You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ ctrsploit env
NAME:
ctrsploit env - gather information
USAGE:
ctrsploit env [command [command options]]
COMMANDS:
auto auto
where, w detect whether you are in the container, and which type of the container
mountinfo, m list mount points
storage-driver, sd detect storage driver type and extend information
cgroups, c gather cgroup information
capability, cap show the capability of pid 1 and current process
seccomp, sc show the seccomp info
apparmor, a show the apparmor info
selinux, se show the selinux info
fdisk, f like linux command fdisk or lsblk // TODO
kernel, k collect kernel environment information
sysctl display sysctl information
rlimit get process resource limits
namespace, n, ns check namespace is host ns
docker-version, dv guess dockerd version range
upload, up upload <servicename><filename><obs> [host]
OPTIONS:
--help, -h show help
vul
$ ctrsploit vul
NAME:
ctrsploit vul - list vulnerabilities
USAGE:
ctrsploit vul [command [command options]]
COMMANDS:
cve-2016-8867, 8867, amb Ambient Capabilities in the Linux kernel allow local users to gain privileges
cve-2019-5736, 5736 escape by overwrite runc executable file via /proc/self/exe
cve-2020-8558, 8558 access services bound to 127.0.0.1 from adjacent hosts
cve-2020-15257, 15257 abuse the containerd-shim's abstract unix socket in a container with host network namespace cve-2021-25741, 25741, kubelet-subpath-symlink kubelet symlink exchange vulnerability allows mounting node filesystem inside a pod cve-2021-25748, 25748, ingress-nginx-path-leak ingress-nginx path validation bypass vulnerability allows credential leakage through newline injection cve-2022-0492, 0492 escape via cgroup's release agent without CAP_SYS_ADMIN if kernel is vulnerable to CVE-2022-0492
cve-2022-39253, 39253 read host file during docker build via git CVE-2022-39253
cve-2024-0132, 0132 gpu container escape via nvidia-container-toolkit CVE-2024-0132
cve-2024-23650, 23650 dos buildkit via oci exporter by sending a crafted request
cve-2024-40635, 40635 bypass runAsNonRoot via integer overflow in User ID handling in containerd
cve-2025-23266, 23266 gpu container escape via nvidia-container-toolkit cve-2025-23266 by running a malicious container image
cve-2025-47290, 47290 modify host file via containerd cve-2025-47290 during pulling image
cve-2025-62725, 62725 path traversal in Docker Compose OCI artifacts allows arbitrary file write via malicious registry
fork-bomb
naked we call containers running without seccomp, AppArmor, or SELinux enabled 'naked containers', which leaves them highly vulnerable to kernel exploits and potential container escapes
capability, caps abuse dangerous capabilities in container
namespace, ns host level namespaces break the isolations
service-account-token, sa-token, token check service account token related vulnerabilities
shared-socket, sock abuse runtime's api via shared socketOPTIONS: --help, -h show help
module
Group vulnerabilities by component or configuration type, and use the
tables below to see their check/exploit support status.
$ ctrsploit module
NAME:
ctrsploit module - group vulnerabilities by component or config type
USAGE:
ctrsploit module [component|config] [name]
DESCRIPTION:
Classify and operate vulnerabilities by logical module
such as kernel, runc, containerd, or config (e.g. capability).
COMMANDS:
config, cfg insecure configuration and misconfiguration issues
runc, r runc related vulnerabilities
containerd, c containerd related vulnerabilities
docker, d docker related vulnerabilities
nvidia-container-toolkit, nvidia, nct nvidia-container-toolkit related vulnerabilities
docker-compose, compose docker-compose related vulnerabilities
buildkit, bk buildkit related vulnerabilities
kubernetes, k8s kubernetes related vulnerabilities
ingress-nginx, ingress ingress-nginx related vulnerabilities
git, g git related vulnerabilities
kernel, k kernel related vulnerabilities
OPTIONS:
--help, -h show help
we call containers running without seccomp, AppArmor, or SELinux enabled 'naked containers', which leaves them highly vulnerable to kernel exploits and potential container escapes
escape via cgroup's release agent without CAP_SYS_ADMIN if kernel is vulnerable to CVE-2022-0492
✔️
✔️
cve-2022-0847
❌
✔️
exploit
$ ctrsploit exploit
NAME:
ctrsploit exploit - run a exploit
USAGE:
ctrsploit exploit [command [command options]]
COMMANDS:
cve-2016-8867, 8867, amb Ambient Capabilities in the Linux kernel allow local users to gain privileges
cve-2019-5736, 5736 escape by overwrite runc executable file via /proc/self/exe
cve-2020-8558, 8558 access services bound to 127.0.0.1 from adjacent hosts
cve-2020-15257, 15257 abuse the containerd-shim's abstract unix socket in a container with host network namespace cve-2021-25741, 25741, kubelet-subpath-symlink kubelet symlink exchange vulnerability allows mounting node filesystem inside a pod cve-2021-25748, 25748, ingress-nginx-path-leak ingress-nginx path validation bypass vulnerability allows credential leakage through newline injection cve-2022-0492, 0492 escape via cgroup's release agent without CAP_SYS_ADMIN if kernel is vulnerable to CVE-2022-0492
cve-2022-39253, 39253 read host file during docker build via git CVE-2022-39253
cve-2024-0132, 0132 gpu container escape via nvidia-container-toolkit CVE-2024-0132
cve-2024-23650, 23650 dos buildkit via oci exporter by sending a crafted request
cve-2024-40635, 40635 bypass runAsNonRoot via integer overflow in User ID handling in containerd
cve-2025-23266, 23266 gpu container escape via nvidia-container-toolkit cve-2025-23266 by running a malicious container image
cve-2025-47290, 47290 modify host file via containerd cve-2025-47290 during pulling image
fork-bomb
shocker, cap_dac_read_search, open_by_handle_at escape by CAP_DAC_READ_SEARCH, alias shocker, found by Sebastian Krahmer (stealth) in 2014
cap_sys_admin, sys_admin abuse cap_sys_admin
release_agent, ra escape by cap_sys_admin via cgroups v1 release_agent
ebpf escape by loading evil eBPF programs into the kernel
ebpf-bash, bash abuse eBPF to inject malicious commands into bash processes running on host
ebpf-execve, execve abuse eBPF to hijack execve syscall to run arbitrary commands
ebpf-cron, cron abuse eBPF to inject malicious job into host's crontab ebpf-kubelet, kubelet abuse eBPF to leak services account token from kubelet cap_bpf, bpf load evil bpf programs via cap_bpf cap_sys_ptrace, sys_ptrace, ptrace abuse cap_sys_ptrace ptrace-pid-host, ptrace-pid ptrace host processes in a container with cap_sys_ptrace and host pid namespace host-pid, pid shared host pid namespace breaks process isolation host-pid-proc-root, proc escape by abusing host pid ns via /proc/[pid]/root docker.sock, docker escape by shared docker.sock via running a privileged container CVE-2021-22555, 22555 escape tech by using the CVE-2021-22555 CVE-2020-8555, 8555 k8s CVE-2020-8555 SSRF CVE-2017-1002101, subPath1, 1002101, 2017-1002101 CVE-2017-1002101 dirty-pipe, dp, CVE-2022-0847, 0847 dirty-pipe crash, c make container crashOPTIONS: --help, -h show help
checksec
$ ctrsploit checksec
NAME:
ctrsploit checksec - check security inside a container
USAGE:
ctrsploit checksec [command [command options]]
COMMANDS:
auto, a auto check security
env, e gather information
cve-2016-8867, 8867, amb Ambient Capabilities in the Linux kernel allow local users to gain privileges
cve-2019-5736, 5736 escape by overwrite runc executable file via /proc/self/exe
cve-2020-8558, 8558 access services bound to 127.0.0.1 from adjacent hosts
cve-2020-15257, 15257 abuse the containerd-shim's abstract unix socket in a container with host network namespace cve-2021-25741, 25741, kubelet-subpath-symlink kubelet symlink exchange vulnerability allows mounting node filesystem inside a pod cve-2021-25748, 25748, ingress-nginx-path-leak ingress-nginx path validation bypass vulnerability allows credential leakage through newline injection cve-2022-0492, 0492 escape via cgroup's release agent without CAP_SYS_ADMIN if kernel is vulnerable to CVE-2022-0492
cve-2022-39253, 39253 read host file during docker build via git CVE-2022-39253
cve-2024-0132, 0132 gpu container escape via nvidia-container-toolkit CVE-2024-0132
cve-2024-23650, 23650 dos buildkit via oci exporter by sending a crafted request
cve-2024-40635, 40635 bypass runAsNonRoot via integer overflow in User ID handling in containerd
cve-2025-23266, 23266 gpu container escape via nvidia-container-toolkit cve-2025-23266 by running a malicious container image
cve-2025-47290, 47290 modify host file via containerd cve-2025-47290 during pulling image
cve-2025-62725, 62725 path traversal in Docker Compose OCI artifacts allows arbitrary file write via malicious registry
fork-bomb
shocker, cap_dac_read_search, open_by_handle_at escape by CAP_DAC_READ_SEARCH, alias shocker, found by Sebastian Krahmer (stealth) in 2014
cap_sys_admin, sys_admin abuse cap_sys_admin
cap_bpf, bpf load evil bpf programs via cap_bpf
cap_sys_ptrace, sys_ptrace, ptrace abuse cap_sys_ptrace
ptrace-pid-host, ptrace-pid ptrace host processes in a container with cap_sys_ptrace and host pid namespace
naked we call containers running without seccomp, AppArmor, or SELinux enabled 'naked containers', which leaves them highly vulnerable to kernel exploits and potential container escapes
host-net, net shared host network namespace breaks the network isolation
host-pid, pid shared host pid namespace breaks process isolation
sa-token-access-secrets, secret Check if service account token can access Kubernetes Secrets
sa-token-policy, policy, dangerous-permissions, dp Check if service account token has dangerous permissions
docker.sock, docker escape by shared docker.sock via running a privileged container
OPTIONS:
--help, -h show help
