial scans

With the lab operational, initiate an initial scan from the Kali container to the Metasploitable container using Nmap:

docker exec kali nmap -sP 172.18.0.0/16
Running initial scan

This command performs a ping scan to identify live hosts within the network. You can test the above commands in the terminal below.

Note: Wait 2-3 minutes when the terminal starts to automatically initialize and manage the docker services.

Terminal 1
Terminal
Loading...

Exploration and further scans

Expand your exploration by experimenting with various Nmap scan options. These include:

  • Discovery scans: These scans determine which hosts are up and running on a network.

  • Port scans: Port scans identify open ports on a target machine, revealing which services and applications are potentially accessible.

  • OS detection: OS detection infers the operating system running on a target device by analyzing the responses to Nmap’s probes.

  • Version detection: Version detection identifies the versions of services running on open ports, providing detailed information about software applications.

  • Vulnerability scans: Vulnerability scans assess a target for known vulnerabilities, checking for weaknesses that could be exploited by attackers.

Refer to the Nmap documentationhttps://nmap.org/docs.html for detailed explanations of each scan type and their respective outputs.

Conclusion

Using Docker containers to build a cybersecurity lab gives learners a flexible, scalable, and secure platform to practice. This Answer helps beginners start their journey into cybersecurity by offering a safe space to find and fix vulnerabilities.

Consistent practice and hands-on exploration are key to mastering cybersecurity skills.

Free AI Mock Interviews
Coding Interview
Coding PatternsFree Interview
Gain insights and practical experience with coding patterns through targeted MCQs and coding problems, designed to match and challenge your expertise level.
System Design
YouTubeFree Interview
Learn to design a video streaming platform like YouTube by tackling functional and non-functional requirements, core components, and high-level to detailed design challenges.

Free Resources

Copyright ©2025 Educative, Inc. All rights reserved