GitHub - cr0hn/dockerscan: Docker security analysis & hacking tools

dockerscan

dockerscan: A Docker analysis & hacking tools

Project site	http://github.com/cr0hn/dockerscan
Issues	https://github.com/cr0hn/dockerscan/issues/
Author	Daniel Garcia (cr0hn) / Roberto Munoz (robskye)
Documentation	http://dockerscan.readthedocs.org
Last Version	1.0.0-Alpha-02
Python versions	3.5 or above

Support this project

Support this project (to solve issues, new features...) by applying the Github "Sponsor" button.

What's dockerscan

A Docker analysis tools

Very quick install

> python3.5 -m pip install -U pip
> python3.5 -m pip install dockerscan

Show options:

> dockerscan -h

Available actions

Currently Docker Scan support these actions:

Scan: Scan a network trying to locate Docker Registries
Registry
- Delete: Delete remote image / tag
- Info: Show info from remote registry
- Push: Push an image (like Docker client)
- Upload: Upload a random file
Image
- Analyze: Looking for sensitive information in a Docker image.
  - Looking for passwords in environment vars.
  - Try to find any URL / IP in the environment vars.
  - Try to deduce the user used internally to run the software. This is not trivial. If the entry point is a .sh file. Read the file and try to find call to sudo-like: “sudo”, “gosu”, “sh -u”… And report the user found.
- Extract: extract a docker image
- Info: Get a image meta information
- Modify:
  - entrypoint: change the entrypoint in a docker
  - trojanize: inject a reverser shell into a docker image
  - user: change running user in a docker image

What's the difference from Clair or Docker Cloud?

The purpose of Dockerscan is different. It's foccussed in the attack phase.

Although Dockescan has some functionalities to detect vulnerabilities in Docker images and Docker registries, the objective is the attack.

Documentation

Documentation is still in progress... sorry!

For the moment we only have the slides presented at RootedCON Spain, the conference where Docker Scan was presented:

https://www.slideshare.net/cr0hn/rootedcon-2017-docker-might-not-be-your-friend-trojanizing-docker-images/1

Or you can watch it in video format (recommended):

https://youtu.be/OwX1e4y4JMk

Also, you can watch a dockerscan usage demo:

https://youtu.be/UvtBGIb3E3o

Contributing

Any collaboration is welcome!

There are many tasks to do. You can check the Issues and send us a Pull Request.

License

This project is distributed under BSD license

Name		Name	Last commit message	Last commit date
Latest commit History 59 Commits
.github		.github
.idea		.idea
doc		doc
dockerscan		dockerscan
test		test
.gitignore		.gitignore
CHANGELOG		CHANGELOG
LICENSE		LICENSE
MANIFEST.in		MANIFEST.in
README.rst		README.rst
codecov.yml		codecov.yml
pytest.ini		pytest.ini
requirements-dev.txt		requirements-dev.txt
requirements-performance.txt		requirements-performance.txt
requirements-runtest.txt		requirements-runtest.txt
requirements.txt		requirements.txt
setup.py		setup.py
tox.ini		tox.ini

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

dockerscan

Support this project

What's dockerscan

Very quick install

Available actions

What's the difference from Clair or Docker Cloud?

Documentation

Contributing

License

About

Releases

Sponsor this project

Packages

Contributors 5

Languages

License

cr0hn/dockerscan

Folders and files

Latest commit

History

Repository files navigation

dockerscan

Support this project

What's dockerscan

Very quick install

Available actions

What's the difference from Clair or Docker Cloud?

Documentation

Contributing

License

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Sponsor this project

Packages 0

Contributors 5

Languages

Packages