中文 | EN

This script is used to detect Docker container escape methods, The following methods are currently supported:

1. Privileged Mode
2. Mount docker Socket
3. Mount host procfs
4. Mount host root or etc directory
5. Open Docker Remote API
6. CVE-2016-5195 DirtyCow
7. CVE-2020-14386
8. CVE-2022-0847 DirtyPipe
9. CVE-2017-1000112
10. CVE-2021-22555
11. Mount Host Var Log
12. CAP_DAC_READ_SEARCH (Requires container to support capsh command)
13. CAP_SYS_ADMIN (Requires container to support capsh command)
14. CAP_SYS_PTRACE (Requires container to support capsh command)
15. CVE-2022-0492

Run this script with one command in the container.

wget https://raw.githubusercontent.com/teamssix/container-escape-check/main/container-escape-check.sh -O- | bash

Or clone the project to run in the container.

git clone https://github.com/teamssix/container-escape-check.git
cd container-escape-check
chmod +x container-escape-check.sh
./container-escape-check.sh

If it feels good, remember to give the project a little star ✨

• This script needs to be run inside the docker container.
• Most of the detection methods here are based on my experience, and there may be false positives or omissions. If you find these problems, please submit an Issue.
• Some escape methods need to be judged according to the Docker version. I haven't thought of a way to get the Docker version from inside the container, so the script does not support the detection of this method yet.

• Add CVE-2022-0492
• If the capsh command does not exist, it will be installed automatically
• Enhanced privileged mode detection
• Enhanced /var/log detection

• Add CVE-2017-1000112
• Add CVE-2021-22555
• Add Mount Host Var Log
• Add CAP_DAC_READ_SEARCH
• Add CAP_SYS_ADMIN
• Add CAP_SYS_PTRACE

• Add Privileged Mode
• Add Mount docker Socket
• Add Mount host procfs
• Add Mount host root or etc directory
• Add Open Docker Remote API
• Add CVE-2016-5195 DirtyCow
• Add CVE-2020-14386
• Add CVE-2022-0847 DirtyPipe