https://github.com/nccgroup/go-pillage-registries

Pentester-focused Docker registry tool to enumerate and pull images
https://github.com/nccgroup/go-pillage-registries

Last synced: 3 months ago
JSON representation

Pentester-focused Docker registry tool to enumerate and pull images

• Host: GitHub
• URL: https://github.com/nccgroup/go-pillage-registries
• Owner: nccgroup
• License: mit
• Created: 2020-01-22T20:39:30.000Z (about 5 years ago)
• Default Branch: master
• Last Pushed: 2020-01-27T17:53:19.000Z (almost 5 years ago)
• Last Synced: 2024-08-03T17:10:38.316Z (6 months ago)
• Language: Go
• Homepage: https://research.nccgroup.com/2020/01/24/tool-release-enumerating-docker-registries-with-go-pillage-registries/
• Size: 724 KB
• Stars: 103
• Watchers: 10
• Forks: 11
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-kubernetes-threat-detection - go-pillage-registries

README

        
# go-pillage-registries

![go-pillage-registries logo](images/logo-small.png)

This project takes a Docker registry and pillages the manifest and configuration for each image in its catalog.

It uses Google's [crane](https://github.com/google/go-containerregistry/blob/master/cmd/crane/doc/crane.md) command's package, which should follow docker's keychain semantics.

If you would like to override this, just change `authn.DefaultKeychain` as described in the 

## Install:

```bash

git clone https://github.com/nccgroup/go-pillage-registries.git

cd go-pillage-registries

go install ./...

```

## Usage:

```

$ pilreg

Usage:

  pilreg  [flags]

Flags:

  -c, --cache string     Path to cache image layers (optional, only used if images are pulled)

  -h, --help             help for pilreg

  -i, --insecure         Fetch Data over plaintext

  -r, --repos strings    list of repositories to scan on the registry. If blank, pilreg will attempt to enumerate them using the catalog API

  -o, --results string   Path to directory for storing results. If blank, outputs configs and manifests as json object to Stdout.(must be used if 'store-images` is enabled)

  -k, --skip-tls         Disables TLS certificate verification

  -s, --store-images     Downloads filesystem for discovered images and stores an archive in the output directory (Disabled by default, requires --results to be set)

  -t, --tags strings     list of tags to scan on each repository. If blank, pilreg will attempt to enumerate them using the tags API

  -w, --workers int      Number of workers when pulling images. If set too high, this may cause errors. (optional, only used if images are pulled) (default 8)

```

## Example:

In the [example directory](example/) there is an example of an image which

Docker image that is a server that has a secret.