Exposed Docker API

What is the "Exposed Docker API?"

The "Exposed Docker API" module is designed to detect misconfigurations in the Docker API. It targets the Docker software and aims to identify potential vulnerabilities or security issues. The severity of this module is classified as informative, meaning it provides valuable information but does not indicate a critical vulnerability. This module is a test case that can be used to scan for misconfigurations in the Docker API.

Impact

This module helps identify potential misconfigurations in the Docker API, which could lead to unauthorized access or other security risks. By detecting these issues, it allows users to take appropriate actions to secure their Docker environment and prevent potential attacks.

How the module works?

The "Exposed Docker API" module works by sending HTTP requests to the target Docker API endpoints and applying matching conditions to identify misconfigurations. One example of an HTTP request sent by this module is a GET request to the "/version" endpoint. The module then applies matching conditions to check if the response headers contain "application/json", the response body includes keywords like "KernelVersion" and "BuildTime", and the response status is 200.

If all the matching conditions are met, the module reports a potential misconfiguration in the Docker API. The module uses a combination of header, body, and status matchers to ensure accurate detection of misconfigurations.

It is important to note that this module does not perform any modifications or changes to the target system. It solely focuses on detecting potential misconfigurations and providing information to the user.