This project takes a Docker registry and pillages the manifest and configuration for each image in its catalog. It uses Google's crane command's package, which should follow docker's keychain semantics. If you would like to override this, just change authn.DefaultKeychain as described in the https://github.com/google/go-containerregistry/tree/master/pkg/authn/k8schain Install: ```git clone https://github.com/nccgroup/go-pillage-registries.git cd go-pillage-registries go install ./...``` Usage: ```$ pilreg Usage: pilreg <registry> [flags] Flags: -c, --cache string Path to cache image layers (optional, only used if images are pulled) -h, --help help for pilreg -i, --insecure Fetch Data over plaintext -r, --repos strings list of repositories to scan on the registry. If blank, pilreg will attempt to enumerate them using the catalog API -o, --results string Path to directory for storing results. If blank, outputs configs and manifests as json object to Stdout.(must be used if 'store-images` is enabled) -k, --skip-tls Disables TLS certificate verification -s, --store-images Downloads filesystem for discovered images and stores an archive in the output directory (Disabled by default)
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A collection of security workshops and hands-on content for AWS security services and techniques
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.
Discover and understand the Docker Layer 2 ICC Bug and its implications on inter-container communication.
Automate actions on Security Command Center findings with automated disk snapshots, IAM grant revocation, and more.
A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.
Kube-bench is a tool for checking Kubernetes security based on CIS Kubernetes Benchmark.
A framework to analyze container images and gather useful information.
Automated script for creating a vulnerable Azure cloud lab to train offensive security skills.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.