Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers.
Exposing the docker API on the internet is a tremendous risk, as it can let malicious agents get information on all of the other containers, images and system, as well as potentially getting privileged access to the whole system if the image uses the root
user.
Install
From a release
Set the:
GORSAIR_VERSION
to whatever release you are interested inOS
to your operating system (linux
,windows
ordarwin
)ARCH
to your architecture (amd64
,arm
, orppc64le
)
And then run the following command to install gorsair.
curl -sS https://github.com/Ullaakut/Gorsair/releases/download/$GORSAIR_VERSION/gorsair_$OS_$ARCH --output /usr/local/bin/gorsair && chmod +x /usr/local/bin/gorsair
From the sources
- Make sure that you have a go version that supports modules (versions 1.11 and above)
- Make sure that your environment contains the
GO111MODULE
variable set toon
- Run
go build -o /usr/local/bin/gorsair cmd/*.go
from....
Author
- BlogMay 2, 2022Lupo - Malware IOC Extractor and Debugging module for Malware Analysis Automation
- BlogMay 2, 2022DDexec - a technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process
- BlogApril 28, 2022ADReaper - A fast enumeration tool for Windows Active Directory Pentesting written in Go
- BlogApril 27, 2022Shhhloader - SysWhispers Shellcode Loader
Subscribe
0 Comments
Newest