GithubHelp home page GithubHelp logo

p3gleg / whaler Goto Github PK

View Code? Open in Web Editor NEW
1.0K 24.0 92.0 71 KB

Program to reverse Docker images into Dockerfiles

License: GNU General Public License v3.0

Go 99.31% Dockerfile 0.69%
security-tools security docker-security reverse-engineering docker-image dockerfile secrets passwords

whaler's Introduction

Whaler

Whaler is a Go program which is designed to reverse engineer docker images into the Dockerfile that created it. It currently performs the following actions

  • Generates a Dockerfile from an Image
  • Searches added filenames for potential secret files
  • Extracts files that were added by the Docker ADD/COPY Instructions
  • It also displays misc. information such as ports open, the user it runs as and environment variables.

How to run it

The easiest way is to run the tool in docker container:

docker pull pegleg/whaler
docker run -t --rm -v /var/run/docker.sock:/var/run/docker.sock:ro pegleg/whaler -sV=1.36 nginx:latest
docker build --rm -t pegleg/whaler .
alias whaler="docker run -t --rm -v /var/run/docker.sock:/var/run/docker.sock:ro pegleg/whaler"
whaler -sV=1.36 nginx:latest

This tool will pull target docker image automatically. Parameter -sV=1.36 is not always required.

How to build it

Git clone the project into your $GOPATH/src directory and perform the following command

go get -u github.com/P3GLEG/Whaler
cd $GOPATH/src/github.com/P3GLEG/Whaler
go build .

How to run it

./Whaler
Usage of ./Whaler:
  -f string
    	File containing images to analyze seperated by line
  -filter
    	Filters filenames that create noise such as node_modules. Check ignore.go file for more details (default true)
  -sV string
    	Set the docker client ID to a specific version -sV=1.36
  -v	Print all details about the image
  -x	Save layers to current directory

whaler's People

Contributors

p3gleg avatar zas4exd avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

fuckup1337 idkwim techlord-rce silky s3curity-er1c johnjohnsp1 lq4ever sevck shivamgupta211 bradparks 18nvaz yinwoods dancashman jige003 wangyitao beleo theresaliao sasqwatch cunvoas pricewatermouse fullkomnun ghb-1234 m4d3bug sambacha hariguru pombredanne land007 eln1x tblakex01 alpine-docker engineitops t2sc0m herrphon-docker-stuff pervrosen linux8a cybernewbies jackwiy raychorn dvntaudio ncolyer mishchenkoa xiaofan-linux chiarak20 kerven88 blackhacked sudocodus zsjohny bawed pickls finalha yacinase06 xbw1220 chengchen19 yuanter carlesmateo spirrello petetong1989 darkoneiroi royalwang grosa1 ach5948 resenhacyber evilhy renwenqiang 3nprob sjondegast jonathanhle marcus-arcadius laff2022 kitkw bzking rainingwalk cheyunhua ctllin pnigos jforge readme2gh sathishcyberintelsysnew earnhardt3rd-forks iq-scm uuuunotfound xiangzaixiansheng yin-zt beahues comeonyang43 itsharex moxicution lijianmin01 drag0nf1y

whaler's Issues

Migrate To Gitlab

With the sale of GitHub to Microsoft, this project is no longer safe here. Please migrate the project and it’s connu over to GitLab where they still believe in Open Source.

Thank you

It is not give me perfect output as per the aspect.

It is much better to others but still it need to more improve.

Original Docker Image

FROM openjdk:8-jdk

ENV HADOOP_VERSION=3.3.1
ENV HADOOP_HOME=/opt/hadoop

ENV PATH=$PATH:$HADOOP_HOME/bin:$HADOOP_HOME/sbin

EXPOSE 50010 50020 50070 50075 50090 8020 9000 9870 9864 19888 10020 19890 8030 8031 8032 8033 8040 8042 8088

CMD ["hadoop", "namenode", "-format"]

Actual Output
Dockerfile:

CMD ["bash"]
RUN set -eux; apt-get update; apt-get install -y --no-install-recommends ca-certificates curl netbase wget ; rm -rf /var/lib/apt/lists/*
RUN set -ex; if ! command -v gpg > /dev/null; then apt-get update; apt-get install -y --no-install-recommends gnupg dirmngr ; rm -rf /var/lib/apt/lists/*; fi
RUN apt-get update  \
        && apt-get install -y --no-install-recommends git mercurial openssh-client subversion procps  \
        && rm -rf /var/lib/apt/lists/*
RUN set -eux; apt-get update; apt-get install -y --no-install-recommends bzip2 unzip xz-utils fontconfig libfreetype6 ca-certificates p11-kit ; rm -rf /var/lib/apt/lists/*
ENV JAVA_HOME=/usr/local/openjdk-8
RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home  \
        && chmod +x /usr/local/bin/docker-java-home  \
        && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility
ENV PATH=/usr/local/openjdk-8/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV LANG=C.UTF-8
ENV JAVA_VERSION=8u342
RUN set -eux; arch="$(dpkg --print-architecture)"; case "$arch" in 'amd64') downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_x64_linux_8u342b07.tar.gz'; ;; 'arm64') downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jdk_aarch64_linux_8u342b07.tar.gz'; ;; *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; esac; wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; export GNUPGHOME="$(mktemp -d)"; gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F | tee /dev/stderr | grep '0xA5CD6035332FA671' | grep 'Andrew Haley'; gpg --batch --verify openjdk.tgz.asc openjdk.tgz; gpgconf --kill all; rm -rf "$GNUPGHOME"; mkdir -p "$JAVA_HOME"; tar --extract --file openjdk.tgz --directory "$JAVA_HOME" --strip-components 1 --no-same-owner ; rm openjdk.tgz*; { echo '#!/usr/bin/env bash'; echo 'set -Eeuo pipefail'; echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/jre/lib/security/cacerts"'; } > /etc/ca-certificates/update.d/docker-openjdk; chmod +x /etc/ca-certificates/update.d/docker-openjdk; /etc/ca-certificates/update.d/docker-openjdk; find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; ldconfig; javac -version; java -version
ENV HADOOP_VERSION=3.3.1
ENV HADOOP_HOME=/opt/hadoop
ENV PATH=/usr/local/openjdk-8/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/hadoop/bin:/opt/hadoop/sbin
EXPOSE map[10020/tcp:{} 19888/tcp:{} 19890/tcp:{} 50010/tcp:{} 50020/tcp:{} 50070/tcp:{} 50075/tcp:{} 50090/tcp:{} 8020/tcp:{} 8030/tcp:{} 8031/tcp:{} 8032/tcp:{} 8033/tcp:{} 8040/tcp:{} 8042/tcp:{} 8088/tcp:{} 9000/tcp:{} 9864/tcp:{} 9870/tcp:{}]
CMD ["hadoop" "namenode" "-format"]

I want original dockerfile to reduce size of the dockerimage.

can't run in Alpine image

Hi

I'd like to build this tool in docker image, so I can run it easily.

But I can't make it run in Alpine (which is the smallest image I can use),

FROM golang AS builder
WORKDIR $GOPATH
RUN go get -u github.com/P3GLEG/Whaler
WORKDIR $GOPATH/src/github.com/P3GLEG/Whaler
RUN go build .
RUN cp Whaler /root/Whaler

FROM ubuntu:16.04
WORKDIR /root/
COPY --from=builder /root/Whaler .
ENTRYPOINT ["./Whaler"]

Above Dockerfile by ubuntu works for me

docker build -t dfimage .
alias dfimage="docker run -v /var/run/docker.sock:/var/run/docker.sock --rm dfimage"
dfimage -sV=1.36 nginx:latest

But if I change the multi stage image (second FROM) to

FROM alpine

it doesn't work.

$ dfimage -sV=1.36 nginx:latest

standard_init_linux.go:211: exec user process caused "no such file or directory"

any way to fix this issue?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.