Decker - Penetration testing orchestration and automation framework.


Decker is a penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.


How to get this tool

To use this tool, please use a method listed below.

In a Linux (Debian OS), run the following command(s).

Using docker for development is recommended for a smooth experience. This ensures all dependencies will be installed and ready to go.

git clone

cd decker

# on host machine
make docker_build

# on host machine): This will start docker container and open an interactive bash session)
make docker_run

# inside container
dep ensure -v

# inside container
make build_all

# inside container
make run

Download directly from the following link:


How to execute

Directory named decker-reports where decker will output a file for each plugin executed. The file's name will be {unique_resource_name}.report.txt.

examples directory containing decker config files. Mounting this volume allows you to write configs locally using your favorite editor and still run them within the container.


One environment variable is passed in:



This is referenced in the config files as {var.target_host}. Decker will loop through all environment variables named DECKER_*, stripping away the prefix and setting the rest to lowercase.

docker run -it --rm \
-v "$(pwd)/decker-reports/":/tmp/reports/ \
-v "$(pwd)/examples/":/decker-config/ \
-e \
stevenaldinger/decker:kali decker ./decker-config/example.hcl


When decker finishes running the config, look in ./decker-reports for the outputs.





Next steps:


This article was contributed by Jason Jacobs from Guyana. Jason is a member of the Caribbean CSPA.

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.