-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-find.sh
105 lines (75 loc) · 2.32 KB
/
docker-find.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/usr/bin/env bash
# set -e
SCRIPT_NAME="docker-find"
LAYERS="layers"
LAYER_TAR_FILENAME="${LAYERS}.tar"
# clean up before starting
function clean_up(){
printf "[+] Cleaning existing files\n\n"
rm -rf ${LAYERS}
}
# find image locally
# if not available locally, pull it
function find_image(){
printf "[+] Searching '${image}' locally\n\n"
if [[ "$(docker images -q ${image} 2> /dev/null)" == "" ]]; then
printf "[-] Docker image: '${image}' not found locally\n"
printf "[+] Pulling image: '${image}'\n"
docker pull -q ${image}
fi
printf "[+] Found '${image}' locally\n\n"
}
# search for `search_term` in `docker history`
function search_history(){
printf "[+] Searching docker history\n\n"
docker history ${image} --no-trunc | grep --color -i ${search_term}
}
# search for search_term in `docker inspect`
function search_inspect(){
printf "[+] Searching docker inspect\n\n"
docker inspect ${image} | grep --color -i ${search_term}
}
# save image layers using `docker save` and untar each layers
function save_and_untar_layers(){
printf "[+] Saving and extracting layers\n\n"
mkdir -p ${LAYERS}
docker save ${image} -o ${LAYER_TAR_FILENAME}
tar xf ${LAYER_TAR_FILENAME} -C ${LAYERS}
layers=(${LAYERS}/*/)
for layer in "${layers[@]}"; do
mkdir -p ${layer}layer # /layers/<layer-name>/layer
tar xf ${layer}/layer.tar -C ${layer}/layer
done
}
# recursive grep search
function grep_search(){
printf "[+] Running 'grep' on layer files\n\n"
grep -HnrIi --color "${search_term}" ${LAYERS}/
}
# recursive strings search
function strings_search(){
printf "[+] Running 'strings' on layer files\n\n"
find ${LAYERS}/ -type f \( ! -iname "*.tar" \) | xargs strings -f | grep --color -i "${search_term}"
}
# search for `search_term` in extracted layers
function search_layers(){
save_and_untar_layers
printf "[+] Searching layers\n\n"
grep_search
strings_search
}
function main(){
clean_up
find_image
printf "[+] Searching '${image}' for '${search_term}'\n\n"
search_history
search_inspect
search_layers
}
if [[ "$#" -ne 2 ]]; then
printf "[-] Script requires 2 arguments: ./${SCRIPT_NAME} [image] [search-term]\n\n"
exit
fi
image="${1}"
search_term="${2}"
main