nuclei-templates/http/exposures/docker-daemon-exposed.yaml

41 lines
1.4 KiB
YAML
Raw Normal View History

2023-12-25 03:08:11 +00:00
id: docker-daemon-exposed
info:
name: Docker Daemon Exposed
author: Arm!tage
severity: critical
description: |
Docker Daemon exposed on the network map can help remote attacker to gain access to the Docker containers and potentially the host system.
metadata:
verified: true
max-request: 2
2023-12-25 03:08:11 +00:00
shodan-query: port:2375 product:"docker"
fofa-query: app="docker-Daemon" && port="2375"
2023-12-25 17:33:42 +00:00
tags: docker,exposure,misconfig
2023-12-25 03:08:11 +00:00
http:
- raw:
2023-12-25 03:31:03 +00:00
- |
GET /version HTTP/1.1
Host: {{Hostname}}
2023-12-25 03:35:22 +00:00
2023-12-25 03:31:03 +00:00
- |
GET /v{{version}}/containers/json HTTP/1.1
Host: {{Hostname}}
2023-12-25 03:08:11 +00:00
matchers:
2023-12-27 07:45:53 +00:00
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(body_1, "ApiVersion") && contains(body_1, "GitCommit") && contains(body_1, "GoVersion") && contains(body_1, "KernelVersion")'
- 'contains(body_2, "Id") && contains(body_2, "Names") && contains(body_2, "Image") && contains(body_2, "Command") && contains(body_2, "PrivatePort") && contains(body_2, "PublicPort") || contains(body_2, "[]")'
2023-12-26 02:28:10 +00:00
condition: and
2023-12-26 02:31:41 +00:00
2023-12-25 03:08:11 +00:00
extractors:
- type: regex
name: version
group: 1
regex:
- '"ApiVersion":"(.*?)"'
internal: true
# digest: 4a0a0047304502204626aa849bc6837c86c193b5794710f7b01316c525f17924e8db7aa818772ec9022100f3c6d104e7d268933dbfbacd0b3ddf8049a9cc7fec4d9487cebbdc93877883d5:922c64590222798bb761d5b6d8e72950