bird.makeup

Today I found an unauthenticated Docker API endpoint, and couldn't find a working exploit script, so I made one. It exfils out-of-band if you can't get output (I couldn't) and auto-cleans up after itself. Nessus: Docker Remote API Detection https://github.com/n00py/DockerKnocker
See Tweet

Service load: 138 hours to fetch all users
Source Code Support us on Patreon