FROM debian:stretch
LABEL maintainer="Evgenii Protsenko <procenkoeg@yandex-team.ru>"

# Dependencies
RUN echo "deb http://deb.debian.org/debian stretch-backports main" >> /etc/apt/sources.list
RUN apt-get update
RUN apt-get -y install python-crypto python-setuptools \
    python-future python-bottle ca-certificates tar wget

# Py2neo
RUN wget https://github.com/nigelsmall/py2neo/tarball/py2neo-3.0.0 -O py2neo.tar.gz && \
    tar zxf ./py2neo.tar.gz && rm ./py2neo.tar.gz && \
    mv nigelsmall-py2neo-* py2neo && cd py2neo && \
    python setup.py build && python setup.py install && \
    cd ../ && rm -rf py2neo/

# Tools
## non-free: s3270
RUN sed -i 's/ main/ main non-free/' /etc/apt/sources.list
RUN apt-get update
## openssl: IVRE depends on openssl exec + libssl needed for Nmap
## libfreetype6 libfontconfig1 fonts-dejavu: screenshots w/ phantomjs
RUN apt-get -y install p0f rsync screen ipython openssl tesseract-ocr \
    libfreetype6 libfontconfig1 fonts-dejavu imagemagick ffmpeg s3270 \
    patch bash-completion bzip2 bro python-pil

# Install Nmap. Use included libpcap because to use the workaround for
# Nmap issue #34 (https://github.com/nmap/nmap/issues/34) since we do
# not know which kernel version will be used
# ADD https://github.com/nmap/nmap/tarball/master ./nmap.tar.gz
# Use 7.25BETA2 to have Lua 5.3
RUN apt-get -y install gcc g++ make patch
COPY nmap_7_70_port_timestamp.patch /tmp/nmap_7_70_port_timestamp.patch
RUN wget https://nmap.org/dist/nmap-7.70.tgz -O nmap.tar.gz && \
    apt-get -y install build-essential libssl-dev && \
    tar zxf nmap.tar.gz && \
    mv nmap-* nmap && \
    cd nmap && \
    patch -p1 < /tmp/nmap_7_70_port_timestamp.patch && \
    ./configure --without-ndiff --without-zenmap --without-nping \
                --without-ncat --without-nmap-update \
                --with-libpcap=included && \
    make && make install && \
    cd ../ && rm -rf nmap nmap.tar.gz && \
    apt-get -y --purge autoremove build-essential libssl-dev
# Add our *-screenshot NSE scripts
RUN for d in /usr /usr/local; do \
        d="$d/share/ivre/nmap_scripts"; \
        [ -d "$d" ] && ( \
	    cp $d/*.nse /usr/local/share/nmap/scripts; \
	    cd /usr/local/share/nmap/; \
	    for p in $d/patches/*.patch; do \
	         patch -p0 < $p; \
            done \
	) \
    done; true
RUN nmap --script-update


# "Install" phantomjs for our http-screenshot NSE script replacement
RUN wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.8-linux-x86_64.tar.bz2 -O phantomjs-1.9.8-linux-x86_64.tar.bz2 && \
    tar jxf phantomjs-1.9.8-linux-x86_64.tar.bz2 phantomjs-1.9.8-linux-x86_64/bin/phantomjs && \
    mv phantomjs-1.9.8-linux-x86_64/bin/phantomjs /usr/local/bin/ && \
    rm -rf phantomjs-1.9.8-linux-x86_64*


# RUN mkdir /var/lib/ivre-share
# VOLUME /var/lib/ivre-share

# Neo4j
# http://debian.neo4j.org/
# ADD https://debian.neo4j.org/neotechnology.gpg.key /neotechnology.gpg.key
# RUN apt-key add /neotechnology.gpg.key && rm /neotechnology.gpg.key
# RUN echo 'deb http://debian.neo4j.org/repo stable/' > /etc/apt/sources.list.d/neo4j.list
# RUN apt-get -q update && apt-get -qy install neo4j=2.3.3

# RUN sed -ri 's/^(dbms\.security\.auth_enabled=)true/\1false/;s/^# *(org\.neo4j\.server\.webserver\.address=0\.0\.0\.0)/\1/' /etc/neo4j/neo4j-server.properties

# IVRE
# RUN apt-get -qy install python python-dev python-pip && \
#     pip install ivre sqlalchemy psycopg2-binary && \
#     apt-get -qy autoremove python-dev python-pip


# --------------------
# --- DEPENDENCIES ---
# --------------------

RUN apt-get -y install python-pip git libpcap-dev build-essential supervisor \
	redis-server cmake libgmp3-dev gengetopt libpcap-dev clang \
	flex byacc libjson-c-dev pkg-config libunistring-dev tar && \
    mkdir -p /var/log/supervisor

RUN wget https://github.com/robertdavidgraham/masscan/archive/1.0.5.tar.gz && \
	mkdir masscan-src && tar xf 1.0.5.tar.gz -C masscan-src && \
	cd masscan-src/masscan-1.0.5 && make && \
	cp bin/masscan /usr/local/bin/masscan && cd ../..

RUN wget https://github.com/zmap/zmap/archive/v2.1.1.tar.gz && \
	mkdir zmap-src && tar xf v2.1.1.tar.gz -C zmap-src && \
	cd zmap-src/zmap-2.1.1 && cmake . && make -j4 && make install && cd ../..

ADD requirements_debby.txt requirements_debby.txt
RUN pip install -r requirements_debby.txt

# ------------
# --- IVRE ---
# ------------

# --- IVRE: OPTION 1 --- #
# ADD ivre.tar ivre-src
# RUN cd ivre-src/ivre && python setup.py build && python setup.py install
# ADD requirements_postgres.txt requirements_postgres.txt
# RUN pip install -r requirements_postgres.txt

# --- IVRE: OPTION 2 --- #
RUN wget https://github.com/cea-sec/ivre/archive/v0.9.11.tar.gz
RUN tar -xf v0.9.11.tar.gz
ADD ivre.patch /ivre.patch
RUN cd ivre-0.9.11 && patch -p1 < /ivre.patch && \
    python setup.py build && \
    python setup.py install && pip install -r requirements-postgres.txt

# Config
ADD ivre.conf /etc/ivre.conf

# -------------
# --- DEBBY ---
# -------------

ADD debby.tar /usr/lib/debby
RUN mv /usr/lib/debby/src /usr/lib/debby-src && \
    rm -rf /usr/lib/debby && mv /usr/lib/debby-src /usr/lib/debby
# RUN pip install -r /usr/lib/debby/requirements.txt

# ------------------
# --- SUPERVISOR ---
# ------------------

COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf

EXPOSE 8080

CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
