Whaler is a Go program which is designed to reverse engineer docker images into the Dockerfile that created it. It currently performs the following actions
- Generates a Dockerfile from an Image
- Searches added filenames for potential secret files
- Extracts files that were added by the Docker ADD/COPY Instructions
- It also displays misc. information such as ports open, the user it runs as and environment variables.
The easiest way is to run the tool in docker container:
docker pull pegleg/whaler
docker run -t --rm -v /var/run/docker.sock:/var/run/docker.sock:ro pegleg/whaler -sV=1.36 nginx:latest
docker build --rm -t pegleg/whaler .
alias whaler="docker run -t --rm -v /var/run/docker.sock:/var/run/docker.sock:ro pegleg/whaler"
whaler -sV=1.36 nginx:latest
This tool will pull target docker image automatically. Parameter -sV=1.36
is not always required.
Git clone the project into your $GOPATH/src directory and perform the following command
go get -u github.com/P3GLEG/Whaler
cd $GOPATH/src/github.com/P3GLEG/Whaler
go build .
./Whaler
Usage of ./Whaler:
-f string
File containing images to analyze seperated by line
-filter
Filters filenames that create noise such as node_modules. Check ignore.go file for more details (default true)
-sV string
Set the docker client ID to a specific version -sV=1.36
-v Print all details about the image
-x Save layers to current directory