Merge pull request #6335 from arafatansari/patch-117

Create exposed-dockerd.yaml
2022-12-20 15:19:56 +05:30 · 2022-12-20 15:19:56 +05:30 · 250c69ea79
parent 22a5431591 5584a179be
commit 250c69ea79
1 changed files with 25 additions and 0 deletions
--- a/network/exposed-dockerd.yaml
+++ b/network/exposed-dockerd.yaml
@ -0,0 +1,25 @@
+id: exposed-dockerd
+
+info:
+  name: Docker Daemon Exposed
+  author: arafat
+  severity: critical
+  description: |
+    Docker Daemon exposed on the network map can help remote attacker to gain access to the Docker containers and potentially the host system.
+  metadata:
+    verified: true
+    shodan-query: port:2375 product:"docker"
+  tags: network,docker
+
+network:
+  - inputs:
+      - data: "Docker:\nVersion:\n"
+
+    host:
+      - "{{Hostname}}"
+      - "{{Host}}:2375"
+
+    matchers:
+      - type: word
+        words:
+          - "Server: Docker"