If you're running Docker, Kubernetes and both,
You can scan your Nodes, Services, Vulnerabilities even Pods.
# git clone https://github.com/pu1et/doky/
# cd doky
# ./doky.py
default : scan Nodes, Services, Vulnerabilites
--details : scan all Kubernetes Components (Pods, Nodes, Services) and Vulnerabilities
--token TOKEN : scan all Kubernetes Components (Pods, Nodes, Services) and Vulnerabilities using token
This option can also be scanned from the Worker Node
If you haven't modified service account file or don't know your token, you can insert --token default
--service ACCOUNT : scan all Kubernetes Components (Pods, Nodes, Services) and Vulnerabilities using service account
This option can also be scanned from the Worker Node If you haven't modified service account file or don't know your service account, you can insert --service default
--proxy PORT : scan all Kubernetes Components (Pods, Nodes, Services) and Vulnerabilities locally using proxy
You have to specify the port you want to access the Api Server
--docker : scan docker containers and Vulnerabilities only for docker
doky
| doky.py # App entry point
|
└─ src
|- conf # Intialization before Scanning
| |- abcd.py # Create EventQueues(Threads), Create list of Event Classes, Add Objects of Event Class into EventQueues
| └─ objects.py # Define Base Classes
|
└─ test # Scan the Docker or Kubernetes
|- docker # Scan the Docker
| |- detector # Detect the Docker Environment
| | └─ container.py # Detect the Docker Version, Docker images, Docker Containers
| |
| |- printer # Print the Docker
| | |- docker_printer.py # Print out result of Scanning Docker
| | └─ importer.py # Save the Docker Version, Docker images, Docker Vulnerabilities
| |
| └─ scanner # Scan the Docker Vulnerabilities
| └─ cvescanner.py
|
└─ kube # Scan the Kubernetes
|- detector # Detect the Kubernetes Environment
| |- apiserver.py # Scan the API Server of the Master node
| |- auth.py # Using --service, --token option) Scan using the Service account or Token
| |- hosts.py # After Detecting the Subnet of the Node and Pod Interfaces, it creates a list of IP addresses in the Subnet
| |- kube_proxy.py # Using --proxy option) Scan using the Proxy
| |- kubectl.py # Scan the Kubectl Version
| |- kubelet.py # Scan the Kubelet Version
| └─ ports.py # Port Scanning of the list of IP addresses created in the hosts.py
|
|- printer # Print the Kubernetes
| |- importer.py # Save the Kubernetes Pods, Services, Vulnerabilities
| └─ kube_printer.py # Print the result of Scanning Kubernetes
|
└─ scanner # Scan the Kubernetes
|- apiserver.py # Scan the Kubernetes Pods, Services Using API Server
└─ cvescanner.py # Scan the Kubernetes Vulnerabilities
- CVE-2019-9946
- CVE-2019-11243
- CVE-2019-11244
- CVE-2019-1002100
- CVE-2019-1002101
- CVE-2018-1002100
- CVE-2018-1002101
- CVE-2018-1002105
More information about Kubernetes Vulnerabilities >>
- CVE-2017-7308
- CVE-2019-5736
- CVE-2018-15664
- CVE-2018-15514
More information about Docker Vulnerabilities >>
https://www.cvedetails.com/vulnerability-list/vendor_id-13534/product_id-28125/Docker-Docker.html