Docker Engine HTTP API enumeration helpers for env vars, secrets, and images.
Project description
Docker API Enumeration Tools
These scripts query the Docker Engine HTTP API to collect information about containers and secrets.
They are designed for security assessments and administrative auditing, providing quick insights into environment variables, secrets, and general engine configuration.
Warning: Exposing the Docker Engine API without TLS or authentication is a serious security risk.
Use these scripts only against environments you are authorized to assess.
Install
From pip:
pip install docker-enumsensitive
From github:
git clone https://github.com/DefensiveOrigins/DockerEngineAPI-EnumSensitive.git
Scripts
docker-enum-envvars / EnumEnvVars.py`
Enumerates running and stopped containers, extracts their environment variables, and prints them to the console.
Can also save the results in structured JSON.
docker-enum-secrets / EnumSecrets.py
Enumerates Secrets from Docker Swarm mode, attempting to read their values if specified. Can also save the results in structured JSON.
docker-enum-images / EnumImages.py
Inspects the contents of images for sensitive information such as tokens, keys, etc.
Usage
Environment Variables Enumeration
# Local Docker API (default: http://localhost:2375)
python EnumEnvVars.py
docker-enum-envvars
# Remote engine and save to file
python EnumEnvVars.py --url http://docker-host:2375 --out results.json
docker-enum-envvars --url http://docker-host:2375 --out results.json
# Include full /info JSON
python EnumEnvVars.py --show-info-json
docker-enum-envvars --show-info-json
Secrets Enumeration
# Local secrets enumeration
python EnumSecrets.py
docker-enum-secrets
# Remote engine, attempt values, save to file
python EnumSecrets.py --url http://docker-host:2375 --attempt-values --out secrets.json
docker-enum-secrets --url http://docker-host:2375 --attempt-values --out secrets.json
# Include full /info JSON
python EnumSecrets.py --show-info-json
docker-enum-secrets --show-info-json
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file docker_enumsensitive-0.1.7.tar.gz.
File metadata
- Download URL: docker_enumsensitive-0.1.7.tar.gz
- Upload date:
- Size: 9.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fa9120b2f23bd52291fd96f3a6c4308db31587512f2e78b20df32e305acf574e
|
|
| MD5 |
8c3785976635ccaaa4c63084605fef85
|
|
| BLAKE2b-256 |
5eeea0c100bf8166140c7572fd1d3cd9f0bb9df47a992f7c51f47972cb2ddcf3
|
File details
Details for the file docker_enumsensitive-0.1.7-py3-none-any.whl.
File metadata
- Download URL: docker_enumsensitive-0.1.7-py3-none-any.whl
- Upload date:
- Size: 12.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
04a3c71374e69f341c3011d5f85d517a5e2dfac31f6f38fbf2bb510ca2e64ed5
|
|
| MD5 |
c28c1fbe6fb427ef36f8739c65429b20
|
|
| BLAKE2b-256 |
fd4a2d8b72a07c4caad25ea6e7c73a53fb019db9018ca70d867f8976967d2c4c
|
