0

I'm trying to run an ordinary bash script to run a tool from a container and extract its output to the host machine. This is what i've got so far (stripped of the script itself ofcourse):

docker build -t amass https://github.com/OWASP/Amass.git
docker run -d --name amass_dock amass
docker exec -it amass_dock sh -c "./bin/amass --passive -d example.com -o out.txt"
docker cp amass_dock:/out.txt .

This gives out the error: "Cannot exec in a stopped state". What is the correct way to perform this? my goal is to eventually run the docker program and take output to host machine.

toti toto
  • 87
  • 1
  • 8
  • Does this shed any light on this issue? I'm not using docket yet myself (I know, I should) so I don't know the answer to your question - https://stackoverflow.com/questions/34782678/difference-between-running-and-starting-a-docker-container – Lasse V. Karlsen Dec 29 '18 at 12:03
  • That means that `amass` crashed upon startup – hek2mgl Dec 29 '18 at 12:13
  • It doesn't, amass do run but stops running immediately (shows help or something) – toti toto Dec 29 '18 at 12:19
  • 1
    Lesson 1: A container is a _process_. In this case `amass`. If this process stops, the containers stops. – hek2mgl Dec 29 '18 at 12:28
  • Lesson 2: Use [_volumes_](https://docs.docker.com/storage/volumes/) if you want to access files from the host, copy to / from etc. – hek2mgl Dec 29 '18 at 12:33

2 Answers2

2

The simplest would be to read the manual :), and run it like this:

docker build -t amass https://github.com/OWASP/Amass.git
# Note that out.txt will be created on your host, not within the container
docker run amass --passive -d example.com > out.txt
cat out.txt

PS: For convenience you might want to place a wrapper script on your host system like this:

#!/bin/bash
# /usr/local/bin/amass
docker run amass "$@"

Make it executable:

chmod +x /usr/local/bin/amass

Now you can run amass, and use it in scripts, as if it would be installed on your host system:

amass --passive -d example.com
hek2mgl
  • 152,036
  • 28
  • 249
  • 266
  • 1
    Thanks, but I wouldn't rank myself as docker expert. If you want to learn docker, just start using it and then wait a few years ;) – hek2mgl Dec 29 '18 at 12:57
  • Glad that it works for you. Btw, this amass tool is nice if you, let's say, forgot the vpn address of your company ;) (where company is like facebook or apple :) ) – hek2mgl Dec 29 '18 at 13:01
  • Do you know why running it through bash, with $vars , doesn't work? – toti toto Dec 29 '18 at 13:03
  • I dunno what you mean. I've added to my answer how you can create a wrapper script on your host system. I hope that helps – hek2mgl Dec 29 '18 at 13:10
0

If the main goal of your program is to read and write local files, consider running it not in Docker. That completely avoids the container-lifecycle and filesystem-mapping issues you're running into.

sudo apt install snapd
sudo systemctl start snapd
sudo snap install amass
./bin/amass --passive -d example.com -o out.txt

Otherwise, Docker containers have their own separate filesystems, and need to explicitly be given access to host-system files. See the Docker documentation on bind mounts. You might run this program like

sudo docker build -t amass https://github.com/OWASP/Amass.git
sudo docker run --rm -v $PWD:/data \
  amass --passive -d example.com -o /data/out.txt
cat out.txt

Note that you can specify any host directory in the docker run -v options, even system directories like /etc and /bin, and for that reason I've explicitly called out the steps that require root-equivalent permissions (membership in a docker group is equivalent to having root). Also note that without Docker you can run the tool as an ordinary user, but to run the Docker container you must effectively be root.

If your problem is that the container is exiting ("...in a stopped state") your very first step should be to look at docker logs and run the container in the foreground without the -d option to understand why. While docker exec is a useful debugging tool it wasn't designed to be the primary way to interact with a container.

David Maze
  • 130,717
  • 29
  • 175
  • 215