Skip to main content

A tool to analyse issues with running docker container(s)

Project description


GitHub Workflow Status GitHub release (latest by date) PyPI - Downloads Libraries.io dependency status for GitHub repo GitHub code size in bytes GitHub
GitHub issues GitHub stars Twitter Follow GitHub followers

DockerENT

DockerENT is activE ruNtime application security scanning Tool (RAST tool) and framework which is pluggable and written in python. It comes with a CLI application and clean Web Interface written with StreamLit.

DockerENT has been designed keeping in mind that during deployments there weak configurations which may get sticky in production deployments as well and can lead to severe consequences. This application connects with running containers in the system and fetches the list of weak and vulnerable runtime configurations and generates a report. If invoked through CLI it can create JSON and HTML report. If invoked through web interface, it can display the scan and audit report in the UI itself.

How to Run

TL;DR

In hurry to test this? Download the latest stable REL from PyPi and run the Web App, everything else is intuitive.

pip install DockerENT

Then run the application like:

DockerENT -w

Thats it.

Run the latest master

DockerENT has been designed to keep simplicity and usability in mind. Currently you just have to clone the repository and download dependencies or build the Dockerfile. Once the dependencies are installed in local system we are good to run the tool and analyse the runtime configurations for running containers.

# Download and setup
git clone https://github.com/r0hi7/DockerENT.git
cd DockerENT
make venv
source venv/bin/activate

# Run
python -m DockerENT --help 
usage: Find the vulnerabilities hidden in your running container(s).
       [-h] [-d [DOCKER_CONTAINER]] [-p [DOCKER_PLUGINS]]
       [-d-nw [DOCKER_NETWORK]] [-p-nw [DOCKER_NW_PLUGINS]] [-w]
       [-n [PROCESS_COUNT]] [-a] [-o [OUTPUT]]

optional arguments:
  -h, --help            show this help message and exit
  -w, --web-app         Run DockerENT in WebApp mode. If this parameter is
                        enabled, other command line flags will be ignored.
  -n [PROCESS_COUNT], --process [PROCESS_COUNT]
                        Run scans in parallel (Process pool count).
  -a, --audit           Flag to check weather to audit results or not.

  -d [DOCKER_CONTAINER], --docker [DOCKER_CONTAINER]
                        Run scan against the running container.
  -p [DOCKER_PLUGINS], --plugins [DOCKER_PLUGINS]
                        Run scan with only specified plugins.
  -p-nw [DOCKER_NW_PLUGINS], --nw-plugins [DOCKER_NW_PLUGINS]
                        Run scan with only specified plugins.

  -d-nw [DOCKER_NETWORK], --docker-network [DOCKER_NETWORK]
                        Run scan against running docker-network.

  -o [OUTPUT], --output [OUTPUT]
                        Output plugin to write data to.

# or via the container
docker build . -t dockerent
docker run -d -v /var/run/docker.sock:/var/run/docker.sock -p 8501:8501 --name dockerent dockerent
# Then just open your browser to http://localhost:8051

See this quick video to get started with.

Features

  • Plugin driven framework.
  • Use low level docker api to interact with running containers.
  • Clean and Easy to Use UI.
  • Comes with 9 docker scan plugins out of which, 6 plugins can audit results.
  • Framework ready to work docker-networks.
  • Output plugins can write to file and html sinks.
  • The only open source interactive docker scanning tool.
  • Can run plugins in parallel.
  • Under active development :smile:.

How to Create your own Plugin.

  • Have some idea to perform runtime scan.
  • Copy the same file to create your demo plugin.
cp DockerENT/docker_plugins/docker_sample_plugin.py DockerENT/docker_plugins/docker_demo_plugin.py
  • Just make sure, you maintain following structure.
_plugin_name = 'demo_plugin'

def scan(container, output_queue, audit=False, audit_queue=None):
    _log.info('Staring {} Plugin ...'.format(_plugin_name_))

    res = {}

    result = {
        'test_class': {
            'TEST_NAME': ['good']
        }
    }

    res[container.short_id] = {
        _plugin_name_: result
    }

    # Do something magical.

    _log.info('Completed execution of {} Plugin.'.format(_plugin_name_))

    '''Make Sure you put dict of following structure in Q.
    {
        'contiainer_id': {
            'plugin_name': {
                'test_name_demo1': {
                    resultss:[]
                },
                'test_name_demo2': {
                    results: []
                }
            }
        }
    }
    '''
    output_queue.put(res)

    if audit:
        _audit(container, res, audit_queue)

def _audit(container, results, audit_queue):
    '''Make Sure to add dict of following structure to Audit Q
    res = {
        "container_id": [
            "_plugin_name_, WARN/INFO/ERROR, details"
        ]
    }
    '''
    # Magical logic to perform Audit.
    audit_queue.put(res)
  • Thats it. Still confused, Explain me the idea in Issues and will review and help you out, or we may end up working on it together.
  • This plugin will automatically come to drop down in UI. :smile: Easy right.
  • Sit back and eval results.

Plugins Features:

Plugin Name Plugin File Feature Audit
CMD_HISTORY File Identify shell history Root history and User shell history
FILESYSTEM File Identify RW File Systems If RW file systems are present.
NETWORK File Identify Network state Identifies All mapped ports.
PLAINTEST_PASSWORD File Identify password in different files
SECURITY_PROFILES File Identify Weak Security Profiles List Weak security profiles.
USER_INFO File Identify user info List permissions in passwd and other sensitive files
SYSTEM_INFO File Identify docker system info No Audit
FILES_INFO File Identify world writeable directories and files List all such files.

CLI interface

Pros

  • Rich Logging interface, can help in easy debugging through extensive debug logs.
  • Can run in parallel, just pass -n <count>, to specify the processors in parallel.
  • Can dump output in JSON and HTML file.

Cons

  • Audit output is not dumped to file.
  • Selecting multiple specific dockers is pain.

UI Interface

Pros

  • Clean, and easy to use UI.
  • Everything at one single page.
  • Ease of selecting multilpe docker images, multilpe plugins and multilpe docker-networks.
  • Audit report present.

Cons

  • Logging interface not Rich.
  • JSON reports are bulky.
  • Rely on third party lib StreamLit, all issues with framework are inherent.

Help Make this tool better

  • Create a PR, Issues are more than welcome.
  • Try it, test it and enhance it.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

DockerENT-0.1.15.tar.gz (19.2 kB view details)

Uploaded Source

Built Distribution

DockerENT-0.1.15-py3-none-any.whl (33.9 kB view details)

Uploaded Python 3

File details

Details for the file DockerENT-0.1.15.tar.gz.

File metadata

  • Download URL: DockerENT-0.1.15.tar.gz
  • Upload date:
  • Size: 19.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.0 requests-toolbelt/0.9.1 tqdm/4.49.0 CPython/3.8.5

File hashes

Hashes for DockerENT-0.1.15.tar.gz
Algorithm Hash digest
SHA256 419541290003a53a9ed0d65cac57b92e1b816f6c1739188a419c81b891567ac7
MD5 a337445dfccbba63038a7c51a365fb17
BLAKE2b-256 318aaee5f25a86a14ef00740a98e4920a3d49eb9d3893f953ec790da7219ab52

See more details on using hashes here.

File details

Details for the file DockerENT-0.1.15-py3-none-any.whl.

File metadata

  • Download URL: DockerENT-0.1.15-py3-none-any.whl
  • Upload date:
  • Size: 33.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.0 requests-toolbelt/0.9.1 tqdm/4.49.0 CPython/3.8.5

File hashes

Hashes for DockerENT-0.1.15-py3-none-any.whl
Algorithm Hash digest
SHA256 dc2a885be9cbafb0e0b6c21517dbfc3e29bd4047b4414db9da85cedee8559ccd
MD5 45c29ef3e45559940094a69856caacf5
BLAKE2b-256 305aa1f8639e1436c73f546359bdc49a909bc28c9dfda2d1ea02f7cd51fd6c6f

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page