Skip to content

MachiavelliII/dockdiver

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
.github
.github
 
 
client
client
 
 
lab
lab
 
 
registry
registry
 
 
useragents
useragents
 
 
utils
utils
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

dockdiver

dockdiver is a Go-based tool to explore and extract contents from Docker registries. It can list repositories, dump specific repositories, or dump all repositories, including manifests, config blobs, and layer tarballs, with SHA256 integrity verification. This repository includes a Docker registry lab in the lab/ directory for testing.

dockdiver-usage

Features

  • List all repositories in a Docker registry.
  • Dump specific or all repositories with manifests, configs, and layers.
  • Rate limiting for safe operation.
  • SHA256 verification for downloaded blobs.

Prerequisites

Instructions

Setup and Build

Building the tool

git clone https://github.com/MachiavelliII/dockdiver.git
cd dockdiver
go build
./dockdiver

       __           __       ___
  ____/ /___  _____/ /______/ (_)   _____  _____
 / __  / __ \/ ___/ //_/ __  / / | / / _ \/ ___/
/ /_/ / /_/ / /__/ ,< / /_/ / /| |/ /  __/ /   @MachIaVellill
\__,_/\____/\___/_/|_|\__,_/_/ |___/\___/_/

Usage of ./dockdiver:
  -bearer string
        Bearer token for Authorization
  -dir string
        Output directory for dumped files (default "docker_dump")
  -dump string
        Specific repository to dump
  -dump-all
        Dump all repositories
  -headers string
        Custom headers as JSON (e.g., '{"X-Custom": "Value"}')
  -insecure
        Skip TLS certificate verification
  -list
        List all repositories
  -password string
        Password for Basic authentication
  -port int
        Port of the registry (used if not specified in URL) (default 5000)
  -proxy string
        Proxy URL (e.g., http://127.0.0.1:8080, https://proxy.com:8443, or socks5://127.0.0.1:1080)
  -proxy-password string
        Password for SOCKS5 proxy authentication
  -proxy-username string
        Username for SOCKS5 proxy authentication
  -rate int
        Requests per second (default 3)
  -timeout duration
        HTTP request timeout (e.g., 10s, 500ms) (default 30s)
  -url string
        Base URL or hostname of the Docker registry (e.g., http://example.com or example.com)
  -username string
        Username for Basic authentication

Launching registry lab for testing:

Run the following command to set up the lab (Linux & macOS):

cd lab/ && chmod +x run_lab.sh && ./run_lab.sh

For Windows:

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned # Run once if needed
cd .\lab; .\run_lab_windows.ps1

Cleaning up after testing

For (Linux & macOS):

# Inside the lab/docker/ directory.
sudo docker-compose down
rm -rf registry-data

For Windows:

docker-compose down # Inside the lab/docker/ directory.
Remove-Item -Path "registry-data" -Recurse -Force

Inspired By DockerRegistryGrabber

About

Explore and extract Docker registry contents.

Topics

docker docker-registry penetration-testing bug-bounty ctf

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

DockDiver v1.1.0 Latest
Jul 21, 2025
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages