Installing NMAP on Ubuntu with RPM and Alien
There's a network scanning service I built and maintain which serves as a fancy wrapper around nmap, a popular network scanning tool. We used a debian based docker image and needed to get the latest version of nmap available in the container; unfortunately, nmap builds are distributed via RPM -- the debian based ones for our image often lag behind. Let's see how we used the RPM version within our Debian image.
If you look at the nmap changelog, you'll see that the latest (as of writing) is 7.93, released in September 2022. Client was using version 7.80.
One thing to know is that the maintainers make the latest version of nmap available for Linux distributions through the RPM package manager. Reviewing the Linux distro installation instructions, it's clear that the binary for Debian derivatives (like Ubuntu) are maintained by someone else and are acknowledged to sometimes be a year or more behind the current version. In fact, as of writing this, the latest available for Debian is nmap version 7.91, which is two years behind the latest!
Okay, so we have a Debian container that needs the latest nmap, we can't change the image to a different base for reasons I can't divulge, and the latest nmap available via apt-get is roughly two years behind.
Luckily, we can use a nifty tool called Alien to convert our RPM binary to Debian and install it in our container.
Create the docker container with a debian base
FROM python:3.9-slim AS base
Make sure wget and alien are available in the container
RUN apt-get update && \
apt-get -y --no-install-recommends install wget alien gcc && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
Download the RPM binaries
RUN wget https://nmap.org/dist/nmap-7.93-1.x86_64.rpm && \
wget https://nmap.org/dist/zenmap-7.93-1.noarch.rpm && \
wget https://nmap.org/dist/ncat-7.93-1.x86_64.rpm && \
wget https://nmap.org/dist/nping-0.7.93-1.x86_64.rpm
Convert to DEB and install
RUN alien -i nmap-7.93-1.x86_64.rpm && \
alien -i zenmap-7.93-1.noarch.rpm && \
alien -i ncat-7.93-1.x86_64.rpm && \
alien -i nping-0.7.93-1.x86_64.rpm
Verify it works
CMD ["sleep", "360000"]
This is a bit of a hack, but for the demo, you can just make the container sleep, that way you can build and run it and then exec in and run your own commands, i.e. --
$ docker build -t nmap_demo -f ./container/Dockerfile .
$ docker run nmap_demo
$ docker exec -it $YOUR_CONTAINER_ID sh
# You should be in the container now
$ nmap scanme.nmap.org
# The above command should execute, indicate the correct version, and execute properly.
That's basically it! In this case, alien works nicely and converts the RPM binaries to DEB for us so we can use the latest nmap within our Debian container.