Gorsair hacks its way into remote docker containers that expose their APIs

Overview

Gorsair

Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers.

Exposing the docker API on the internet is a tremendous risk, as it can let malicious agents get information on all of the other containers, images and system, as well as potentially getting privileged access to the whole system if the image uses the root user.

Install

From a release

Set the:

  • GORSAIR_VERSION to whatever release you are interested in
  • OS to your operating system (linux, windows or darwin)
  • ARCH to your architecture (amd64, arm, or ppc64le)

And then run the following command to install gorsair.

curl -sS https://github.com/Ullaakut/Gorsair/releases/download/$GORSAIR_VERSION/gorsair_$OS_$ARCH --output /usr/local/bin/gorsair && chmod +x /usr/local/bin/gorsair

From the sources

  • Make sure that you have a go version that supports modules (versions 1.11 and above)
  • Make sure that your environment contains the GO111MODULE variable set to on
  • Run go build -o /usr/local/bin/gorsair cmd/*.go from the root of this repository

Command line options

  • -t, --targets: Set targets according to the nmap target format. Required. Example: --targets="192.168.1.72,192.168.1.74"
  • -p, --ports: (Default: 2375,2376) Set custom ports.
  • -s, --speed: (Default: 4) Set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. You might also want to keep it low to keep your discovery stealthy. See this for more info on the nmap timing templates.
  • -v, --verbose: Enable more verbose logs.
  • -D, --decoys: List of decoy IP addresses to use (see the decoy section of the nmap documentation)
  • -e, --interface: Network interface to use
  • --proxies: List of HTTP/SOCKS4 proxies to use to deplay connections with (see documentation)
  • -S, --spoof-ip: IP address to use for IP spoofing
  • --spoof-mac: MAC address to use for MAC spoofing
  • -v, --verbose: Enable verbose logging
  • -h, --help: Display the usage information

How can I protect my containers from this attack

  • Avoid putting containers that have access to the docker socket on the internet
  • Avoid using the root account in docker containers
Issues
  • Install error

    Install error

    Hello,

    When I run "go install" I'm receiving the following error.

    can't load package: package github.com/Ullaakut/Gorsair: unknown import path "github.com/Ullaakut/Gorsair": cannot find module providing package github.com/Ullaakut/Gorsair

    opened by vitalysim 4
  • 同学,您这个项目引入了191个开源组件,存在7个漏洞,辛苦升级一下

    同学,您这个项目引入了191个开源组件,存在7个漏洞,辛苦升级一下

    检测到 Ullaakut/Gorsair 一共引入了191个开源组件,存在7个漏洞

    漏洞标题:Docker 路径遍历漏洞
    缺陷组件:github.com/docker/[email protected]
    漏洞编号:CVE-2014-9356
    漏洞描述:Docker是美国Docker公司的一款开源的应用容器引擎。该产品支持在Linux系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。
    Docker 1.3.3之前版本中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
    影响范围:(∞, 1.3.3)
    最小修复版本:1.3.3
    缺陷组件引入路径:[email protected]>github.com/docker/[email protected]
    

    另外还有7个漏洞,详细报告:https://mofeisec.com/jr?p=ae8c99

    opened by ghost 2
  • Are you trying to connect to a TLS-enabled daemon without TLS?

    Are you trying to connect to a TLS-enabled daemon without TLS?

    Vulnerable docker API found: Endpoint address: xx.xxxx.xxxx.xxxx Endpoint API port: 2376 Docker version: UNKNOWN Docker API was unreachable: Get http://xxxx.xxx.xxx.xxxx:2376/v1.39/info: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02".

    • Are you trying to connect to a TLS-enabled daemon without TLS?

    Any setting to remediate this? I saw in this article need to set the environment to enable TLS for client https://tech.paulcz.net/blog/secure-docker-with-tls/

    waiting for answer 
    opened by hareez12 2
  • Fail when downloading Gorsair: syntax error near unexpected token `<'

    Fail when downloading Gorsair: syntax error near unexpected token `<'

    After I run: curl https://github.com/Ullaakut/Gorsair/releases/download/1.1.0/gorsair_linux_amd64 --output /usr/local/bin/gorsair

    and chmod 777 /usr/local/bin/gorsair.

    I run gorsair and I get an error:

    /usr/local/bin/gorsair: line 1: syntax error near unexpected token `<'
    /usr/local/bin/gorsair: line 1: `<html><body>You are being <a href="https://github-production-release-asset-2e65be.s3.amazonaws.com/143321747/f74b3900-2d70-11e9-8129-9506787cd596?X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190214%2Fus-east-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20190214T143347Z&amp;X-Amz-Expires=300&amp;X-Amz-Signature=0783c1cf5b49ae9ce92c677a923efa3f613060f1d9e67719f35d4e5801a33c4f&amp;X-Amz-SignedHeaders=host&amp;actor_id=0&amp;response-content-disposition=attachment%3B%20filename%3Dgorsair_linux_amd64&amp;response-content-type=application%2Foctet-stream">redirected</a>.</body></html>'
    

    It seems that the command you mentioned on the main page doesn't download the file correctly.

    bug 
    opened by mydockergit 2
  • Bump github.com/spf13/pflag from 1.0.3 to 1.0.4

    Bump github.com/spf13/pflag from 1.0.3 to 1.0.4

    Bumps github.com/spf13/pflag from 1.0.3 to 1.0.4.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)

    Finally, you can contact us by mentioning @dependabot.

    dependencies 
    opened by dependabot-preview[bot] 1
  • Add docker API integration to exploit docker socket

    Add docker API integration to exploit docker socket

    Currently, the user is given commands to run themselves. It would be better to:

    • [x] Exploit the docker socket using the docker library in order to gather more precise information on the system (what is available through docker info, docker ps -a and docker images for example.)
    • [x] Attempt to gain root access for the user and open an interactive terminal on the container within gorsair
    enhancement 
    opened by Ullaakut 1
  • Bump github.com/spf13/cobra from 1.4.0 to 1.5.0

    Bump github.com/spf13/cobra from 1.4.0 to 1.5.0

    Bumps github.com/spf13/cobra from 1.4.0 to 1.5.0.

    Release notes

    Sourced from github.com/spf13/cobra's releases.

    v1.5.0

    Spring 2022 Release 🌥️

    Hello everyone! Welcome to another release of cobra. Completions continue to get better and better. This release adds a few really cool new features. We also continue to patch versions of our dependencies as they become available via dependabot. Happy coding!

    Active help 👐🏼

    Shout out to @​marckhouzam for a big value add: Active Help spf13/cobra#1482. With active help, a program can provide some inline warnings or hints for users as they hit tab. Now, your CLIs can be even more intuitive to use!

    Currently active help is only supported for bash V2 and zsh. Marc wrote a whole guide on how to do this, so make sure to give it a good read to learn how you can add this to your cobra code! https://github.com/spf13/cobra/blob/master/active_help.md

    Group flags 🧑🏼‍🤝‍🧑🏼

    Cobra now has the ability to mark flags as required or exclusive as a group. Shout out to our newest maintainer @​johnSchnake for this! spf13/cobra#1654 Let's say you have a username flag that MUST be partnered with a password flag. Well, now, you can enforce those as being required together:

    rootCmd.Flags().StringVarP(&u, "username", "u", "", "Username (required if password is set)")
    rootCmd.Flags().StringVarP(&pw, "password", "p", "", "Password (required if username is set)")
    rootCmd.MarkFlagsRequiredTogether("username", "password")
    

    Flags may also be marked as "mutally exclusive" with the MarkFlagsMutuallyExclusive(string, string ... ) command API. Refer to our user guide documentation for further info!

    Completions 👀

    Documentation 📝

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Bump github.com/spf13/viper from 1.11.0 to 1.12.0

    Bump github.com/spf13/viper from 1.11.0 to 1.12.0

    Bumps github.com/spf13/viper from 1.11.0 to 1.12.0.

    Release notes

    Sourced from github.com/spf13/viper's releases.

    v1.12.0

    This release makes YAML v3 and TOML v2 the default versions used for encoding.

    You can switch back to the old versions by adding viper_yaml2 and viper_toml1 to the build tags.

    Please note that YAML v2 and TOML v1 are considered deprecated from this release and may be removed in a future release.

    Please provide feedback in discussions and report bugs on the issue tracker. Thanks!

    What's Changed

    Exciting New Features 🎉

    Enhancements 🚀

    Dependency Updates ⬆️

    New Contributors

    Full Changelog: https://github.com/spf13/viper/compare/v1.11.0...v1.12.0

    Commits
    • 4322cf2 feat: make toml2 the default
    • 8d02999 feat: make yaml3 the default
    • 7c35aa9 chore(deps): update yaml3
    • 433821f feat: add etcd3 support to remote
    • 2080d43 chore: update crypt
    • da55858 chore: fix Error log calls in mergeMaps
    • f50ce90 Add in MustBindEnv.
    • 3b836e5 build(deps): bump github.com/subosito/gotenv from 1.2.0 to 1.3.0
    • 5d65186 build(deps): bump github.com/pelletier/go-toml/v2 from 2.0.0 to 2.0.1
    • 9f85518 build(deps): bump github.com/spf13/cast from 1.4.1 to 1.5.0
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Bump github.com/spf13/viper from 1.10.1 to 1.11.0

    Bump github.com/spf13/viper from 1.10.1 to 1.11.0

    Bumps github.com/spf13/viper from 1.10.1 to 1.11.0.

    Release notes

    Sourced from github.com/spf13/viper's releases.

    v1.11.0

    What's Changed

    Exciting New Features 🎉

    Enhancements 🚀

    Bug Fixes 🐛

    Breaking Changes 🛠

    Dependency Updates ⬆️

    New Contributors

    Full Changelog: https://github.com/spf13/viper/compare/v1.10.1...v1.11.0

    Commits
    • 6986c0a chore: update crypt
    • 65293ec add release note configuration
    • 6804da7 chore!: drop Go 1.14 support
    • 5b21ca1 fix: deprecated config
    • 55fac10 chore: fix lint
    • e0bf4ac chore: add go 1.18 builds
    • 973c265 build(deps): bump github.com/pelletier/go-toml/v2
    • 129e4f9 build(deps): bump github.com/pelletier/go-toml/v2
    • 9a8603d build(deps): bump actions/setup-go from 2 to 3
    • dc76f3c build(deps): bump github.com/spf13/afero from 1.8.1 to 1.8.2
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Bump github.com/spf13/cobra from 1.3.0 to 1.4.0

    Bump github.com/spf13/cobra from 1.3.0 to 1.4.0

    Bumps github.com/spf13/cobra from 1.3.0 to 1.4.0.

    Release notes

    Sourced from github.com/spf13/cobra's releases.

    v1.4.0

    Winter 2022 Release ❄️

    Another season, another release!

    Goodbye viper! 🐍 🚀

    The core Cobra library no longer requires Viper and all of its indirect dependencies. This means that Cobra's dependency tree has been drastically thinned! The Viper dependency was included because of the cobra CLI generation tool. This tool has migrated to spf13/cobra-cli.

    It's pretty unlikely you were importing and using the bootstrapping CLI tool as part of your application (after all, it's just a tool to get going with core cobra).

    But if you were, replace occurrences of

    "github.com/spf13/cobra/cobra"
    

    with

    "github.com/spf13/cobra-cli"
    

    And in your go.mod, you'll want to also include this dependency:

    github.com/spf13/cobra-cli v1.3.0
    

    Again, the maintainers do not anticipate this being a breaking change to users of the core cobra library, so minimal work should be required for users to integrate with this new release. Moreover, this means the dependency tree for your application using Cobra should no longer require dependencies that were inherited from Viper. Huzzah! 🥳

    If you'd like to read more

    Documentation 📝

    Other 💭

    Shoutout to our awesome contributors helping to make this cobra release possible!! @​spf13 @​marckhouzam @​johnSchnake @​jpmcb @​liggitt @​umarcor @​hiljusti @​marians @​shyim @​htroisi

    Changelog

    Sourced from github.com/spf13/cobra's changelog.

    Cobra Changelog

    v1.1.3

    • Fix: release-branch.cobra1.1 only: Revert "Deprecate Go < 1.14" to maintain backward compatibility

    v1.1.2

    Notable Changes

    • Bump license year to 2021 in golden files (#1309) @​Bowbaq
    • Enhance PowerShell completion with custom comp (#1208) @​Luap99
    • Update gopkg.in/yaml.v2 to v2.4.0: The previous breaking change in yaml.v2 v2.3.0 has been reverted, see go-yaml/yaml#670
    • Documentation readability improvements (#1228 etc.) @​zaataylor etc.
    • Use golangci-lint: Repair warnings and errors resulting from linting (#1044) @​umarcor

    v1.1.1

    • Fix: yaml.v2 2.3.0 contained a unintended breaking change. This release reverts to yaml.v2 v2.2.8 which has recent critical CVE fixes, but does not have the breaking changes. See spf13/cobra#1259 for context.
    • Fix: correct internal formatting for go-md2man v2 (which caused man page generation to be broken). See spf13/cobra#1049 for context.

    v1.1.0

    Notable Changes

    • Extend Go completions and revamp zsh comp (#1070)
    • Fix man page doc generation - no auto generated tag when cmd.DisableAutoGenTag = true (#1104) @​jpmcb
    • Add completion for help command (#1136)
    • Complete subcommands when TraverseChildren is set (#1171)
    • Fix stderr printing functions (#894)
    • fix: fish output redirection (#1247)

    v1.0.0

    Announcing v1.0.0 of Cobra. 🎉

    Notable Changes

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Bump github.com/spf13/viper from 1.10.0 to 1.10.1

    Bump github.com/spf13/viper from 1.10.0 to 1.10.1

    Bumps github.com/spf13/viper from 1.10.0 to 1.10.1.

    Release notes

    Sourced from github.com/spf13/viper's releases.

    v1.10.1

    This is a maintenance release upgrading the Consul dependency fixing CVEs.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Add CLI flag to specify Docker version

    Add CLI flag to specify Docker version

    my docker api version is 1.37 ,Echo is Docker API was unreachable: Error response from daemon: client version 1.39 is too new. Maximum supported API version is 1.37 ;Docker API was unreachable:error during connect: Get "http://00:0C:29:C6:5D:36:2375/v1.39/info": dial tcp: lookup 00:0C:29:C6:5D:36: no such host

    enhancement help wanted good first issue 
    opened by mk4no1 1
Releases(1.1.1)
Owner
Brendan Le Glaunec
Software Engineer @traefik & previously R&D Software Engineer @EtixLabs / Go Contractor @fresh8
Brendan Le Glaunec
its a simple backdoor service that im making cuz i think that it could be cool its not finished but this is a cool project

yackdoor its a simple backdoor service that im making cuz i think that it could be cool its not finished but this is a cool project how it looks backd

ranon rat 7 Mar 9, 2022
Hotdog is a set of OCI hooks used to inject the Log4j Hot Patch into containers.

Hotdog Hotdog is a set of OCI hooks used to inject the Log4j Hot Patch into containers. How it works When runc sets up the container, it invokes hotdo

null 33 Apr 26, 2022
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it

docker-slim 13.8k Jun 28, 2022
Convenience of containers, security of virtual machines

Convenience of containers, security of virtual machines With firebuild, you can build and deploy secure VMs directly from Dockerfiles and Docker image

null 47 May 15, 2022
Simple Go-based permission setter for containers running as non root users

Simple Go-based permission setter for containers running as non root users

Jacob Alberty 1 May 17, 2022
SandboxPPL - Golang PoC that sandboxes Defender (or other PPL) by setting its token integrity to Untrusted

SandboxPPL Golang PoC that sandboxes Defender (or other PPL) by setting its toke

null 9 Jun 11, 2022
Friends don't let friends leak secrets on their terminal window

senv - safer env Friends don't let friends leak secrets in terminal windows. ?? Print your environment to the terminal without worry.

null 99 Jun 16, 2022
Pokes users on Slack about outstanding risks found by Crowdstrike Spotlight or vmware Workspace ONE so they can secure their own endpoint.

?? security-slacker Pokes users on Slack about outstanding risks found by Crowdstrike Spotlight or vmware Workspace ONE so they can secure their own e

Niels Hofmans 20 Jun 13, 2022
🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures

?? ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures

Batuhan Apaydın 39 Jun 15, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.5k Jun 30, 2022
SPIRE is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms

SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms

SPIFFE 1.2k Jun 22, 2022
zero-trust remote firewall instrumentation

ShieldWall embraces the zero-trust principle and instruments your server firewall to block inbound connections from every IP on any port, by default.

Simone Margaritelli 171 Jun 9, 2022
Secure Remote Password library for Go

go-srp NOTE: This is a port of node-srp to Go. I recommend reading their README for general information about the use of SRP. Installation go get gith

Kong 38 Jun 2, 2022
Exploitation of CVE-2018-18925 a Remote Code Execution against the Git self hosted tool: Gogs.

CVE-2018-18925 Exploitation of CVE-2018-18925 a Remote Code Execution against the Git self hosted tool: Gogs. Gogs is based on the Macaron framework.

Jakom 7 Feb 2, 2022
Exploit for remote command execution in Golang go get command.

CVE-2018-6574 Exploit for remote command execution in Golang go get command. Introduction When you go get a package, Go is designed to build and insta

Devang Solanki 0 Oct 15, 2021
PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS

CVE-2015-1635 PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS ./MS15-034 <URL> <RESOURCE> <FLAG [0 or 18]> Note

Nikola Kipariz Stamov 0 Nov 3, 2021
Manfred Touron 212 Jun 12, 2022
Scan systems and docker images for potential spring4shell vulnerabilities.

Scan systems and docker images for potential spring4shell vulnerabilities. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Spring4shell versions. Binaries for Windows, Linux and OsX, but can be build on each platform supported by supported Golang.

null 11 May 6, 2022
ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file.

ZipExec ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded i

Tylous 903 Jun 25, 2022