GitXplorerGitXplorer
U

Gorsair

public
848 stars
71 forks
3 issues

Commits

List of commits on branch master.
Verified
db59eae994991fb860554a6890bda07e3eb60917

Bump github.com/spf13/viper from 1.18.1 to 1.18.2 (#74)

ddependabot[bot] committed 9 months ago
Verified
428b54440b6814ed3790b7d7bd42e2e1aa9b5334

Bump github.com/spf13/viper from 1.18.0 to 1.18.1 (#73)

ddependabot[bot] committed 9 months ago
Verified
e079f5aefa38d0f1544b84cfb6fb94610f2d4129

Bump github.com/spf13/viper from 1.17.0 to 1.18.0 (#72)

ddependabot[bot] committed 9 months ago
Verified
fe7cee4dc4ac920b1c8c6f2ad9995ef036987045

Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#71)

ddependabot[bot] committed 10 months ago
Verified
fb07e71fcb0390d75175493091b075d85f0ada86

Bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible (#70)

ddependabot[bot] committed a year ago
Verified
d3d31f887b06e92f242be812e64d35643755e479

Bump github.com/spf13/viper from 1.16.0 to 1.17.0 (#69)

ddependabot[bot] committed a year ago

README

The README file for this repository.

Gorsair

Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers.

Exposing the docker API on the internet is a tremendous risk, as it can let malicious agents get information on all of the other containers, images and system, as well as potentially getting privileged access to the whole system if the image uses the root user.

Install

From a release

Set the:

  • GORSAIR_VERSION to whatever release you are interested in
  • OS to your operating system (linux, windows or darwin)
  • ARCH to your architecture (amd64, arm, or ppc64le)

And then run the following command to install gorsair.

curl -sS https://github.com/Ullaakut/Gorsair/releases/download/$GORSAIR_VERSION/gorsair_$OS_$ARCH --output /usr/local/bin/gorsair && chmod +x /usr/local/bin/gorsair

From the sources

  • Make sure that you have a go version that supports modules (versions 1.11 and above)
  • Make sure that your environment contains the GO111MODULE variable set to on
  • Run go build -o /usr/local/bin/gorsair cmd/*.go from the root of this repository

Command line options

  • -t, --targets: Set targets according to the nmap target format. Required. Example: --targets="192.168.1.72,192.168.1.74"
  • -p, --ports: (Default: 2375,2376) Set custom ports.
  • -s, --speed: (Default: 4) Set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. You might also want to keep it low to keep your discovery stealthy. See this for more info on the nmap timing templates.
  • -v, --verbose: Enable more verbose logs.
  • -D, --decoys: List of decoy IP addresses to use (see the decoy section of the nmap documentation)
  • -e, --interface: Network interface to use
  • --proxies: List of HTTP/SOCKS4 proxies to use to deplay connections with (see documentation)
  • -S, --spoof-ip: IP address to use for IP spoofing
  • --spoof-mac: MAC address to use for MAC spoofing
  • -v, --verbose: Enable verbose logging
  • -h, --help: Display the usage information

How can I protect my containers from this attack

  • Avoid putting containers that have access to the docker socket on the internet
  • Avoid using the root account in docker containers