ullaakut / gorsair Goto Github PK
View Code? Open in Web Editor NEWGorsair gives root access on remote docker containers that expose their APIs
License: Apache License 2.0
Gorsair gives root access on remote docker containers that expose their APIs
License: Apache License 2.0
Hello,
I tried installing the tool on my MacBook and I got this err cmd/gorsair.go:68:18: assignment mismatch: 2 variables but scanner.Run returns 3 values
. I looked at the code block and noticed the potential issue:
results, err := scanner.Run()
if err != nil {
fmt.Println(err)
os.Exit(1)
}
I changed it to handle 3 outputs. I am only creating it here rather than a pool request bc I wasn't sure if it would break anything
results, _, err := scanner.Run()
if err != nil {
fmt.Println(err)
os.Exit(1)
}
检测到 Ullaakut/Gorsair 一共引入了191个开源组件,存在7个漏洞
漏洞标题:Docker 路径遍历漏洞
缺陷组件:github.com/docker/[email protected]
漏洞编号:CVE-2014-9356
漏洞描述:Docker是美国Docker公司的一款开源的应用容器引擎。该产品支持在Linux系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。
Docker 1.3.3之前版本中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
影响范围:(∞, 1.3.3)
最小修复版本:1.3.3
缺陷组件引入路径:main@->github.com/docker/[email protected]
另外还有7个漏洞,详细报告:https://mofeisec.com/jr?p=ae8c99
Integrating Disgo will make the code clearer.
Dependabot couldn't parse the go.mod found at /go.mod
.
The error Dependabot encountered was:
go: github.com/spf13/[email protected] requires
gopkg.in/[email protected] requires
gopkg.in/[email protected]: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /opt/go/gopath/pkg/mod/cache/vcs/9241c28341fcedca6a799ab7a465dd6924dc5d94044cbfabb75778817250adfc: exit status 128:
error: RPC failed; curl 18 transfer closed with outstanding read data remaining
fatal: The remote end hung up unexpectedly
fatal: early EOF
fatal: index-pack failed
Vulnerable docker API found:
Endpoint address: xx.xxxx.xxxx.xxxx
Endpoint API port: 2376
Docker version: UNKNOWN
Docker API was unreachable: Get http://xxxx.xxx.xxx.xxxx:2376/v1.39/info: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02".
Any setting to remediate this? I saw in this article need to set the environment to enable TLS for client
https://tech.paulcz.net/blog/secure-docker-with-tls/
Currently, the user is given commands to run themselves. It would be better to:
docker info
, docker ps -a
and docker images
for example.)gorsair
my docker api version is 1.37 ,Echo is Docker API was unreachable: Error response from daemon: client version 1.39 is too new. Maximum supported API version is 1.37 ;Docker API was unreachable:error during connect: Get "http://00:0C:29:C6:5D:36:2375/v1.39/info": dial tcp: lookup 00:0C:29:C6:5D:36: no such host
Hello,
When I run "go install" I'm receiving the following error.
can't load package: package github.com/Ullaakut/Gorsair: unknown import path "github.com/Ullaakut/Gorsair": cannot find module providing package github.com/Ullaakut/Gorsair
Dependabot can't resolve your Go dependency files.
As a result, Dependabot couldn't update your dependencies.
The error Dependabot encountered was:
Cannot detect VCS for gopkg.in/alecthomas/kingpin.v3-unstable. Attempted to detect VCS because the version looks like a git revision: v3.0.0-20180810215634-df19058c872c
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.
Dependabot couldn't parse the go.mod found at /go.mod
.
The error Dependabot encountered was:
go: github.com/spf13/[email protected] requires
github.com/grpc-ecosystem/[email protected] requires
gopkg.in/[email protected]: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /opt/go/gopath/pkg/mod/cache/vcs/748bced43cf7672b862fbc52430e98581510f4f2c34fb30c0064b7102a68ae2c: exit status 128:
fatal: The remote end hung up unexpectedly
After I run:
curl https://github.com/Ullaakut/Gorsair/releases/download/1.1.0/gorsair_linux_amd64 --output /usr/local/bin/gorsair
and chmod 777 /usr/local/bin/gorsair
.
I run gorsair
and I get an error:
/usr/local/bin/gorsair: line 1: syntax error near unexpected token `<'
/usr/local/bin/gorsair: line 1: `<html><body>You are being <a href="https://github-production-release-asset-2e65be.s3.amazonaws.com/143321747/f74b3900-2d70-11e9-8129-9506787cd596?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190214%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190214T143347Z&X-Amz-Expires=300&X-Amz-Signature=0783c1cf5b49ae9ce92c677a923efa3f613060f1d9e67719f35d4e5801a33c4f&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dgorsair_linux_amd64&response-content-type=application%2Foctet-stream">redirected</a>.</body></html>'
It seems that the command you mentioned on the main page doesn't download the file correctly.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.