{"id":63084,"date":"2026-04-25T09:50:16","date_gmt":"2026-04-25T16:50:16","guid":{"rendered":"https:\/\/sn1persecurity.com\/wordpress\/documentation\/docker\/"},"modified":"2026-04-25T09:50:16","modified_gmt":"2026-04-25T16:50:16","slug":"docker","status":"publish","type":"page","link":"https:\/\/sn1persecurity.com\/wordpress\/documentation\/docker\/","title":{"rendered":"Docker"},"content":{"rendered":"<div class=\"sn-breadcrumb\"><a href=\"\/wordpress\/documentation\/\">Documentation<\/a><span class=\"sep\">\/<\/span><span>Docker<\/span><\/div>\n<p>Sn1per Professional 2026 can run inside a Docker container on any Docker-capable host. The recommended workflow starts a Kali base container and runs your license&#8217;s <code>activation.sh<\/code> inside it \u2014 the same installer used on bare metal.<\/p>\n<h2 id=\"why-privileged-is-required\">Why <code>--privileged<\/code> is required<\/h2>\n<p>Sn1per Pro runs a broad offensive toolchain: nmap (raw sockets, SYN \/ OS-fingerprint), masscan, hping3, nuclei (Go JIT), the Metasploit Framework, and more. On bare metal the installer ships a systemd drop-in at <code>\/etc\/systemd\/system\/apache2.service.d\/sniper-override.conf<\/code> that disables Kali&#8217;s Apache hardening \u2014 <code>Protect*=false<\/code>, <code>Restrict*=false<\/code>, <code>MemoryDenyWriteExecute=false<\/code>, empty <code>SystemCallFilter=<\/code> \u2014 because those restrictions block the scan tools.<\/p>\n<p>Inside Docker, <code>--privileged<\/code> is the equivalent switch. It grants the container:<\/p>\n<ul>\n<li>The full Linux capability set (<code>NET_ADMIN<\/code>, <code>NET_RAW<\/code>, <code>SYS_ADMIN<\/code>, <code>SYS_PTRACE<\/code>, \u2026)<\/li>\n<li>An unrestricted seccomp profile (nuclei JIT&#8217;s <code>mprotect(PROT_EXEC|PROT_WRITE)<\/code>, <code>keyctl<\/code>, unusual <code>ptrace<\/code> variants)<\/li>\n<li>No AppArmor <code>docker-default<\/code> restrictions (<code>mount<\/code>, writes to <code>\/sys<\/code>, raw device access)<\/li>\n<li>Access to host devices<\/li>\n<\/ul>\n<p>This is appropriate for an offensive-security tool but worth flagging in your deployment plan.<\/p>\n<p>If you must run with narrower privileges (known-limited feature set), the closest safe alternative is:<\/p>\n<pre><code class=\"language-bash\">docker run -dit --name sn1per-pro -p 1337:1337 \n  --cap-add=NET_ADMIN --cap-add=NET_RAW --cap-add=SYS_PTRACE --cap-add=SYS_ADMIN \n  --security-opt seccomp=unconfined --security-opt apparmor=unconfined \n  kalilinux\/kali-rolling\n<\/code><\/pre>\n<p>Expect some advanced tooling (certain Metasploit post modules, a subset of nuclei templates) to still fail. File a support ticket with the exact error if you hit one.<\/p>\n<h2 id=\"recommended-workflow\">Recommended workflow<\/h2>\n<pre><code class=\"language-bash\"># 1. Start a Kali base container with port 1337 published and elevated privileges\ndocker run -dit --name sn1per-pro -p 1337:1337 --privileged kalilinux\/kali-rolling\n\n# 2. Open a shell in the container\ndocker exec -it sn1per-pro bash\n\n# 3. Install curl + sudo (kali-rolling:latest is minimal), then run the activation URL\napt update &amp;&amp; apt install -y curl sudo\ncurl https:\/\/sn1persecurity.com\/pro\/10.0\/&lt;your-license-hash&gt;\/activation.sh | bash\n<\/code><\/pre>\n<p>The installer runs exactly as it would on bare metal \u2014 installs Apache \/ PHP \/ PostgreSQL \/ Metasploit \/ nuclei \/ the scan engine, configures digest auth, and generates the <code>admin<\/code> password. Takes 10\u201320 minutes.<\/p>\n<p>After installation completes, the Pro UI is available on your Docker host at <code>https:\/\/localhost:1337<\/code>. Retrieve the admin password:<\/p>\n<pre><code class=\"language-bash\">docker exec sn1per-pro cat \/usr\/share\/sniper\/pro\/data\/.admin-password\n<\/code><\/pre>\n<h2 id=\"port-mapping\">Port mapping<\/h2>\n<p>By default the installer binds Apache to port 1337 inside the container. Map it to any free port on the host:<\/p>\n<pre><code class=\"language-bash\"># Host 1337 -&gt; container 1337 (recommended, matches license-email docs)\n-p 1337:1337\n\n# Host 1338 -&gt; container 1337 (if the host already runs something on 1337)\n-p 1338:1337\n\n# Bind to a specific interface only\n-p 127.0.0.1:1337:1337\n<\/code><\/pre>\n<h2 id=\"volume-mounts\">Volume mounts<\/h2>\n<p>Persisting scan data across container rebuilds is strongly recommended. Useful mounts:<\/p>\n<h3 id=\"scan-loot-required-for-persistence\">Scan loot (required for persistence)<\/h3>\n<pre><code class=\"language-bash\">-v sn1per-loot:\/usr\/share\/sniper\/loot\n<\/code><\/pre>\n<p>Workspaces, scan history, screenshots, and findings all live under this tree. Without a volume mount, all scan data is destroyed when the container is removed.<\/p>\n<h3 id=\"scan-engine-config-overrides\">Scan engine config overrides<\/h3>\n<pre><code class=\"language-bash\">-v \/host\/path\/sniper.conf:\/usr\/share\/sniper\/sniper.conf\n<\/code><\/pre>\n<p>Mount your own <code>sniper.conf<\/code> to customize AI \/ RAG \/ Burp \/ notification settings without editing inside the container.<\/p>\n<h3 id=\"admin-password-visibility\">Admin password visibility<\/h3>\n<pre><code class=\"language-bash\">-v sn1per-config:\/usr\/share\/sniper\/pro\/data\n<\/code><\/pre>\n<p>Lets you read the generated admin password from the host:<\/p>\n<pre><code class=\"language-bash\">docker volume inspect sn1per-config | grep Mountpoint\n# then: sudo cat &lt;that-path&gt;\/.admin-password\n<\/code><\/pre>\n<h2 id=\"docker-compose\">docker compose<\/h2>\n<p>A minimal compose service for Sn1per Pro with persistent volumes:<\/p>\n<pre><code class=\"language-yaml\">services:\n  sn1per-pro:\n    image: kalilinux\/kali-rolling:latest\n    container_name: sn1per-pro\n    privileged: true\n    ports:\n      - &quot;1337:1337&quot;\n    volumes:\n      - sn1per-loot:\/usr\/share\/sniper\/loot\n      - sn1per-config:\/usr\/share\/sniper\/pro\/data\n    restart: unless-stopped\n    # First-run activation is a manual step \u2014 see below.\n    command: [&quot;sleep&quot;, &quot;infinity&quot;]\n    healthcheck:\n      test: [&quot;CMD-SHELL&quot;, &quot;curl -k -f --silent --max-time 5 -o \/dev\/null https:\/\/127.0.0.1:1337\/ || exit 1&quot;]\n      interval: 30s\n      timeout: 10s\n      retries: 3\n      start_period: 120s\n\nvolumes:\n  sn1per-loot:\n  sn1per-config:\n<\/code><\/pre>\n<p>First-run activation (one-time per container creation):<\/p>\n<pre><code class=\"language-bash\">docker compose up -d sn1per-pro\ndocker compose exec sn1per-pro bash -c \n  'apt update &amp;&amp; apt install -y curl sudo &amp;&amp; curl https:\/\/sn1persecurity.com\/pro\/10.0\/&lt;your-license-hash&gt;\/activation.sh | bash'\n<\/code><\/pre>\n<p>From then on <code>docker compose up -d<\/code> \/ <code>down<\/code> \/ <code>restart<\/code> \/ <code>stop<\/code> \/ <code>start<\/code> work normally and the installed stack persists inside the container + volumes.<\/p>\n<h2 id=\"container-management\">Container management<\/h2>\n<pre><code class=\"language-bash\"># Lifecycle\ndocker stop sn1per-pro\ndocker start sn1per-pro\ndocker restart sn1per-pro\ndocker rm    sn1per-pro           # remove (stop first)\n\n# Introspection\ndocker logs sn1per-pro            # Apache + install logs\ndocker exec -it sn1per-pro bash   # interactive shell\ndocker exec sn1per-pro systemctl status apache2\n\n# Retrieve admin password\ndocker exec sn1per-pro cat \/usr\/share\/sniper\/pro\/data\/.admin-password\n\n# Run a scan from the host\ndocker exec sn1per-pro sniper -t target.com -m normal\n\n# Copy loot out to the host\ndocker cp sn1per-pro:\/usr\/share\/sniper\/loot .\/sn1per-loot-backup\n<\/code><\/pre>\n<h2 id=\"license-activation-notes\">License activation notes<\/h2>\n<p>The activation URL binds your license to the <strong>container&#8217;s<\/strong> machine ID on first install. When you rebuild the image or recreate the container, the machine ID changes and you must de-register the old instance first (see <a href=\"\/wordpress\/documentation\/installation\/#de-registration-freeing-your-license\">Installation \u2192 De-registration<\/a>) before activating on the new container.<\/p>\n<p>If you plan to recreate the container often (CI, ephemeral testing), email <code>support@sn1persecurity.com<\/code> to discuss long-running license arrangements.<\/p>\n<h2 id=\"troubleshooting\">Troubleshooting<\/h2>\n<h3 id=\"container-exits-immediately-after-docker-run\">Container exits immediately after <code>docker run<\/code><\/h3>\n<p>The base <code>kalilinux\/kali-rolling<\/code> image&#8217;s default entrypoint is <code>bash<\/code>, which exits when not attached to a TTY. Use <code>-dit<\/code> (detached + interactive + TTY) as shown above, or explicitly run <code>sleep infinity<\/code> as the command.<\/p>\n<h3 id=\"activation-fails-with-connection-refused\">Activation fails with connection refused<\/h3>\n<p>Make sure the container can reach the public internet:<\/p>\n<pre><code class=\"language-bash\">docker exec sn1per-pro curl -v https:\/\/sn1persecurity.com\n<\/code><\/pre>\n<p>Check your host&#8217;s Docker network settings and any egress firewalls.<\/p>\n<h3 id=\"curl-not-found-when-running-the-activation-script\"><code>curl: not found<\/code> when running the activation script<\/h3>\n<p>Install it first: <code>apt update &amp;&amp; apt install -y curl sudo<\/code>. <code>kalilinux\/kali-rolling:latest<\/code> is intentionally minimal.<\/p>\n<h3 id=\"port-1337-already-in-use-on-the-host\">Port 1337 already in use on the host<\/h3>\n<pre><code class=\"language-bash\">ss -lntp | grep 1337       # find the holder\ndocker run ... -p 1338:1337 ...   # or publish to a different host port\n<\/code><\/pre>\n<h3 id=\"nmap-syn-scan-hangs-or-returns-only-closed-ports\">Nmap SYN scan hangs or returns only closed ports<\/h3>\n<p><code>--privileged<\/code> is not set (or was silently dropped by your orchestrator). Verify:<\/p>\n<pre><code class=\"language-bash\">docker inspect sn1per-pro --format '{{.HostConfig.Privileged}}'\n# expect: true\n<\/code><\/pre>\n<h3 id=\"apache-says-ah00558-could-not-reliably-determine-the-servers-fully-qualified-domain-name\">Apache says &#8220;AH00558: Could not reliably determine the server&#8217;s fully qualified domain name&#8221;<\/h3>\n<p>Harmless. Cosmetic warning only.<\/p>\n<h3 id=\"container-disk-usage-grows-unexpectedly\">Container disk usage grows unexpectedly<\/h3>\n<p>Scan loot under <code>\/usr\/share\/sniper\/loot\/<\/code> is the main consumer. Either use a host bind mount (so the data is outside the container) or periodically clean old workspaces via the Pro web UI&#8217;s <strong>Delete Workspace<\/strong> action.<\/p>\n<h3 id=\"more-help\">More help<\/h3>\n<p>See <a href=\"\/wordpress\/documentation\/installation\/#troubleshooting\">Installation \u2192 Troubleshooting<\/a> for non-Docker-specific issues, or email <code>support@sn1persecurity.com<\/code> with:<\/p>\n<ul>\n<li>Your license key<\/li>\n<li>The output of <code>docker inspect sn1per-pro<\/code><\/li>\n<li>The last 200 lines of <code>docker logs sn1per-pro<\/code><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Documentation\/Docker Sn1per Professional 2026 can run inside a Docker container on any Docker-capable host. The recommended workflow starts a Kali base container and runs your license&#8217;s activation.sh inside it \u2014\u2026<\/p>\n","protected":false},"author":0,"featured_media":0,"parent":2284,"menu_order":60,"comment_status":"closed","ping_status":"closed","template":"page-templates\/template-doc-page.php","meta":{"om_disable_all_campaigns":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"footnotes":""},"class_list":["post-63084","page","type-page","status-publish","hentry"],"aioseo_notices":[],"jetpack_shortlink":"https:\/\/wp.me\/PdnW96-gpu","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":63079,"url":"https:\/\/sn1persecurity.com\/wordpress\/documentation\/getting-started\/","url_meta":{"origin":63084,"position":0},"title":"Getting Started","author":"","date":"April 25, 2026","format":false,"excerpt":"Documentation\/Getting Started This guide gets you from a fresh system to a running Sn1per Pro instance in under 20 minutes. For deeper coverage, see Installation and Configuration. Prerequisites A 64-bit Linux host (Kali Rolling recommended; Ubuntu 22.04+, Debian 12+, and Parrot OS also supported) Root or passwordless sudo access 4\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":63080,"url":"https:\/\/sn1persecurity.com\/wordpress\/documentation\/installation\/","url_meta":{"origin":63084,"position":1},"title":"Installation","author":"","date":"April 25, 2026","format":false,"excerpt":"Documentation\/Installation Sn1per Professional 2026 installs in two modes: bare metal on a supported Linux host, or inside a Docker container. The same activation.sh URL (sent in your order confirmation email) drives both. System Requirements Requirement Minimum Recommended Operating system Kali Linux Rolling, Ubuntu 22.04+, Debian 12+, or Parrot OS Kali\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":63083,"url":"https:\/\/sn1persecurity.com\/wordpress\/documentation\/architecture\/","url_meta":{"origin":63084,"position":2},"title":"Architecture","author":"","date":"April 25, 2026","format":false,"excerpt":"Documentation\/Architecture Sn1per Professional 2026 pairs a bash-based scan engine with a modernized PHP web UI on Apache, and optionally integrates with an AI \/ RAG stack for augmented analysis. This doc describes how the components fit together. High-level stack Browser (HTTPS :1337) | v Apache 2.4 --- Digest Auth ---\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2284,"url":"https:\/\/sn1persecurity.com\/wordpress\/documentation\/","url_meta":{"origin":63084,"position":3},"title":"Documentation","author":"xer0dayz","date":"October 7, 2018","format":false,"excerpt":"[vc_row][vc_column][vc_column_text] Sn1per Professional Documentation The official Sn1per Professional software manual. Topics System Requirements Getting Started Help Topics Integration Guides Modules Sn1per Professional Demos Sn1per Enterprise Boot Camp \u00a0 System Requirements Sn1per Professional requires the following to run correctly: A Kali Linux operating system Kali 2024.4 VMware\/VirtualBox pre-built VMs, Ubuntu 22.04\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"Sn1perSecurity-Attack-Surface-Management-header2","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/10\/Sn1perSecurity-Attack-Surface-Management-header2.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/10\/Sn1perSecurity-Attack-Surface-Management-header2.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/10\/Sn1perSecurity-Attack-Surface-Management-header2.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/10\/Sn1perSecurity-Attack-Surface-Management-header2.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/10\/Sn1perSecurity-Attack-Surface-Management-header2.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/10\/Sn1perSecurity-Attack-Surface-Management-header2.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":63082,"url":"https:\/\/sn1persecurity.com\/wordpress\/documentation\/usage\/","url_meta":{"origin":63084,"position":4},"title":"Usage","author":"","date":"April 25, 2026","format":false,"excerpt":"Documentation\/Usage Sn1per Professional 2026 exposes three interfaces: a web UI (primary), a CLI (sniper command), and a JSON API. Web UI The web UI is served on HTTPS port 1337. Log in as admin with the password from \/usr\/share\/sniper\/pro\/data\/.admin-password. Workspace Navigator The landing page after login. One row per workspace\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":63081,"url":"https:\/\/sn1persecurity.com\/wordpress\/documentation\/configuration\/","url_meta":{"origin":63084,"position":5},"title":"Configuration","author":"","date":"April 25, 2026","format":false,"excerpt":"Documentation\/Configuration Most Sn1per Pro behavior is controlled by two files: \/usr\/share\/sniper\/sniper.conf \u2014 scan engine defaults (threads, DNS, AI, RAG, Burp, notifications, etc.) \/usr\/share\/sniper\/pro\/settings.php \u2014 Pro web UI tunables (license key, install dir, workspace limits, Burp host) Change either file and restart Apache (sudo systemctl reload apache2) to pick up PHP-side\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/pages\/63084","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/types\/page"}],"replies":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/comments?post=63084"}],"version-history":[{"count":0,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/pages\/63084\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/pages\/2284"}],"wp:attachment":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media?parent=63084"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}