Container Security

YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.

A Golang-based container security scanner that identifies potential vulnerabilities and misconfigurations in container environments by checking namespacing, capabilities, security profiles, and host device mounts.

Preflight is a Go-based verification tool that helps organizations validate scripts and executables to prevent supply chain attacks by enabling secure self-compilation and trusted distribution methods.

A Docker-based steganography analysis toolkit containing pre-installed tools and automated scripts for detecting and extracting hidden data from files, primarily designed for CTF challenges.

A container compliance and vulnerability assessment tool that uses OpenSCAP to scan Docker images and running containers for security vulnerabilities and compliance violations.

An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.

A reference guide providing Docker commands and concepts for containerized application development and deployment.

Exploring the transition towards real sandbox containers and the differences in privileges compared to traditional sandboxes like Chrome.

A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.

A project exploring minimal set of restrictions for running untrusted code using Linux containers in a concise codebase.

gVisor is a Go-based application kernel that provides enhanced container isolation by implementing Linux system calls and limiting host kernel exposure through its runsc OCI runtime.

Container image definitions that create standardized testing environments for software applications with consistent dependencies and configurations.

LinuxKit is a toolkit for building custom minimal, immutable Linux distributions with secure defaults for running containerized applications like Docker and Kubernetes.

Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.

A Docker container that bundles preinstalled AWS security tools for streamlined security operations and assessments in AWS environments.

A repository of Kubernetes Network Policy examples and YAML configurations for controlling network traffic and implementing security controls in Kubernetes clusters.

A command-line tool that extracts manifest and configuration data from Docker registry images for security analysis and reconnaissance purposes.

Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.

A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.

A Python-based Docker security audit tool that performs CIS benchmark assessments with customizable profiles and JSON reporting capabilities.

SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.

A cross-platform post-exploitation HTTP/2 Command & Control framework designed specifically for testing and exploiting containerized environments including Docker and Kubernetes.

minikube is a local Kubernetes cluster management tool that enables developers to run and test Kubernetes applications on their local machines across multiple operating systems.

Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.