PRP: Exposed Docker daemon Remote Access

[am0o0]

as we have in documentation docker daemon can be exposed by a network IP address too. please refer to https://docs.docker.com/config/daemon/remote-access/

By default, the Docker daemon listens for connections on a Unix socket to accept requests from local clients. It's possible to allow Docker to accept requests from remote hosts by configuring it to listen on an IP address and port as well as the Unix socket. For more detailed information on this configuration option, refer to the dockerd CLI reference.

[tooryx]

Thank you @am0o0 for willing to contribute. It seems like we already have a detector for this: https://github.com/google/tsunami-security-scanner-plugins/tree/master/google/detectors/exposedui/docker

Feel free to reopen an issue if you think I was mistaken.

~tooryx

[am0o0]

@tooryx you are correct but the plugin you mentioned simply checks for a response, I can check for out-of-band calls with command execution which I guess is your preferred method.

[am0o0]

Also, I think that I don't have enough permission to reopen this issue.

[am0o0]

I found a similar issue in which @JamesFoxxx improved the current plugin. https://github.com/google/tsunami-security-scanner-plugins/issues/441

[tooryx]

I will discuss it with the rest of the devteam.

[tooryx]

Hi @am0o0,

I discussed this with the rest of the devteam. If it would indeed improve the quality of the plugin, it is not the priority right now and we would rather work on other detectors.

Please let me know your thoughts, ~tooryx