Home

Awesome

Container Escape Check 容器逃逸检测

GitHub stars GitHub issues GitHub release img Twitter

container-escape-check

中文 | EN

Introduce

This script is used to detect Docker container escape methods, The following methods are currently supported:

  1. Privileged Mode
  2. Mount docker Socket
  3. Mount host procfs
  4. Mount host root or etc directory
  5. Open Docker Remote API
  6. CVE-2016-5195 DirtyCow
  7. CVE-2020-14386
  8. CVE-2022-0847 DirtyPipe
  9. CVE-2017-1000112
  10. CVE-2021-22555
  11. Mount Host Var Log
  12. CAP_DAC_READ_SEARCH (Requires container to support capsh command)
  13. CAP_SYS_ADMIN (Requires container to support capsh command)
  14. CAP_SYS_PTRACE (Requires container to support capsh command)
  15. CVE-2022-0492

✨ Usage

Run this script with one command in the container.

wget https://raw.githubusercontent.com/teamssix/container-escape-check/main/container-escape-check.sh -O- | bash

Or clone the project to run in the container.

git clone https://github.com/teamssix/container-escape-check.git
cd container-escape-check
chmod +x container-escape-check.sh
./container-escape-check.sh

If it feels good, remember to give the project a little star ✨

⚠️ Notes

Changelog

v0.3 2022.4.7

v0.2 2022.3.30

v0.1 2022.3.18

img