Exposed Docker Registry Penetration Testing

Port: 5000 (Usually)

Tool: https://github.com/Syzik/DockerRegistryGrabber

Usage:

TIP: We use -U and -P as well as -A flags to perform authenticated enumeration and dumping

python3 drg.py http://TARGET.COM --list (List repositories)

python3 drg.py http://TARGET.COM --dump TARGET_REPOSITORY (Dump this repository)

python3 drg.py http://TARGET.COM --dump-all (Dump the entire registry)

Authenticated Usage example:

python3 drg.py https://TARGET.COM -A 'Auth BEARER TOKEN' --list (Authenticate with an auth token)

python3 drg.py https://TARGET.COM -U USERNAME -P PASSWORD --list (Authenticate with credentials)

Alternative tool: cURL

Usage:

curl -s http://TARGET.COM:5000/v2/_catalog (List repositories)

curl -s http://TARGET.COM:5000/v2/ubuntu/tags/list (Get tags of a repository)

curl -s http://TARGET.COM:5000/v2/ubuntu/manifests/latest (Get manifests)

curl http://TARGET.COM:5000/v2/ubuntu/blobs/sha256:SHA256_HASH --output blob1.tar (Download one of the previously listed blobs)

tar -xf blob1.tar (Inspect the insides of each blob)

OR

zgrep -la STRING blob1.tar (Use this to search for something specific)

PreviousDatabase Navigation NextDomain Name System (DNS)

Last updated 4 months ago

hashtagPort: 5000 (Usually)

hashtagTool: https://github.com/Syzik/DockerRegistryGrabber

hashtagUsage:

hashtagTIP: We use -U and -P as well as -A flags to perform authenticated enumeration and dumping

hashtagAuthenticated Usage example:

hashtagAlternative tool: cURL

hashtagUsage:

hashtagOR

Port: 5000 (Usually)

Tool: https://github.com/Syzik/DockerRegistryGrabber

Usage:

TIP: We use -U and -P as well as -A flags to perform authenticated enumeration and dumping

Authenticated Usage example:

Alternative tool: cURL

Usage:

OR