Docker Registry Listing

What is the "Docker Registry Listing?" module?

The "Docker Registry Listing" module is designed to detect misconfigurations in Docker registries. It targets Docker, a popular containerization platform used in DevOps environments. This module has a medium severity level.

Author: puzzlepeaches

Impact

This module helps identify potential security vulnerabilities in Docker registries. By detecting misconfigurations, it helps prevent unauthorized access to sensitive container images and reduces the risk of data breaches.

How does the module work?

The "Docker Registry Listing" module works by sending an HTTP GET request to the "/v2/_catalog" endpoint of the Docker registry. It then applies matching conditions to determine if the response indicates the presence of repositories and if the response header contains the "application/json" content type.

Example HTTP request:

GET /v2/_catalog

Matching conditions:

- The response body must contain the word "\"repositories\":" - The response header must contain the word "application/json"

If both conditions are met, the module reports a potential misconfiguration in the Docker registry.

Reference: https://notsosecure.com/anatomy-of-a-hack-docker-registry

Metadata: max-request: 1