Docker Registries and their secrets

Refining Shodan Search

  1. port:5001 200 OK
  2. port:5000 docker 200 OK
Docker keyword in HTTP response
Docker-Distribution-API-Version Header

Shodan shows around 140+ docker registries were publicaly exposed that don’t have any kind of authentication on it.

Penetrating Docker Registry

curl -X GET http://registry-ip:port/v2/
curl -X GET http://registry-ip:port/v2/_catalog
Listing repositories
GET /v2/<repo-name>/tags/list
DELETE /v2/<name>/manifests/<reference>
Listing digest
POST /v2/<name>/blobs/uploads/




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Avinash Jain (@logicbomb)

Avinash Jain (@logicbomb)

Security Engineer @Microsoft | DevSecOps | Speaker | Breaking stuff to learn | Featured in Forbes, BBC| Acknowledged by Google, NASA, Yahoo, UN etc