Skip to content

Feature: Improved CVE-2025-9074 and tidied up #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stealthcopter merged 1 commit into from
Dec 21, 2025
Merged

Feature: Improved CVE-2025-9074 and tidied up #44

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 40 additions & 28 deletions deepce.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -379,7 +379,7 @@ userCheck() {
groups=$(groups| sed "s/\($DANGEROUS_GROUPS\)/${LG}${EX}&${NC}${DG}/g")
printStatus "$groups" "None"

if ! [ $isUserRoot ]; then
if ! [ "$isUserRoot" ]; then
printQuestion "Sudo ...................."
if [ -x "$(command -v sudo)" ]; then
if sudo -n -l 2>/dev/null; then
Expand Down Expand Up @@ -632,7 +632,7 @@ containerPrivileges() {
fi
}

containerExploits() {
containerExploitAlpine() {
# If we are on an alpine linux disto check for CVE–2019–5021
if [ -f "/etc/alpine-release" ]; then
alpineVersion=$(cat /etc/alpine-release)
Expand All @@ -647,52 +647,64 @@ containerExploits() {
printNo
fi
fi
}

containerExploitAPI() {
# Check if docker api is exposed (including CVE-2025-9074)
api_available="0"
api_host=""
api_hosts="192.168.65.7:2375 172.17.0.1:2375"

printQuestion "Docker API exposed ......"

# If docker api is exposed check for CVE-2025-9074
if [ -x "$(command -v curl)" ] || [ -x "$(command -v wget)" ]; then
printQuestion "Docker API exposed ......."
api_available="0"

if [ -x "$(command -v curl)" ]; then
curl -s --connect-timeout 1 http://192.168.65.7:2375/version >/dev/null 2>&1
if [ $? -eq 0 ]; then
api_available="1"
fi
elif [ -x "$(command -v wget)" ]; then
wget -O - http://192.168.65.7:2375/version --connect-timeout=1 --tries=1 -q >/dev/null 2>&1
if [ $? -eq 0 ]; then
api_available="1"
for host in $api_hosts; do
if [ -x "$(command -v curl)" ]; then
if curl -s --connect-timeout 1 "http://$host/version" >/dev/null 2>&1; then
api_available="1"
api_host="$host"
break
fi
else
if wget -O - "http://$host/version" --connect-timeout=1 --tries=1 -q >/dev/null 2>&1; then
api_available="1"
api_host="$host"
break
fi
fi
fi
done

if [ "$api_available" = "0" ]; then
printNo
return
fi
printSuccess "Yes"

printSuccess "Yes ($api_host)"
printQuestion "└── CVE-2025-9074 ......."

if [ -x "$(command -v curl)" ]; then
curl -s --connect-timeout 1 http://192.168.65.7:2375/containers/json >/dev/null 2>&1
if [ $? -eq 0 ]; then
if curl -s --connect-timeout 1 "http://$api_host/containers/json" >/dev/null 2>&1; then
printYesEx
printTip "$TIP_CVE_2025_9074"
else
printNo
fi
elif [ -x "$(command -v wget)" ]; then
wget -O - http://192.168.65.7:2375/containers/json --connect-timeout=1 --tries=1 -q >/dev/null 2>&1
if [ $? -eq 0 ]; then
elif wget -O - "http://$api_host/containers/json" --connect-timeout=1 --tries=1 -q >/dev/null 2>&1; then
printYesEx
printTip "$TIP_CVE_2025_9074"
else
printNo
fi
else
printNo
fi
else
printError "Unknown (curl/wget not installed)"
fi
}

containerExploits() {
containerExploitAlpine
containerExploitAPI
}

enumerateContainers() {
printSection "Enumerating Containers"

Expand Down
Loading