Monday, June 5, 2017

Docker Security Analysis Tools: dockerscan

1:10 PM Leave a Reply
Docker Security Analysis Tools: dockerscan


Docker Security Analysis Tools



Currently Docker Scan support these actions:



Registry
Delete: Delete remote image / tag
Info: Show info from remote registry
Push: Push and image (like Docker client)
Upload: Upload random a file
Image
Analyze: Looking for sensitive information in a Docker image.
Looking for passwords in environment vars.
Try to find any URL / IP in the environment vars.
Try to deduce the user using internally to run the software. This is not trivial. If the entry point is a .sh file. Read the file and try to find call to sudo-like: “sudo”, “gosu”, “sh -u”… And report the user found.
Extract: extract a docker image
info: Get a image meta information
modify:
entrypoint: change the entrypoint in a docker
trojanize: inject a reverser shell into a docker image
user: change running user in a docker image


Very quick install

> python3.5 -m pip install -U pip
> python3.5 -m pip install dockerscan
Show options:

> dockerscan -h

Download