Gorsair - a tool that hacks its way into remote docker containers that expose their APIs

May 26, 2021
(226 views)

  

Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers.

Exposing the docker API on the internet is a tremendous risk, as it can let malicious agents get information on all of the other containers, images and system, as well as potentially getting privileged access to the whole system if the image uses the root user.

Install

From a release

Set the:

  • GORSAIR_VERSION to whatever release you are interested in
  • OS to your operating system (linuxwindows or darwin)
  • ARCH to your architecture (amd64arm, or ppc64le)

And then run the following command to install gorsair.

curl -sS https://github.com/Ullaakut/Gorsair/releases/download/$GORSAIR_VERSION/gorsair_$OS_$ARCH --output /usr/local/bin/gorsair && chmod +x /usr/local/bin/gorsair

From the sources

  • Make sure that you have a go version that supports modules (versions 1.11 and above)
  • Make sure that your environment contains the GO111MODULE variable set to on
  • Run go build -o /usr/local/bin/gorsair cmd/*.go from....

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.