{"id":19595941,"url":"https://github.com/innovativeinventor/docker-forensics","last_synced_at":"2026-05-18T00:32:01.899Z","repository":{"id":135191429,"uuid":"402668978","full_name":"InnovativeInventor/docker-forensics","owner":"InnovativeInventor","description":"Simple, but useful forensic tools to inspect the history and provenance of a Docker image. Used to investigate potential backdoors/malware.","archived":false,"fork":false,"pushed_at":"2022-08-23T22:41:07.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-12T08:37:11.027Z","etag":null,"topics":["docker","forensics"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/InnovativeInventor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-03T06:25:28.000Z","updated_at":"2021-10-22T23:33:06.000Z","dependencies_parsed_at":null,"dependency_job_id":"63b79abb-9107-4f6d-ad56-8466ea20fe22","html_url":"https://github.com/InnovativeInventor/docker-forensics","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/InnovativeInventor/docker-forensics","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InnovativeInventor%2Fdocker-forensics","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InnovativeInventor%2Fdocker-forensics/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InnovativeInventor%2Fdocker-forensics/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InnovativeInventor%2Fdocker-forensics/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/InnovativeInventor","download_url":"https://codeload.github.com/InnovativeInventor/docker-forensics/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InnovativeInventor%2Fdocker-forensics/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33160462,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-17T22:39:12.733Z","status":"ssl_error","status_checked_at":"2026-05-17T22:39:10.741Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","forensics"],"created_at":"2024-11-11T08:49:36.389Z","updated_at":"2026-05-18T00:32:01.884Z","avatar_url":"https://github.com/InnovativeInventor.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Docker-forensics \nIn the real-world, sometimes you're given a Docker image of dubious provenance.\nThis repo aims to house some useful scripts/tools I've made to analyze and verify untrusted Docker images for backdoors or malware.\nBasically, here are some lightweight reversing tools for black-box Docker images.\n\n## Example usage\n\nFetching [nginx](https://hub.docker.com/_/nginx) images:\n```bash\npython fetch.py nginx\n```\n\nUnpacking:\n```bash\nbash unpack.sh\n```\n\n## Example analysis\n\nFrom here, you can inspect the filesystems normally. For example if you wanted to search for some string or file:\n```bash\nrg [some string]\nfd [some filename]\n```\n\nYou can also run `clamav` or other static analyzers to look for suspicious files.\n```bash\nbash clamscan.sh\n```\n\nOr, you can look for leaked secrets.\n```bash\nbash secrets.sh\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finnovativeinventor%2Fdocker-forensics","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finnovativeinventor%2Fdocker-forensics","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finnovativeinventor%2Fdocker-forensics/lists"}