Fork me on GitHub

Docker Exploitation Framework

Docker Exploitation Framework is an open source security tool designed for penetration testers to help in the exploitation of container environment. It uses a server/agent architecture and has a modularize plugin system. The framework attempts to ease the testing and execution of common container attack scenarios during a security assessment. Currently it supports docker and kubenetes, with future support for other container technology on the roadmap.

🛠️ Brought to you by @libnex and @rohitp92

Plugins Include:


Secret Scavenger

Uber Shell

KubeAudit

Privilege Escalations

Secret Scavenger

Find secrets on remote registry container images. Carry out deep inspection of each File System Layer to uncover secrets that might have been deleted.

Uber Shell

Ever find yourself in a minimalistic container where even basic commands like `ifconfig` and `whoami` doesn't work?
You will ❤️ Uber Shell.

Run Uber Shell on the remote agent. As you type your shell commands, it will automatically provision the container with the necessary cli on demand. Uber shell does this transparently behind the scene without any fuss.

ifconfig? Done. Nmap? No worries. Kubectl? I gotchu.

Kube Audit Integration

Leverage kubeaudit on the remote agent for vulnerability discovery. One Click to launch common audit commands.

Container Escape

Automate privilege escalation by trying common container breakout techniques. Container escape has never been so easy!

Contribute

Github

Clone the project and submit pull requests

GitHub Project

https://github.com/DockerExploitationFramework/DockerExploitationFramework
 - Fork the project
 - Create your feature branch (git checkout -b my-new-feature)
 - Commit your changes (git commit -am 'Added some feature')
 - Push to the branch (git push origin my-new-feature)
 - Create new Pull Request