dockerscan: Docker security analysis & hacking tools – Penetration Testing


dockerscan: A Docker analysis & hacking tools

Project site



Daniel Garcia (cr0hn) / Roberto Munoz (robskye)


Last Version


Python versions

3.5 or above

What’s dockerscan

A Docker analysis tools

Very quick install

> python3.5 -m pip install -U pip
> python3.5 -m pip install dockerscan

Show options:


Available actions

Currently, Docker Scan supports these actions:

Scan: Scan a network trying to locate Docker Registries


Delete: Delete remote image / tag

Info: Show info from remote registry

Push: Push an image (like Docker client)

Upload: Upload a random file


Analyze: Looking for sensitive information in a Docker image.

Looking for passwords in environment vars.

Try to find any URL / IP in the environment vars.

Try to deduce the user used internally to run the software. This is not trivial. If the entry point is a .sh file. Read the file and try to find call to sudo-like: “sudo”, “gosu”, “sh -u”… And report the user found.

Extract: extract a docker image

Info: Get a image meta information


entrypoint: change the entrypoint in a docker

trojanize: inject a reverser shell into a docker image

user: change running user in a docker image

What’s the difference from Clair or Docker Cloud?

The purpose of Dockerscan is different. It’s foccussed in the attack phase.

Although Dockescan has some functionalities to detect vulnerabilities in Docker images and Docker registries, the objective is the attack.


Documentation is still in progress… sorry!

For the moment we only have the slides presented at RootedCON Spain, the conference where Docker Scan was presented:

Or you can watch it in video format (recommended):

Also, you can watch a dockerscan usage demo:


The post dockerscan: Docker security analysis & hacking tools appeared first on Penetration Testing.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s