Docker image factory for GoatOS container profiles.
Published at ghcr.io/goatcommunity/goat.
| Profile | Tag | Description |
|---|---|---|
full |
ghcr.io/goatcommunity/goat:full |
Complete pentest toolkit (metasploit, impacket, netexec, bloodhound, john/hashcat, Go tools) |
light |
ghcr.io/goatcommunity/goat:light |
Minimal daily-use container (nmap, netcat, dnsutils, httpie) |
recon |
ghcr.io/goatcommunity/goat:recon |
Recon/web enumeration (ffuf, httpx, subfinder, nuclei, gobuster, feroxbuster) |
# Pull an image from the registry
goat install light
# Build an image locally
goat build recon
# Run a container
goat run lab01 --profile recondocker pull ghcr.io/goatcommunity/goat:light
docker tag ghcr.io/goatcommunity/goat:light goat:light# Build all profiles
./build-all.sh
# Build a specific profile
./build-all.sh recon
# Build and push to GHCR (requires docker login ghcr.io)
./build-all.sh --push
./build-all.sh recon --pushsources/
install/
entrypoint.sh # build dispatcher
common.sh # shared helpers (fapt, colorecho, register_tool, go_install)
package_base.sh # base system + Go + Python + shell setup
package_desktop.sh # XFCE + TigerVNC + noVNC
package_light.sh # light profile tools
package_recon.sh # recon profile + Go tools + wordlists
package_pentest.sh # AD/web/cracking/exploitation tools
package_full.sh # full profile (calls package_pentest)
assets/
goat/
entrypoint.sh # runtime entrypoint (container start/shell/desktop/VPN)
spawn.sh # shell spawner (shell selection, session logging)
shells/
zshrc # zsh config with GOAT_NAME prompt
tmux.conf # tmux config
desktop/ # XFCE configuration
Images are automatically built and published to GHCR on every push to main.
See .github/workflows/build.yml.
The goat-images project follows the same Dockerfile pattern as Exegol-images:
LABEL org.goat.*mirrorsLABEL org.exegol.*- Modular
package_*.shbuild steps /.goat/entrypoint.shmirrors/.exegol/entrypoint.shGOAT_START_SHELLmirrorsEXEGOL_START_SHELLGOAT_NAMEmirrorsEXEGOL_NAME