id: docker-registry info: name: Docker Registry Listing author: puzzlepeaches severity: medium reference: - https://notsosecure.com/anatomy-of-a-hack-docker-registry tags: misconfig,docker,devops metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/v2/_catalog" host-redirects: true max-redirects: 1 matchers-condition: and matchers: - type: word part: body words: - '"repositories":' - type: word part: header words: - "application/json"