-
Notifications
You must be signed in to change notification settings - Fork 1
/
dockerscanner.py
120 lines (105 loc) · 5.22 KB
/
dockerscanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
import os
import json
import sys
import argparse
import requests
# pulls Docker Images from unauthenticated docker registry api.
# and checks for docker misconfigurations.
apiversion = "v2"
final_list_of_blobs = []
# Disable insecure request warning
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
parser = argparse.ArgumentParser()
parser.add_argument('-u', '--url', action="store", dest="url", help="URL Endpoint for Docker Registry API v2. Eg https://IP:Port", default="spam")
options = parser.parse_args()
url = options.url
def list_repos():
try:
req = requests.get(url + "/" + apiversion + "/_catalog", verify=False)
req.raise_for_status()
return json.loads(req.text)["repositories"]
except (requests.exceptions.RequestException, json.decoder.JSONDecodeError) as e:
print(f"[-] Error: {e}")
sys.exit()
def find_tags(reponame):
try:
req = requests.get(url + "/" + apiversion + "/" + reponame + "/tags/list", verify=False)
req.raise_for_status()
print("\n")
data = json.loads(req.content)
if "tags" in data:
return data["tags"]
except (requests.exceptions.RequestException, json.decoder.JSONDecodeError) as e:
print(f"[-] Error: {e}")
sys.exit()
def list_blobs(reponame, tag):
try:
req = requests.get(url + "/" + apiversion + "/" + reponame + "/manifests/" + tag, verify=False)
req.raise_for_status()
data = json.loads(req.content)
if "fsLayers" in data:
for x in data["fsLayers"]:
curr_blob = x['blobSum'].split(":")[1]
if curr_blob not in final_list_of_blobs:
final_list_of_blobs.append(curr_blob)
except (requests.exceptions.RequestException, json.decoder.JSONDecodeError) as e:
print(f"[-] Error: {e}")
sys.exit()
def download_blobs(reponame, blobdigest, dirname):
try:
req = requests.get(url + "/" + apiversion + "/" + reponame + "/blobs/sha256:" + blobdigest, verify=False)
req.raise_for_status()
filename = "%s.tar.gz" % blobdigest
with open(dirname + "/" + filename, 'wb') as test:
test.write(req.content)
except (requests.exceptions.RequestException, json.decoder.JSONDecodeError) as e:
print(f"[-] Error: {e}")
sys.exit()
def main():
print(r"""
$$$$$$$\ $$\ $$$$$$\
$$ __$$\ $$ | $$ __$$\
$$ | $$ | $$$$$$\ $$$$$$$\ $$ | $$\ $$$$$$\ $$$$$$\ $$ / \__| $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\
$$ | $$ |$$ __$$\ $$ _____|$$ | $$ |$$ __$$\ $$ __$$\\$$$$$$\ $$ _____|\____$$\ $$ __$$\ $$ __$$\ $$ __$$\ $$ __$$\
$$ | $$ |$$ / $$ |$$ / $$$$$$ / $$$$$$$$ |$$ | \__|\____$$\ $$ / $$$$$$$ |$$ | $$ |$$ | $$ |$$$$$$$$ |$$ | \__|
$$ | $$ |$$ | $$ |$$ | $$ _$$< $$ ____|$$ | $$\ $$ |$$ | $$ __$$ |$$ | $$ |$$ | $$ |$$ ____|$$ |
$$$$$$$ |\$$$$$$ |\$$$$$$$\ $$ | \$$\ \$$$$$$$\ $$ | \$$$$$$ |\$$$$$$$\\$$$$$$$ |$$ | $$ |$$ | $$ |\$$$$$$$\ $$ |
\_______/ \______/ \_______|\__| \__| \_______|\__| \______/ \_______|\_______|\__| \__|\__| \__| \_______|\__|
Docker Misconfiguration Scanner
created by dhina016
""")
if url != "spam":
list_of_repos = list_repos()
if not list_of_repos:
print("[-] No repositories found. Exiting...")
sys.exit()
print("\n[+] List of Repositories:\n")
for x in list_of_repos:
print(x)
target_repo = input("\nWhich repo would you like to download?: ")
if target_repo in list_of_repos:
tags = find_tags(target_repo)
if tags is not None:
print("\n[+] Available Tags:\n")
for x in tags:
print(x)
target_tag = input("\nWhich tag would you like to download?: ")
if target_tag in tags:
list_blobs(target_repo, target_tag)
dirname = input("\nGive a directory name: ")
os.makedirs(dirname)
print("Now sit back and relax. I will download all the blobs for you in %s directory. \nOpen the directory, unzip all the files and explore like a Boss. " % dirname)
for x in final_list_of_blobs:
print("\n[+] Downloading Blob: %s" % x)
download_blobs(target_repo, x, dirname)
else:
print("No such Tag Available. Qutting....")
else:
print("[+] No Tags Available. Quitting....")
else:
print("No such repo found. Quitting....")
else:
print("\n[-] Please use -u option to define API Endpoint, e.g. https://IP:Port\n")
if __name__ == "__main__":
main()