{"id":13525999,"url":"https://github.com/chaitin/veinmind-tools","last_synced_at":"2025-05-15T04:04:25.755Z","repository":{"id":36952754,"uuid":"456840037","full_name":"chaitin/veinmind-tools","owner":"chaitin","description":"veinmind-tools 是由长亭科技自研,基于 veinmind-sdk 打造的容器安全工具集","archived":false,"fork":false,"pushed_at":"2024-01-10T09:08:31.000Z","size":21068,"stargazers_count":1581,"open_issues_count":24,"forks_count":185,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-05-08T07:17:47.643Z","etag":null,"topics":["cloud-native","cloud-security","container-security","containerd","docker","image-security","security"],"latest_commit_sha":null,"homepage":"https://veinmind.chaitin.com/docs/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chaitin.png","metadata":{"files":{"readme":"README.en.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-08T08:12:15.000Z","updated_at":"2025-04-28T18:22:56.000Z","dependencies_parsed_at":"2024-06-18T14:07:05.075Z","dependency_job_id":null,"html_url":"https://github.com/chaitin/veinmind-tools","commit_stats":{"total_commits":281,"total_committers":16,"mean_commits":17.5625,"dds":0.5480427046263345,"last_synced_commit":"b5b2af53f44eec2f77d01f9bfb0c379700edc68c"},"previous_names":[],"tags_count":54,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chaitin%2Fveinmind-tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chaitin%2Fveinmind-tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chaitin%2Fveinmind-tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chaitin%2Fveinmind-tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chaitin","download_url":"https://codeload.github.com/chaitin/veinmind-tools/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254270641,"owners_count":22042858,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-native","cloud-security","container-security","containerd","docker","image-security","security"],"created_at":"2024-08-01T06:01:24.194Z","updated_at":"2025-05-15T04:04:25.700Z","avatar_url":"https://github.com/chaitin.png","language":"Go","funding_links":[],"categories":["安全扫描","2 Defensive","其他_安全与渗透","Go","蓝队工具","0x02 工具 :hammer_and_wrench:"],"sub_categories":["2.7 Tools","网络服务_其他","IAC(Infrastructure-as-Code)扫描","2 云原生工具"],"readme":"\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://dinfinite.oss-cn-beijing.aliyuncs.com/image/20220428154824.png\" width=\"120\"\u003e\n\u003c/p\u003e\n\u003ch1 align=\"center\"\u003e veinmind-tools \u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://veinmind.chaitin.com/docs/\"\u003eDocumentation\u003c/a\u003e \n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://img.shields.io/github/v/release/chaitin/veinmind-tools.svg\" /\u003e\n\u003cimg src=\"https://img.shields.io/github/release-date/chaitin/veinmind-tools.svg?color=blue\u0026label=update\" /\u003e\n\u003cimg src=\"https://img.shields.io/badge/go report-A+-brightgreen.svg\" /\u003e\n\n\u003cp align=\"center\"\u003e veinmind-tools is self-developed by \u003ca href=\"https://www.chaitin.cn/en/\"\u003e chaitin technology \u003c/a\u003e,\ncloudwalker team incubation,a container security toolset based on \u003ca href=\"https://github.com/chaitin/libveinmind\"\u003eveinmind-sdk\u003c/a\u003e \u003c/p\u003e\n\u003c/p\u003e\n\n## 🔥 Demo\n\n![](https://veinmind-cache.oss-cn-hangzhou.aliyuncs.com/img/scan.gif)\n\nVeinmind has been connected to openai. You can use openai to conduct a user-friendly analysis of the scan results, allowing you to have a clearer understanding of the risks identified during this scan.\n\n![](https://veinmind-cache.oss-cn-hangzhou.aliyuncs.com/img/ai.png)\n\n## 🕹️ Quick Start\n\n### 1. Make sure docker is installed correctly on the machine\n\n```\ndocker info\n```\n\n### 2. Install [veinmind-runner](https://github.com/chaitin/veinmind-tools/tree/master/veinmind-runner) image\n\n```\ndocker pull registry.veinmind.tech/veinmind/veinmind-runner:latest\n```\n\n### 3. Download [veinmind-runner](https://github.com/chaitin/veinmind-tools/tree/master/veinmind-runner) parallel container startup script\n\n```\nwget -q https://download.veinmind.tech/scripts/veinmind-runner-parallel-container-run.sh -O run.sh \u0026\u0026 chmod +x run.sh\n```\n\n### 4. Quick scan local images/containers\n\n```\n./run.sh scan [image/container]\n```\n\n### 5. use ai analyze\n\n```\n./run.sh scan [image/container] --enable-analyze --openai-token \u003cyour_openai_token\u003e\n```\n\n\u003e Note: When using openAI, please ensure that the current network can access openAI\n\u003e When starting a parallel container, you need to manually use docker run -e http_proxy=xxxx -e https_proxy=xxxx Set proxy (in non global proxy scenarios)\n\n\n### 6. generate \u003chtml\u003e \u003ccli\u003e \u003cjson\u003e report\n\n```\n./run.sh scan [image/container] --format=html,cli\n```\n\n\u003e this will generate a file at path which name `report.html` or `report.json`\n\u003e you can use `,` to generate different reports,like `--format=html,cli,json` will output both `report.html` and `report.json` and cli table。\n\n## 🔨 Toolset\n\n| Tool | Description | \n|---------------------------------------------------------------------------|--------------------------------------------------------|\n| [veinmind-runner](veinmind-runner/README.en.md) | scanner host |\n| [veinmind-malicious](plugins/go/veinmind-malicious/README.en.md) | Scan containers/images for malicious files |\n| [veinmind-weakpass](plugins/go/veinmind-weakpass/README.en.md) | scan containers/images for weak passwords |\n| [veinmind-log4j2](plugins/go/veinmind-log4j2/README.en.md) | scan containers/images for log4j2(CVE-2021-44228) |\n| [veinmind-minio](plugins/go/veinmind-minio) | scan containers/images for minio(CVE-2023-28432) |\n| [veinmind-sensitive](plugins/go/veinmind-sensitive/README.en.md) | scan images for sensitive information |\n| [veinmind-backdoor](plugins/go/veinmind-backdoor/README.en.md) | scan images for backdoors |\n| [veinmind-history](plugins/python/veinmind-history/README.en.md) | scan images for abnormal history commands |\n| [veinmind-vuln](plugins/go/veinmind-vuln/README.en.md) | scan containers/images for asset information and vulns |\n| [veinmind-webshell](plugins/go/veinmind-webshell) | scan containers/images for webshell |\n| [veinmind-unsafe-mount](plugins/go/veinmind-unsafe-mount) | scan containers for unsafe mount |\n| [veinmind-iac](plugins/go/veinmind-iac) | scan images/cluster IaC file |\n| [veinmind-escape](plugins/go/veinmind-escape) | scan containers/images for escape risk |\n| [veinmind-privilege-escalation](plugins/go/veinmind-privilege-escalation) | scan containers/images for privilege escalation risk |\n| [veinmind-trace](plugins/go/veinmind-trace) | scan containers attack trace |\n\n\nPS: All tools currently support running in parallel containers\n\n## 🧑‍💻 Coding Plugins\n\nUse example to create a veinmind-tool plugin quickly, see more at [veinmind-example](example/README.en.md)\n\n## ☁️ Cloud-native infrastructure compatibility\n\n| Name | Type | Compatibility |\n|--------------------------------------------------------------|----------|---------------|\n| [Jenkins](https://github.com/chaitin/veinmind-jenkins) | CI/CD | ✔️ |\n| [Gitlab CI](https://veinmind.chaitin.com/docs/ci/gitlab/) | CI/CD | ✔️ |\n| [Github Action](https://github.com/chaitin/veinmind-action) | CI/CD | ✔️ |\n| DockerHub | Registry | ✔️ |\n| Docker Registry | Registry | ✔️ |\n| Harbor | Registry | ✔️ |\n| Docker | Runtime | ✔️ |\n| Containerd | Runtime | ✔️ |\n| kubernetes | Cluster | ✔️ |\n\n## 🛴 Architecture\n![](docs/architecture.png)\n\n## 🏘️ Contact Us\n\n1. You can make bug feedback and feature suggestions directly through GitHub Issues.\n2. By scanning the QR code below (use wechat), you can join the discussion group of veinmind users for detailed\n discussions by adding the veinmind assistant.\n\n![](docs/veinmind-group-qrcode.png)\n\n## ✨ CTStack\n\u003cimg src=\"https://ctstack-oss.oss-cn-beijing.aliyuncs.com/CT%20Stack-2.png\" width=\"30%\" /\u003e\n\nveinmind-tools has already joined [CTStack](https://stack.chaitin.com/tool/detail?id=3) community\n\n## ✨ 404 starlink project\n\n\u003cimg src=\"https://github.com/knownsec/404StarLink-Project/raw/master/logo.png\" width=\"30%\"\u003e\n\nveinmind-tools now joined 404 starlink project (https://github.com/knownsec/404StarLink)\n\n## ✨ Star History \u003ca name=\"star-history\"\u003e\u003c/a\u003e\n\n\u003ca href=\"https://github.com/chaitin/veinmind-tools/stargazers\"\u003e\n \u003cimg width=\"500\" alt=\"Star History Chart\" src=\"https://api.star-history.com/svg?repos=chaitin/veinmind-tools\u0026type=Date\"\u003e\n\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchaitin%2Fveinmind-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchaitin%2Fveinmind-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchaitin%2Fveinmind-tools/lists"}