# Docker API Enumeration Tools
These scripts query the **Docker Engine HTTP API** to collect information about containers and secrets.
They are designed for security assessments and administrative auditing, providing quick insights into environment variables, secrets, and general engine configuration.
**Warning**: Exposing the Docker Engine API without TLS or authentication is a serious security risk.
Use these scripts only against environments you are authorized to assess.
## Install
From pip:
```bash
pip install docker-enumsensitive
```
From github:
```bash
git clone https://github.com/DefensiveOrigins/DockerEngineAPI-EnumSensitive.git
```
---
## Scripts
### docker-enum-envvars / EnumEnvVars.py`
Enumerates running and stopped containers, extracts their **environment variables**, and prints them to the console.
Can also save the results in structured JSON.
### docker-enum-secrets / EnumSecrets.py
Enumerates Secrets from Docker Swarm mode, attempting to read their values if specified. Can also save the results in structured JSON.
### docker-enum-images / EnumImages.py
Inspects the contents of images for sensitive information such as tokens, keys, etc.
### Usage
##### Environment Variables Enumeration
```bash
# Local Docker API (default: http://localhost:2375)
python EnumEnvVars.py
docker-enum-envvars
# Remote engine and save to file
python EnumEnvVars.py --url http://docker-host:2375 --out results.json
docker-enum-envvars --url http://docker-host:2375 --out results.json
# Include full /info JSON
python EnumEnvVars.py --show-info-json
docker-enum-envvars --show-info-json
```
##### Secrets Enumeration
```bash
# Local secrets enumeration
python EnumSecrets.py
docker-enum-secrets
# Remote engine, attempt values, save to file
python EnumSecrets.py --url http://docker-host:2375 --attempt-values --out secrets.json
docker-enum-secrets --url http://docker-host:2375 --attempt-values --out secrets.json
# Include full /info JSON
python EnumSecrets.py --show-info-json
docker-enum-secrets --show-info-json
```
Raw data
{
"_id": null,
"home_page": null,
"name": "docker-enumsensitive",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "docker, security, enumeration, api, pentest, red-team",
"author": null,
"author_email": "Defensive Origins <info@defensiveorigins.com>",
"download_url": "https://files.pythonhosted.org/packages/c0/a8/ecc0b975c92945a55a4ace527ae3811b8f86d743695c7c516eab49e41e55/docker_enumsensitive-0.1.5.tar.gz",
"platform": null,
"description": "# Docker API Enumeration Tools\n\nThese scripts query the **Docker Engine HTTP API** to collect information about containers and secrets. \nThey are designed for security assessments and administrative auditing, providing quick insights into environment variables, secrets, and general engine configuration.\n\n**Warning**: Exposing the Docker Engine API without TLS or authentication is a serious security risk. \nUse these scripts only against environments you are authorized to assess.\n\n## Install\nFrom pip: \n```bash\npip install docker-enumsensitive\n```\nFrom github:\n```bash\ngit clone https://github.com/DefensiveOrigins/DockerEngineAPI-EnumSensitive.git\n```\n---\n\n\n \n## Scripts\n\n### docker-enum-envvars / EnumEnvVars.py`\nEnumerates running and stopped containers, extracts their **environment variables**, and prints them to the console. \nCan also save the results in structured JSON.\n\n### docker-enum-secrets / EnumSecrets.py\nEnumerates Secrets from Docker Swarm mode, attempting to read their values if specified. Can also save the results in structured JSON.\n\n### docker-enum-images / EnumImages.py\nInspects the contents of images for sensitive information such as tokens, keys, etc.\n\n\n### Usage\n\n##### Environment Variables Enumeration\n\n```bash\n# Local Docker API (default: http://localhost:2375)\npython EnumEnvVars.py\ndocker-enum-envvars\n\n# Remote engine and save to file\npython EnumEnvVars.py --url http://docker-host:2375 --out results.json\ndocker-enum-envvars --url http://docker-host:2375 --out results.json\n\n\n# Include full /info JSON\npython EnumEnvVars.py --show-info-json\ndocker-enum-envvars --show-info-json\n```\n\n##### Secrets Enumeration \n\n```bash\n\n# Local secrets enumeration\npython EnumSecrets.py\ndocker-enum-secrets\n\n# Remote engine, attempt values, save to file\npython EnumSecrets.py --url http://docker-host:2375 --attempt-values --out secrets.json\ndocker-enum-secrets --url http://docker-host:2375 --attempt-values --out secrets.json\n\n# Include full /info JSON\npython EnumSecrets.py --show-info-json\ndocker-enum-secrets --show-info-json\n```\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Docker Engine HTTP API enumeration helpers for env vars, secrets, and images.",
"version": "0.1.5",
"project_urls": {
"Homepage": "https://github.com/DefensiveOrigins/DockerEngineAPI-EnumSensitive",
"Issues": "https://github.com/DefensiveOrigins/DockerEngineAPI-EnumSensitive/issues",
"Source": "https://github.com/DefensiveOrigins/DockerEngineAPI-EnumSensitive"
},
"split_keywords": [
"docker",
" security",
" enumeration",
" api",
" pentest",
" red-team"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "c0819cfb7e3da255a172dd6c8b55dc5165f333d50fbbf0e90ddee787bbe597d3",
"md5": "0d808941414135ced26fa4c89e176fe0",
"sha256": "520a96113491aa6eb5839503304965b7a04b4edce71c70c28754888c83c33df5"
},
"downloads": -1,
"filename": "docker_enumsensitive-0.1.5-py3-none-any.whl",
"has_sig": false,
"md5_digest": "0d808941414135ced26fa4c89e176fe0",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 12035,
"upload_time": "2025-11-15T09:18:32",
"upload_time_iso_8601": "2025-11-15T09:18:32.345118Z",
"url": "https://files.pythonhosted.org/packages/c0/81/9cfb7e3da255a172dd6c8b55dc5165f333d50fbbf0e90ddee787bbe597d3/docker_enumsensitive-0.1.5-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "c0a8ecc0b975c92945a55a4ace527ae3811b8f86d743695c7c516eab49e41e55",
"md5": "ee8fcab0243cdfd4a3b0b4b6d75107be",
"sha256": "d695f937690e3e51b1ddbe3d53fc7a88123240f43927ac730335b9f6148585de"
},
"downloads": -1,
"filename": "docker_enumsensitive-0.1.5.tar.gz",
"has_sig": false,
"md5_digest": "ee8fcab0243cdfd4a3b0b4b6d75107be",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 9506,
"upload_time": "2025-11-15T09:18:33",
"upload_time_iso_8601": "2025-11-15T09:18:33.617361Z",
"url": "https://files.pythonhosted.org/packages/c0/a8/ecc0b975c92945a55a4ace527ae3811b8f86d743695c7c516eab49e41e55/docker_enumsensitive-0.1.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-11-15 09:18:33",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "DefensiveOrigins",
"github_project": "DockerEngineAPI-EnumSensitive",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "requests",
"specs": [
[
">=",
"2.31.0"
]
]
},
{
"name": "alive-progress",
"specs": [
[
">=",
"3.1.5"
]
]
}
],
"lcname": "docker-enumsensitive"
}
JSON
