feat(docker): Comprehensive Dockerfile with all pentesting tools

- Added system deps: build-essential, libxml2-dev, libxslt1-dev, nmap
- Installs Nuclei binary from GitHub releases (auto arch detection)
- Installs sqlmap, dirsearch, arjun via pip
- Verifies all tools are accessible at build time
- Full SecNode Python project installation
- Pulls Nuclei templates as a cached Docker layer

Author: vishnurajkv

Dockerfile

@@ -1,54 +1,86 @@
-# ── SecNode API Pentester — Multi-Stage Docker Image ──────────────────────────
-# Stage 1: System tool installer
-FROM python:3.12-slim AS base
+# ── SecNode API Pentester — Production Docker Image ───────────────────────────
+# Installs: Nuclei, SQLMap, Dirsearch, Arjun + all Python dependencies
+# ──────────────────────────────────────────────────────────────────────────────
 
+FROM python:3.12-slim
+
+# ── Arguments ─────────────────────────────────────────────────────────────────
 ARG NUCLEI_VERSION=3.3.9
 
+# ── System packages ───────────────────────────────────────────────────────────
 RUN apt-get update && apt-get install -y --no-install-recommends \
+        # Core utilities
         curl wget unzip git ca-certificates \
-        # SQLMap dependency
-        python3 \
-        # Dirsearch / Arjun dependencies
-        python3-pip \
+        # SQLMap needs Python 3 (already present) + these
+        python3-dev build-essential \
+        # Network tools
+        nmap \
+        # Encoding / parsing deps
+        libxml2-dev libxslt1-dev zlib1g-dev \
     && rm -rf /var/lib/apt/lists/*
 
-# ── Install nuclei binary ──────────────────────────────────────────────────────
-RUN ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/') && \
-    curl -sSfL \
-    "https://github.com/projectdiscovery/nuclei/releases/download/v${NUCLEI_VERSION}/nuclei_${NUCLEI_VERSION}_linux_${ARCH}.zip" \
-    -o /tmp/nuclei.zip && \
-    unzip -q /tmp/nuclei.zip -d /tmp/nuclei && \
-    mv /tmp/nuclei/nuclei /usr/local/bin/nuclei && \
-    chmod +x /usr/local/bin/nuclei && \
-    rm -rf /tmp/nuclei /tmp/nuclei.zip
-
-# ── Install Python-based tools ─────────────────────────────────────────────────
+# ── Install Nuclei binary (projectdiscovery) ──────────────────────────────────
+RUN set -eux; \
+    ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/'); \
+    URL="https://github.com/projectdiscovery/nuclei/releases/download/v${NUCLEI_VERSION}/nuclei_${NUCLEI_VERSION}_linux_${ARCH}.zip"; \
+    curl -sSfL "$URL" -o /tmp/nuclei.zip; \
+    unzip -q /tmp/nuclei.zip -d /tmp/nuclei-bin; \
+    mv /tmp/nuclei-bin/nuclei /usr/local/bin/nuclei; \
+    chmod +x /usr/local/bin/nuclei; \
+    rm -rf /tmp/nuclei-bin /tmp/nuclei.zip; \
+    nuclei -version
+
+# ── Install Python pentesting tools ───────────────────────────────────────────
 RUN pip install --no-cache-dir \
+        # SQL injection scanner
         sqlmap \
+        # Directory / endpoint brute-forcer
         dirsearch \
-        arjun
+        # HTTP parameter discovery
+        arjun \
+        # Extra HTTP client used by several tools
+        requests \
+        urllib3
 
-# Stage 2: Application image
-FROM base AS app
+# ── Pull Nuclei templates (cached as a layer) ─────────────────────────────────
+RUN nuclei -update-templates -silent || true
 
+# ── Application setup ─────────────────────────────────────────────────────────
 WORKDIR /app
 
-# Install the SecNode project with all Python dependencies
+# Copy dependency manifests first for better layer caching
 COPY pyproject.toml ./
+
+# Copy source
 COPY src/ ./src/
-RUN pip install --no-cache-dir -e ".[dev]"
 
-# Pull Nuclei templates on first run (cached after)
-RUN nuclei -update-templates -silent || true
+# Install SecNode + all its Python dependencies
+RUN pip install --no-cache-dir -e "." \
+    && pip install --no-cache-dir \
+        httpx==0.27.0 \
+        pydantic==2.6.3 \
+        structlog==24.1.0 \
+        litellm==1.34.0 \
+        PyYAML==6.0.1 \
+        rich \
+        asyncio \
+        aiofiles
 
-# ── Runtime config ─────────────────────────────────────────────────────────────
-# Environment variables expected at runtime:
-#   NEBIUS_API_KEY        — Nebius LLM API key
-#   NEBIUS_API_BASE       — Nebius API base URL
-#   SECNODE_LLM           — LiteLLM model string (e.g. nebius/deepseek-ai/DeepSeek-V3.2)
-#   OPENAI_API_KEY        — (optional) OpenAI API key
+# Verify all tools are accessible
+RUN nuclei -version && \
+    sqlmap --version && \
+    dirsearch --version || true && \
+    arjun --help | head -3 || true
 
+# ── Volumes & Runtime config ───────────────────────────────────────────────────
+# Results are written to /app/results — mount this for persistence
 VOLUME ["/app/results"]
 
+# ── Environment variables (set at runtime via -e or .env) ─────────────────────
+# NEBIUS_API_KEY        — Nebius LLM API key
+# NEBIUS_API_BASE       — Nebius API endpoint
+# SECNODE_LLM           — e.g. nebius/deepseek-ai/DeepSeek-V3.2
+# OPENAI_API_KEY        — (optional) for OpenAI models
+
 ENTRYPOINT ["secnodeapi"]
 CMD ["--help"]