DockerENT: analyze security issues with running containers
DockerENT is an activE ruNtime application security scanning Tool (RAST tool). It is a pluggable framework written in Python. It comes with a CLI application and a clean Web Interface written using StreamLit.
DockerENT has been designed to detect weak security misconfigurations in production deployments which can lead to severe consequences. This application connects with running containers in the system and fetches the list of weak and vulnerable runtime configurations and generates a report. If invoked through a web interface, it can display the scan and audit report in the UI itself.
- Plugin driven framework.
- Use low-level docker api to interact with running containers.
- Clean and Easy to Use UI.
- Comes with 9 docker scan plugins out of which, 6 plugins can audit results.
- Entire list: Docker Scan Plugins
- Framework ready to work docker-networks.
- Entire list: Docker Network Scan plugins
- Output plugins can write to
- The only open-source interactive docker scanning tool.
- Can run plugins in parallel.
- Underactive development 😄.
|Plugin Name||Plugin File||Feature||Audit|
|CMD_HISTORY||File||Identify shell history||Root history and User shell history|
|FILESYSTEM||File||Identify RW File Systems||If RW file systems are present.|
|NETWORK||File||Identify Network state||Identifies All mapped ports.|
|PLAINTEST_PASSWORD||File||Identify password in different files|
|SECURITY_PROFILES||File||Identify Weak Security Profiles||List Weak security profiles.|
|USER_INFO||File||Identify user info||List permissions in passwd and other sensitive files|
|SYSTEM_INFO||File||Identify docker system info||No Audit|
|FILES_INFO||File||Identify world writeable directories and files||List all such files.|
|PROC_INFO||File||Identify the list of process in the docker system|
- Rich Logging interface can help in easy debugging through extensive debug logs.
- Can run in parallel, just pass
-n <count>, to specify the processors in parallel.
- Can dump output in
- The audit output is not dumped to file.
- Selecting multiple specific dockers is pain.
- Clean, and easy to use UI.
- Everything at one single page.
- Ease of selecting multiple docker images, multiple plugins, and multiple docker-networks.
- Audit report present.
- Logging interface, not Rich.
JSONreports are bulky.
- Rely on third party lib StreamLit, all issues with the framework are inherent.
Copyright (c) 2020 Rohit Sehgal