pussycat0x
GitHub
commit
cd6c80dd5f
|
|
@ -0,0 +1,40 @@
|
||||||
|
id: docker-daemon-exposed
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Docker Daemon Exposed
|
||||||
|
author: Arm!tage
|
||||||
|
severity: critical
|
||||||
|
description: |
|
||||||
|
Docker Daemon exposed on the network map can help remote attacker to gain access to the Docker containers and potentially the host system.
|
||||||
|
metadata:
|
||||||
|
max-request: 1
|
||||||
|
shodan-query: port:2375 product:"docker"
|
||||||
|
fofa-query: app="docker-Daemon" && port="2375"
|
||||||
|
verified: true
|
||||||
|
tags: docker,exposure,misconfig
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
GET /version HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /v{{version}}/containers/json HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'status_code_2 == 200'
|
||||||
|
- 'contains(body_1, "ApiVersion") && contains(body_1, "GitCommit") && contains(body_1, "GoVersion") && contains(body_1, "KernelVersion")'
|
||||||
|
- 'contains(body_2, "Id") && contains(body_2, "Names") && contains(body_2, "Image") && contains(body_2, "Command") && contains(body_2, "PrivatePort") && contains(body_2, "PublicPort") || contains(body_2, "[]")'
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: regex
|
||||||
|
name: version
|
||||||
|
group: 1
|
||||||
|
regex:
|
||||||
|
- '"ApiVersion":"(.*?)"'
|
||||||
|
internal: true
|
||||||
Loading…
Reference in New Issue