DockerScan:
A Docker analysis tools to detect vulnerabilities in Docker images and Docker registries.
Very quick install
> python3.5 -m pip install -U pip > python3.5 -m pip install dockerscan
Show options:
> dockerscan -h
Docker Demo
Available actions
Currently Docker Scan support these actions:
- Scan: Scan a network trying to locate Docker Registries.
- Registry
- Delete: Delete remote image / tag
- Info: Show info from remote registry
- Push: Push an image (like Docker client)
- Upload: Upload a random file
- Image
- Analyze: Looking for sensitive information in a Docker image.
- Looking for passwords in environment vars.
- Try to find any URL / IP in the environment vars.
- Try to deduce the user used internally to run the software. This is not trivial. If the entry point is a .sh file. Read the file and try to find call to sudo-like: “sudo”, “gosu”, “sh -u”… And report the user found.
- Extract: extract a docker image
- Info: Get a image meta information
- Modify:
- entrypoint: change the entrypoint in a docker
- trojanize: inject a reverser shell into a docker image
- user: change running user in a docker image
- Analyze: Looking for sensitive information in a Docker image.
Download Link : https://github.com/cr0hn/dockerscan