lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <etPan.58bdfe97.7dc82d0.383@cr0hn.com>
Date: Tue, 7 Mar 2017 01:28:07 +0100
From: cr0hn <cr0hn@...hn.com>
To: fulldisclosure@...lists.org
Subject: [FD] [Tool] Docker Scan: Security analysis tools for Docker Images
 and Docker Registries

Dear colleagues,

Please, let me to introduce Docker Scan -> https://github.com/cr0hn/docke=
rscan

Docker Scan is a Docker security analysis tools for Docker Images and Doc=
ker Registries.

-=3D =46or registries =3D-

-- Delete: Delete remote image / tag
-- Info: Show info from remote registry
-- Push: Push and image (like Docker client)
-- Upload: Upload random a file

-=3D Docker Images =3D-

-- Analyze: Looking for sensitive information in a Docker image.
-- Extract: extract a docker image
-- Info: Get a image meta information
-- Modify Images:
---- entrypoint: change the entrypoint in a docker
=E2=80=94=E2=80=94 ** trojanize: inject a reverser shell into a docker im=
age**
---- user: change running user in a docker image

Docker Scan is still in development and released in Alpha version, but is=
 functional.=C2=A0

Currently the only documentation is the command line, but we're working o=
n it.

Please, feel free to start using it and we would be thankful for any type=
 =C2=A0
of feedback. =C2=A0

Best regards,=C2=A0


--- =20
Daniel Garc=C3=ADa (cr0hn)
Security researcher and ethical hacker

Personal site: http://cr0hn.com(http://cr0hn.com/) =20
Linkedin: https://www.linkedin.com/in/garciagarciadaniel =20
Company: http://abirtone.com(http://abirtone.com/) =20

Twitter: =40ggdaniel(https://twitter.com/ggdaniel) =20


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ