-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Mohammed Diaa
committed
Jun 6, 2022
0 parents
commit 8a79e4d
Showing
58,668 changed files
with
4,763,425 additions
and
0 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| <h1 align="center">Containers <a href="https://twitter.com/intent/tweet?text=Trickest%20Containers%20-%20Automated%20weakness%20enumeration%20of%20the%20world's%20most%20popular%20Docker%20images%0A%0Ahttps%3A%2F%2Fgithub.com%2Ftrickest%2Fcontainers&hashtags=docker,bugbountytips,infosec"><img src="https://img.shields.io/badge/Tweet--lightgrey?logo=twitter&style=social" alt="Tweet" height="20"/></a></h1> | ||
| <h3 align="center">Automated privilege escalation of the world's most popular Docker images</h3> | ||
|
|
||
| This repository contains the results of a Trickest workflow that performs a collection of multiple types of security checks and vulnerability tests on DockerHub's top 100 most downloaded images. The tests include (but are not limited to): | ||
| - Checking for the usage of outdated software with known exploits | ||
| - Searching for developer tools installed | ||
| - Getting the base OS | ||
| - `cat`ing the `/etc/passwd` and `/etc/shadow` in search for [blank passwords](https://www.securityweek.com/no-root-password-20-popular-docker-containers) | ||
| - Finding files owned by root user | ||
| - Searching for `guid` and `suid` executables | ||
| - Searching for hidden files, package names, world writable files and folders | ||
| - Enumerating password policies and SSL sertificates | ||
| - Enumeration of [GTFOBins](https://gtfobins.github.io/) | ||
| - Scanning for open ports | ||
| - [Add your own tests!](https://github.com/trickest/containers/issues/new) | ||
|
|
||
| ## How it Works | ||
| A [Trickest](https://trickest.com) workflow collects a list of DockerHub's most used images and their tags. Then it uses a collection of [custom scripts](tests) and a couple of open-source tools like [trivy](https://github.com/aquasecurity/trivy) to get an overview of each image's security posture and overall attack surface. | ||
|
|
||
|  | ||
|
|
||
| ### TB; DZ (Too big; didn't zoom) | ||
| - We start by enumerating a list of the most popular images from [DockerHub](https://docs.docker.com/docker-hub/api/latest) - this step can be modified to pull images from other (potentially private) image repositories as well. | ||
| - Once collected, Trickest's Docker-in-Docker integration is used to pull all tags of each image. | ||
| - Then a series of tests are run on each image: | ||
| - [Trivy](https://github.com/aquasecurity/trivy) is used to find outdated software (thanks [aquasecurity](https://github.com/aquasecurity)!) | ||
| - 💡 Tip: [CVEs](https://github.com/trickest/cve) repository is hyperlinked for CVEs that have POCs! | ||
| - [A few shell scripts](tests) are also included to carry out other tests and collect other data (Contributions are welcome!) | ||
| - In the end, each test's results are written to a simple report and pushed to this repository. | ||
| - As with most of [our](https://github.com/trickest/cve) [previous](https://github.com/trickest/inventory) [projects](https://github.com/trickest/resolvers), this workflow is scheduled to run constantly and always have up-to-date results. | ||
|
|
||
| ## Contribution | ||
| All contributions/ideas/suggestions are welcome! Feel free to create a new ticket via [GitHub issues](https://github.com/trickest/resolvers/issues), tweet at us [@trick3st](https://twitter.com/trick3st), or join the conversation on [Discord](https://discord.gg/7HZmFYTGcQ). | ||
|
|
||
| ## Build your own workflows! | ||
| We believe in the value of tinkering. Sign up for a demo on [trickest.com](https://trickest.com) to customize this workflow to your use case, get access to many more workflows, or build your own from scratch! |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| # [adminer:4-fastcgi](https://hub.docker.com/_/adminer?tab=tags) | ||
|  | ||
|  | ||
| -blue) | ||
| --- | ||
| <p> | ||
| Database management in a single PHP file. | ||
| </p> | ||
|
|
||
| ## CVEs | ||
| ### Critical (0) | ||
| #### With POC | ||
|
|
||
| #### Without POC | ||
|
|
||
|
|
||
| ### High (2) | ||
| #### With POC | ||
| [](https://github.com/trickest/cve/blob/main/2022/CVE-2022-1271.md) | ||
| #### Without POC | ||
| [](https://github.com/trickest/cve/blob/main/2022/CVE-2022-1552.md) | ||
|
|
||
| ### Medium (4) | ||
| #### With POC | ||
| [](https://github.com/trickest/cve/blob/main/2022/CVE-2022-22576.md)[](https://github.com/trickest/cve/blob/main/2022/CVE-2022-27776.md)[](https://github.com/trickest/cve/blob/main/2022/CVE-2022-27774.md) | ||
| #### Without POC | ||
| [](https://github.com/trickest/cve/blob/main/2022/CVE-2022-29824.md) | ||
|
|
||
| ### Low (1) | ||
| #### With POC | ||
| [](https://github.com/trickest/cve/blob/main/2022/CVE-2022-27775.md) | ||
| #### Without POC | ||
| [](https://github.com/trickest/cve/blob/main/2022/CVE-2022-29824.md) | ||
|
|
||
| ## Tests | ||
| * [path executables](reports/path-executables.txt) | ||
| * [gtfo](reports/gtfo.txt) | ||
| * [hidden files](reports/hidden-files.txt) | ||
| * [no poc cve](reports/no-poc-cve.txt) | ||
| * [cve](reports/cve.txt) | ||
| * [etc issue](reports/etc-issue.txt) | ||
| * [root structure](reports/root-structure.txt) | ||
| * [etc release](reports/etc-release.txt) | ||
| * [etc shadow](reports/etc-shadow.txt) | ||
| * [guid executables](reports/guid-executables.txt) | ||
| * [exposed ports](reports/exposed-ports.txt) | ||
| * [package names](reports/package-names.txt) | ||
| * [dev tools](reports/dev-tools.txt) | ||
| * [world writable files](reports/world-writable-files.txt) | ||
| * [files owned by root](reports/files-owned-by-root.txt) | ||
| * [pass policy](reports/pass-policy.txt) | ||
| * [etc passwd](reports/etc-passwd.txt) | ||
| * [world writable folders](reports/world-writable-folders.txt) | ||
| * [poc cve](reports/poc-cve.txt) | ||
| * [ssl certs](reports/ssl-certs.txt) | ||
| * [suid executables](reports/suid-executables.txt) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| CVE-2022-1271 - HIGH - gzip: arbitrary-file-write vulnerability | ||
| CVE-2022-1552 - HIGH - postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox | ||
| CVE-2022-27775 - LOW - curl: bad local IPv6 connection reuse | ||
| CVE-2022-22576 - MEDIUM - curl: OAUTH2 bearer bypass in connection re-use | ||
| CVE-2022-27776 - MEDIUM - curl: auth/cookie leak on redirect | ||
| CVE-2022-27774 - MEDIUM - curl: credential leak on redirect | ||
| CVE-2022-29824 - MEDIUM - libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| Welcome to Alpine Linux 3.15 | ||
| Kernel \r on an \m (\l) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| root:x:0:0:root:/root:/bin/ash | ||
| bin:x:1:1:bin:/bin:/sbin/nologin | ||
| daemon:x:2:2:daemon:/sbin:/sbin/nologin | ||
| adm:x:3:4:adm:/var/adm:/sbin/nologin | ||
| lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin | ||
| sync:x:5:0:sync:/sbin:/bin/sync | ||
| shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown | ||
| halt:x:7:0:halt:/sbin:/sbin/halt | ||
| mail:x:8:12:mail:/var/mail:/sbin/nologin | ||
| news:x:9:13:news:/usr/lib/news:/sbin/nologin | ||
| uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin | ||
| operator:x:11:0:operator:/root:/sbin/nologin | ||
| man:x:13:15:man:/usr/man:/sbin/nologin | ||
| postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin | ||
| cron:x:16:16:cron:/var/spool/cron:/sbin/nologin | ||
| ftp:x:21:21::/var/lib/ftp:/sbin/nologin | ||
| sshd:x:22:22:sshd:/dev/null:/sbin/nologin | ||
| at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin | ||
| squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin | ||
| xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin | ||
| games:x:35:35:games:/usr/games:/sbin/nologin | ||
| cyrus:x:85:12::/usr/cyrus:/sbin/nologin | ||
| vpopmail:x:89:89::/var/vpopmail:/sbin/nologin | ||
| ntp:x:123:123:NTP:/var/empty:/sbin/nologin | ||
| smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin | ||
| guest:x:405:100:guest:/dev/null:/sbin/nologin | ||
| nobody:x:65534:65534:nobody:/:/sbin/nologin | ||
| www-data:x:82:82:Linux User,,,:/home/www-data:/sbin/nologin | ||
| utmp:x:100:406:utmp:/home/utmp:/bin/false | ||
| adminer:x:101:101:Linux User,,,:/home/adminer:/sbin/nologin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| 3.15.4 | ||
| NAME="Alpine Linux" | ||
| ID=alpine | ||
| VERSION_ID=3.15.4 | ||
| PRETTY_NAME="Alpine Linux v3.15" | ||
| HOME_URL="https://alpinelinux.org/" | ||
| BUG_REPORT_URL="https://bugs.alpinelinux.org/" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| root:!::0::::: | ||
| bin:!::0::::: | ||
| daemon:!::0::::: | ||
| adm:!::0::::: | ||
| lp:!::0::::: | ||
| sync:!::0::::: | ||
| shutdown:!::0::::: | ||
| halt:!::0::::: | ||
| mail:!::0::::: | ||
| news:!::0::::: | ||
| uucp:!::0::::: | ||
| operator:!::0::::: | ||
| man:!::0::::: | ||
| postmaster:!::0::::: | ||
| cron:!::0::::: | ||
| ftp:!::0::::: | ||
| sshd:!::0::::: | ||
| at:!::0::::: | ||
| squid:!::0::::: | ||
| xfs:!::0::::: | ||
| games:!::0::::: | ||
| cyrus:!::0::::: | ||
| vpopmail:!::0::::: | ||
| ntp:!::0::::: | ||
| smmsp:!::0::::: | ||
| guest:!::0::::: | ||
| nobody:!::0::::: | ||
| www-data:!:19087:0:99999:7::: | ||
| utmp:!:19101:0:99999:7::: | ||
| adminer:!:19101:0:99999:7::: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| 9000/tcp |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,82 @@ | ||
| /sbin/arp | ||
| /bin/ash | ||
| /usr/bin/awk | ||
| /bin/base64 | ||
| /bin/busybox | ||
| /usr/bin/bzip2 | ||
| /bin/cat | ||
| /bin/chmod | ||
| /bin/chown | ||
| /usr/sbin/chroot | ||
| /usr/bin/cmp | ||
| /usr/bin/comm | ||
| /bin/cp | ||
| /usr/bin/cpio | ||
| /usr/bin/crontab | ||
| /usr/bin/curl | ||
| /usr/bin/cut | ||
| /bin/date | ||
| /bin/dd | ||
| /usr/bin/diff | ||
| /bin/dmesg | ||
| /bin/ed | ||
| /usr/bin/env | ||
| /usr/bin/expand | ||
| /usr/bin/find | ||
| /usr/bin/flock | ||
| /usr/bin/fold | ||
| /bin/grep | ||
| /bin/gzip | ||
| /usr/bin/hd | ||
| /usr/bin/head | ||
| /usr/bin/hexdump | ||
| /usr/bin/iconv | ||
| /usr/bin/install | ||
| /bin/ionice | ||
| /sbin/ip | ||
| /sbin/ldconfig | ||
| /usr/bin/less | ||
| /bin/ln | ||
| /bin/more | ||
| /bin/mount | ||
| /bin/mv | ||
| /usr/bin/nc | ||
| /bin/nice | ||
| /usr/bin/nl | ||
| /usr/bin/nohup | ||
| /usr/bin/nsenter | ||
| /usr/bin/od | ||
| /usr/bin/openssl | ||
| /usr/bin/openvt | ||
| /usr/bin/paste | ||
| /usr/local/bin/php | ||
| /bin/ping | ||
| /bin/rev | ||
| /bin/run-parts | ||
| /bin/sed | ||
| /usr/bin/shuf | ||
| /usr/bin/sort | ||
| /usr/bin/split | ||
| /usr/bin/strings | ||
| /bin/su | ||
| /sbin/sysctl | ||
| /usr/bin/tac | ||
| /usr/bin/tail | ||
| /usr/bin/tar | ||
| /usr/bin/tee | ||
| /usr/bin/time | ||
| /usr/bin/timeout | ||
| /usr/bin/top | ||
| /usr/bin/unexpand | ||
| /usr/bin/uniq | ||
| /usr/bin/unshare | ||
| /usr/bin/uudecode | ||
| /usr/bin/uuencode | ||
| /usr/bin/vi | ||
| /bin/watch | ||
| /usr/bin/wc | ||
| /usr/bin/wget | ||
| /usr/bin/whois | ||
| /usr/bin/xargs | ||
| /usr/bin/xxd | ||
| /usr/bin/xz |
Empty file.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| CVE-2022-1552 - HIGH - postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox | ||
| CVE-2022-29824 - MEDIUM - libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write |
Empty file.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| /usr/local/bin/entrypoint.sh | ||
| /usr/local/sbin/php-fpm | ||
| /usr/local/bin/entrypoint.sh | ||
| /usr/local/bin/docker-php-ext-enable | ||
| /usr/local/bin/docker-php-ext-configure | ||
| /usr/local/bin/docker-php-ext-install | ||
| /usr/local/bin/docker-php-entrypoint | ||
| /usr/local/bin/peardev | ||
| /usr/local/bin/phpize | ||
| /usr/local/bin/pear | ||
| /usr/local/bin/php | ||
| /usr/local/bin/php-config | ||
| /usr/local/bin/pecl | ||
| /usr/local/bin/phar.phar | ||
| /usr/local/bin/docker-php-source | ||
| /usr/sbin/update-ca-certificates | ||
| /usr/bin/wget | ||
| /usr/bin/ldd | ||
| /usr/bin/scanelf | ||
| /usr/bin/getent | ||
| /usr/bin/iconv | ||
| /usr/bin/getconf | ||
| /usr/bin/ssl_client | ||
| /usr/bin/idn2 | ||
| /usr/bin/odbc_config | ||
| /usr/bin/isql | ||
| /usr/bin/fisql | ||
| /usr/bin/freebcp | ||
| /usr/bin/slencheck | ||
| /usr/bin/bsqldb | ||
| /usr/bin/defncopy | ||
| /usr/bin/tsql | ||
| /usr/bin/bsqlodbc | ||
| /usr/bin/dltest | ||
| /usr/bin/odbcinst | ||
| /usr/bin/datacopy | ||
| /usr/bin/iusql | ||
| /usr/bin/osql | ||
| /usr/bin/tdspool | ||
| /usr/bin/gnu-iconv | ||
| /usr/bin/lzmainfo | ||
| /usr/bin/c_rehash | ||
| /usr/bin/xzless | ||
| /usr/bin/xzdec | ||
| /usr/bin/openssl | ||
| /usr/bin/xzdiff | ||
| /usr/bin/lzmadec | ||
| /usr/bin/xz | ||
| /usr/bin/curl | ||
| /usr/bin/xzmore | ||
| /usr/bin/xzgrep | ||
| /sbin/apk | ||
| /sbin/ldconfig | ||
| /sbin/mkmntdirs | ||
| /bin/busybox | ||
| /bin/tar |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| CVE-2022-1271 - HIGH - gzip: arbitrary-file-write vulnerability | ||
| CVE-2022-27775 - LOW - curl: bad local IPv6 connection reuse | ||
| CVE-2022-22576 - MEDIUM - curl: OAUTH2 bearer bypass in connection re-use | ||
| CVE-2022-27776 - MEDIUM - curl: auth/cookie leak on redirect | ||
| CVE-2022-27774 - MEDIUM - curl: credential leak on redirect |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| adminer.php | ||
| designs | ||
| index.php | ||
| plugin-loader.php | ||
| plugins | ||
| plugins-enabled |
Oops, something went wrong.