creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
ccce7d4e068efecc2f98c385c8e5c01d969fc9bc
Anthropic-Cybersecurity-Skills/skills/analyzing-docker-container-forensics/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

117 lines
2.8 KiB
Markdown
Raw Blame History

# API Reference: Docker Container Forensics Tools
## docker inspect - Container Details
### Syntax
```bash
docker inspect <container_id>
docker inspect --format '{{.HostConfig.Privileged}}' <container_id>
docker inspect --format '{{json .Mounts}}' <container_id> | jq
docker inspect --format '{{.GraphDriver.Data.MergedDir}}' <container_id>
```
### Key JSON Paths
| Path | Description |
|------|-------------|
| `.HostConfig.Privileged` | Privileged mode status |
| `.HostConfig.CapAdd` | Added capabilities |
| `.HostConfig.PidMode` | PID namespace mode |
| `.HostConfig.NetworkMode` | Network namespace mode |
| `.Mounts` | Volume mount configuration |
| `.Config.User` | Container user |
| `.Config.Env` | Environment variables |
| `.Config.Image` | Source image name |
| `.State.StartedAt` | Container start time |
## docker diff - Filesystem Changes
### Syntax
```bash
docker diff <container_id>
```
### Output Codes
| Code | Meaning |
|------|---------|
| `A` | File or directory was added |
| `C` | File or directory was changed |
| `D` | File or directory was deleted |
## docker export - Container Filesystem Export
### Syntax
```bash
docker export <container_id> > container_fs.tar
docker export <container_id> | gzip > container_fs.tar.gz
```
## docker commit / docker save - Image Preservation
### Syntax
```bash
docker commit <container_id> forensic-evidence:case001
docker save forensic-evidence:case001 > evidence_image.tar
```
## docker logs - Container Log Retrieval
### Syntax
```bash
docker logs --timestamps <container_id>
docker logs --since 2024-01-15 <container_id>
docker logs --tail 1000 <container_id>
docker logs -f <container_id> # Follow (live)
```
## dive - Image Layer Analysis
### Syntax
```bash
dive <image_name> # Interactive mode
dive <image_name> --ci # CI mode (non-interactive)
dive <image_name> --ci --json out.json # JSON output
```
### Output Includes
- Layer-by-layer filesystem changes
- Image efficiency score
- Wasted space analysis
## container-diff - Image Comparison
### Syntax
```bash
container-diff diff daemon://nginx:latest daemon://suspect:latest \
--type=file --type=apt --type=history --json
```
### Diff Types
| Type | Description |
|------|-------------|
| `file` | File system differences |
| `apt` | APT package differences |
| `pip` | Python package differences |
| `history` | Docker build history differences |
## Trivy - Vulnerability Scanning
### Syntax
```bash
trivy image <image_name>
trivy image --format json <image_name>
trivy image --scanners vuln,secret <image_name>
trivy fs /path/to/exported/container/
```
### Severity Levels
`CRITICAL` | `HIGH` | `MEDIUM` | `LOW` | `UNKNOWN`
## docker-explorer - Offline Forensics
### Syntax
```bash
de.py -r /var/lib/docker list
de.py -r /var/lib/docker mount <container_id> /mnt/forensic
de.py -r /var/lib/docker history <container_id>
```
Reference in New Issue View Git Blame Copy Permalink