Dockerscan – A docker security analysis suite!

What better way to kick off the first blog post than talk about a tool which deals with Docker security. Docker is an open-source project that automates the deployment of applications inside software containers. These containers bundle up pieces of software in a complete filesystem that has everything it needs to run, so that you can package your applications into a singular unit. This is where Dockerscan comes into the picture.

Dockerscan
Dockerscan

What is Dockerscan?

Dockerscan is a set of tools written in Python which helps you perform security analysis of docker containers and if you want, even trojanize them! This tool has the BSD clause and helps you perform activities such as change environment vars, change entry point, add new files, modify existing files, analyse the image, and lastly, extract content from the container. Just imagine all that you can do with this tool! To be precise as the tool author puts it, can currently perform the following:

  • Registry
    Delete: Delete remote image / tag
    Info: Show information from remote registry
    Push: Push an image (like Docker client)
    Upload: Upload random a file
  • Image/container:
    Analyze: Look for sensitive information in a Docker image.
    Extract: Extract a docker image
    Info: Get image meta information
  • Modify:
    Entrypoint: Change the entrypoint in a docker
    Trojanize: Inject a reverse shell into a docker image
    User: Change running user in a docker image

Aren’t you already interested? All this tool needs is Python3.5 in addition to the data modeling and validation library – booby-ng and some more. Have a look at the requirements file and use pip to install them and you are good to go! This tool was released just today at the RootedCON!

Install Dockerscan:

Simply checkout the Git repository and install the requirements:

python3.5 -m pip install dockerscan

More information about Dockerscan can be found here.