id: docker-registry

info:
  name: Docker Registry Listing
  author: puzzlepeaches
  severity: medium
  description: Docker Registry Listing enabled.
  reference:
    - https://notsosecure.com/anatomy-of-a-hack-docker-registry
  metadata:
    max-request: 1
  tags: misconfig,docker,devops

http:
  - method: GET
    path:
      - "{{BaseURL}}/v2/_catalog"

    host-redirects: true
    max-redirects: 1

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"repositories":'

      - type: word
        part: header
        words:
          - "application/json"
# digest: 4a0a0047304502210082461949700d11e4c9606cbf13f9bd77601bc198a99b8fdeec2e6c0c1fc3e09f022036a83afc2ec4f36dfae61150086de7320793ede2f8f7ec9e4b940eb34551d8a4:922c64590222798bb761d5b6d8e72950