• Stars
    star
    816
  • Rank 55,881 (Top 2 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Gorsair gives root access on remote docker containers that expose their APIs

Gorsair

Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers.

Exposing the docker API on the internet is a tremendous risk, as it can let malicious agents get information on all of the other containers, images and system, as well as potentially getting privileged access to the whole system if the image uses the root user.

Install

From a release

Set the:

  • GORSAIR_VERSION to whatever release you are interested in
  • OS to your operating system (linux, windows or darwin)
  • ARCH to your architecture (amd64, arm, or ppc64le)

And then run the following command to install gorsair.

curl -sS https://github.com/Ullaakut/Gorsair/releases/download/$GORSAIR_VERSION/gorsair_$OS_$ARCH --output /usr/local/bin/gorsair && chmod +x /usr/local/bin/gorsair

From the sources

  • Make sure that you have a go version that supports modules (versions 1.11 and above)
  • Make sure that your environment contains the GO111MODULE variable set to on
  • Run go build -o /usr/local/bin/gorsair cmd/*.go from the root of this repository

Command line options

  • -t, --targets: Set targets according to the nmap target format. Required. Example: --targets="192.168.1.72,192.168.1.74"
  • -p, --ports: (Default: 2375,2376) Set custom ports.
  • -s, --speed: (Default: 4) Set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. You might also want to keep it low to keep your discovery stealthy. See this for more info on the nmap timing templates.
  • -v, --verbose: Enable more verbose logs.
  • -D, --decoys: List of decoy IP addresses to use (see the decoy section of the nmap documentation)
  • -e, --interface: Network interface to use
  • --proxies: List of HTTP/SOCKS4 proxies to use to deplay connections with (see documentation)
  • -S, --spoof-ip: IP address to use for IP spoofing
  • --spoof-mac: MAC address to use for MAC spoofing
  • -v, --verbose: Enable verbose logging
  • -h, --help: Display the usage information

How can I protect my containers from this attack

  • Avoid putting containers that have access to the docker socket on the internet
  • Avoid using the root account in docker containers

More Repositories

1

cameradar

Cameradar hacks its way into RTSP videosurveillance cameras
Go
3,998
star
2

nmap

Idiomatic nmap library for go developers
Go
914
star
3

astronomer

A tool to detect illegitimate stars from bot accounts on GitHub projects
Go
439
star
4

camerattack

An attack tool designed to remotely disable CCTV camera streams (like in spy movies)
Go
303
star
5

RTSPAllTheThings

Deprecated RTSP media server -- Use github.com/aler9/rtsp-simple-server instead.
C++
272
star
6

disgo

๐Ÿ•บ๐ŸฝSimple output library for go CLIs.
Go
37
star
7

WebRTCCTV

WebRTCCTV is a signaling server & webapp able to stream from RTSP cameras using WebRTC
JavaScript
35
star
8

Hackerbeat

An Elastic Beats for indexing HackerNews posts
Go
17
star
9

GoneyPot

A golang CLI to setup honey pots https://en.wikipedia.org/wiki/Honeypot_(computing)
Go
15
star
10

astrolab

The server which receives and stores Astronomer trust reports, and provides an endpoint to generate GitHub badges.
Go
13
star
11

aoc19

Advent of code solutions for 2019
Go
11
star
12

ShittyRouterRebooter

My motherfucking router's firmware has a memory leak, I can't update the firmware and I don't have admin access on it. Only thing I can do is reboot it.
Shell
7
star
13

gonvey

Gonvey is a simple Go reverse-proxy (don't use it, this was just a coding challenge)
Go
7
star
14

gonut

Go
6
star
15

eagolint

The golang linter for keeping comments punctuated and double-space free. ๐Ÿฆ…
Go
5
star
16

3BP

Three body problem solver rendered in 2d in terminal
Go
5
star
17

IRC

A simple IRC server and a client. -- Don't use this.
C
5
star
18

Bloggo

The blogging CMS for go doggos
Go
5
star
19

FactoriHub

An application for sharing Factorio blueprints and map seeds.
Go
4
star
20

dockurn

Simple docker image to make running turnserver easier without limits
4
star
21

auto-invoice

Repository to automatically generate and send my invoices using the Toggl API and XLSX templates
Go
4
star
22

csvtojson

Go
2
star
23

dps-rosetta-docker

Dockerfile
2
star
24

hk-agent

The HK Agent is a piece of software that runs on your hosts. Its job is to faithfully collect events and metrics and offer basic monitoring and alarming features.
Go
2
star
25

aoc18

Go
2
star
26

Netfu-License-Server-Spoof

This server is a fake license checking service for the Netfu bot
Go
2
star
27

swarmctl-docker

Docker image that builds swarmctl and has it as its entrypoint. Remember to mount your docker socket.
Dockerfile
1
star