Container Security

A collection of container security resources and tools, organized by category.

More links to articles and talks to come!

Tools

Container Breakout

brompwnie/botb (Break out the Box)
A container analysis and exploitation tool for pentesters and engineers by Chris Le Roy. Written in Golang, can exploit common container vulnerabilities, perform common container post exploitation actions, and provide capabilities when certain tools or binaries are not available in the container. Easy to hook into CI/CD.

genuinetools/amicontained
A Golang container introspection tool by Jessie Frazelle that determines what container runtime is being used as well as features available.

nccgroup/ConMachi (Container Blackbox Security Auditing Tool)
ConMachi is a Golang tool by Vikas Kumar and Rob Glew that can be dropped into a container to collect information about its configuration, environment, and list potential security issues. Potential issues ConMachi scans for include: disabled process and user namespacing, dangerous capabilities, disabled Seccomp/AppArmor profiles, devices mounted from the host, and more.

antitree/keyctl-unmask
A tool by Mark Manning to demonstrate the ineffectivity that containers have on isolating Linux Kernel keyrings. It works by brute forcing an int32 to guess the keyring IDs, asking the Linux kernel for information about the keyring, if they’re found, try to “Possess” them and subsequently read the keys of other containers, … and even worse, the host.