Deepce
Apache-2.0๐ฆ Container Security ยท Shell
Deepce (Docker Enumeration, Escalation of Privileges, and Container Escapes) is a tool designed to help identify vulnerable Docker installations and find potential container escape routes. Written as a portable shell script with no dependencies, it runs inside Docker containers to assess the security posture from the inside out. Deepce checks for dangerous capabilities (SYS_ADMIN, SYS_PTRACE, DAC_READ_SEARCH), mounted Docker sockets, writable host mounts, misconfigured namespaces, and known kernel vulnerabilities that enable container escapes. It also fingerprints the container environment, identifies the container runtime (Docker, Podman, LXC), checks network configuration, and enumerates neighboring containers. Its zero-dependency design makes it ideal for quick assessments during penetration tests where you land inside a container and need to assess your options.
Installation
Quick run
$ curl -sL https://github.com/stealthcopter/deepce/raw/main/deepce.sh | shfrom source
$ git clone https://github.com/stealthcopter/deepce.git && chmod +x deepce/deepce.shUse Cases
- Enumerating the container environment after gaining initial access
- Checking for dangerous Linux capabilities that enable container escape
- Detecting mounted Docker sockets and writable host filesystem mounts
- Identifying neighboring containers and network topology from within a container
- Quick zero-dependency security assessment of Docker container configurations
Tags
Details
- Category
- ๐ฆ Container Security
- Language
- Shell
- Repository
- stealthcopter/deepce
- License
- Apache-2.0
- Platforms
- ๐งlinux
Links
Alternatives & Comparisons
Falco
C++Cloud-native runtime security. Detects threats in containers, Kubernetes, and Linux hosts using system call monitoring and custom rules.
Compare Deepce vs Falcokube-hunter
PythonKubernetes penetration testing tool. Hunts for security weaknesses in Kubernetes clusters from inside or outside the network.
Compare Deepce vs kube-hunterCDK
GoContainer escape and exploitation toolkit. Zero-dependency binary for container pentesting with escape exploits and post-exploitation tools.
Compare Deepce vs CDKMore in Container Security
Falco
C++Cloud-native runtime security. Detects threats in containers, Kubernetes, and Linux hosts using system call monitoring and custom rules.
kube-hunter
PythonKubernetes penetration testing tool. Hunts for security weaknesses in Kubernetes clusters from inside or outside the network.
CDK
GoContainer escape and exploitation toolkit. Zero-dependency binary for container pentesting with escape exploits and post-exploitation tools.
Dockle
GoContainer image linter. Checks Docker images for security best practices, CIS benchmarks, and Dockerfile misconfigurations.
Syft
GoSoftware Bill of Materials generator. Creates SBOMs from container images and filesystems in SPDX and CycloneDX formats.