Skip to main content

A Docker analysis tools

Project description

dockerscan

dockerscan: A Docker analysis & hacking tools

DockerScan logo

Project site

http://github.com/cr0hn/dockerscan

Issues

https://github.com/cr0hn/dockerscan/issues/

Author

Daniel Garcia (cr0hn) / Roberto Munoz (robskye)

Documentation

http://dockerscan.readthedocs.org

Last Version

1.0.0-Alpha-02

Python versions

3.5 or above

What’s dockerscan

A Docker analysis tools

Very quick install

> python3.5 -m pip install -U pip
> python3.5 -m pip install dockerscan

Show options:

> dockerscan -h

Available actions

Currently Docker Scan support these actions:

  • Scan: Scan a network trying to locate Docker Registries

  • Registry

    • Delete: Delete remote image / tag

    • Info: Show info from remote registry

    • Push: Push an image (like Docker client)

    • Upload: Upload a random file

  • Image

    • Analyze: Looking for sensitive information in a Docker image.

      • Looking for passwords in environment vars.

      • Try to find any URL / IP in the environment vars.

      • Try to deduce the user used internally to run the software. This is not trivial. If the entry point is a .sh file. Read the file and try to find call to sudo-like: “sudo”, “gosu”, “sh -u”… And report the user found.

    • Extract: extract a docker image

    • Info: Get a image meta information

    • Modify:

      • entrypoint: change the entrypoint in a docker

      • trojanize: inject a reverser shell into a docker image

      • user: change running user in a docker image

What’s the difference from Clair or Docker Cloud?

The purpose of Dockerscan is different. It’s focussed in the attack phase.

Although Dockescan has some functionalities to detect vulnerabilities in Docker images and Docker registries, the objective is the attack.

Documentation

Documentation is still in progress… sorry!

For the moment we only have the slides presented at RootedCON Spain, the conference where Docker Scan was presented:

https://www.slideshare.net/secret/fxVqD2iXqanOCX

Or you can watch it in video format (recommended):

https://youtu.be/OwX1e4y4JMk

Also, you can watch a dockerscan usage demo:

https://youtu.be/UvtBGIb3E3o

Contributing

Any collaboration is welcome!

There are many tasks to do. You can check the Issues and send us a Pull Request.

License

This project is distributed under BSD license

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dockerscan-1.0.0a3.tar.gz (32.8 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page