Latest Security News

More docker security tools to review

Takenfrom the the morning paper :

https://blog.acolyer.org/2017/04/03/a-study-of-security-vulnerabilities-on-docker-hub/


Tools


To this list we can also add the following (and maybe others I’m not aware of or have forgotten too):
See also Docker’s ‘Benchmark for Security‘ recommendations. Be careful out there!

dockerscan - Docker Security Analysis and Hacking Tools

Interesting tool to test  ( from KitPloit - PenTest Tools!)



dockerscan - Docker Security Analysis and Hacking Tools







What's dockerscan

A Docker analysis tools


Very quick install
> python3.5 -m pip install -U pip
> python3.5 -m pip install dockerscan
Show options:
> dockerscan -h





Available actions
Currently Docker Scan support these actions:
  • Scan: Scan a network trying to locate Docker Registries
  • Registry
    • Delete: Delete remote image / tag
    • Info: Show info from remote registry
    • Push: Push an image (like Docker client)
    • Upload: Upload a random file
  • Image
    • Analyze: Looking for sensitive information in a Docker image.
      • Looking for passwords in environment vars.
      • Try to find any URL / IP in the environment vars.
      • Try to deduce the user used internally to run the software. This is not trivial. If the entry point is a .sh file. Read the file and try to find call to sudo-like: “sudo”, “gosu”, “sh -u”… And report the user found.
    • Extract: extract a docker image
    • Info: Get a image meta information
    • Modify:
      • entrypoint: change the entrypoint in a docker
      • trojanize: inject a reverser shell into a docker image
      • user: change running user in a docker image

What's the difference from Clair or Docker Cloud?
The purpose of Dockerscan is different. It's foccussed in the attack phase.
Although Dockescan has some functionalities to detect vulnerabilities in Docker images and Docker registries, the objective is the attack.


Documentation
Documentation is still in progress...

For the moment we only have the slides presented at RootedCON Spain, the conference where Docker Scan was presented:
https://www.slideshare.net/secret/fxVqD2iXqanOCX

Or you can watch it in video format (recommended):


Also, you can watch a dockerscan usage demo: