ctrsploit [kənˈteɪnər splɔɪt] , follows sploit-spec
https://github.com/ctrsploit/ctrsploit/releases
$ wget -q https://github.com/ctrsploit/ctrsploit/releases/latest/download/ctrsploit_linux_amd64 -O /usr/bin/ctrsploit
$ chmod +x /usr/bin/ctrsploit
$ ctrsploit --helpmake binary$ ctrsploit env
NAME:
ctrsploit env - gather information
USAGE:
ctrsploit env [command options]
COMMANDS:
auto auto
where, w detect whether you are in the container, and which type of the container
mountinfo, m list mount points
storage-driver, sd detect storage driver type and extend information
cgroups, c gather cgroup information
capability, cap show the capability of pid 1 and current process
seccomp, sc show the seccomp info
apparmor, a show the apparmor info
selinux, se show the selinux info
fdisk, f like linux command fdisk or lsblk // TODO
kernel, k collect kernel environment information
sysctl display sysctl information
rlimit get process resource limits
namespace, n, ns check namespace is host ns
docker-version, dv guess dockerd version range
upload, up upload <servicename> <filename> <obs> [host]
help, h Shows a list of commands or help for one command
OPTIONS:
--help, -h show help$ ctrsploit vul
NAME:
ctrsploit vul - list vulnerabilities
USAGE:
ctrsploit vul [command options]
COMMANDS:
cve-2016-8867, 8867, amb Ambient Capabilities in the Linux kernel allow local users to gain privileges
cve-2019-5736, 5736 escape by overwrite runc executable file via /proc/self/exe
cve-2020-8558, 8558 access services bound to 127.0.0.1 from adjacent hosts
cve-2020-15257, 15257 abuse the containerd-shim's abstract unix socket in a container with host network namespace
cve-2021-25741, 25741, kubelet-subpath-symlink kubelet symlink exchange vulnerability allows mounting node filesystem inside a pod
cve-2021-25748, 25748, ingress-nginx-path-leak ingress-nginx path validation bypass vulnerability allows credential leakage through newline injection
cve-2022-0492, 0492 escape via cgroup's release agent without CAP_SYS_ADMIN if kernel is vulnerable to CVE-2022-0492
cve-2022-39253, 39253 read host file during docker build via git CVE-2022-39253
cve-2024-0132, 0132 gpu container escape via nvidia-container-toolkit CVE-2024-0132
cve-2024-23650, 23650 dos buildkit via oci exporter by sending a crafted request
cve-2025-23266, 23266 gpu container escape via nvidia-container-toolkit cve-2025-23266 by running a malicious container image
cve-2025-47290, 47290 modify host file via containerd cve-2025-47290 during pulling image
fork-bomb
naked we call containers running without seccomp, AppArmor, or SELinux enabled 'naked containers', which leaves them highly vulnerable to kernel exploits and potential container escapes
capability, caps abuse dangerous capabilities in container
namespace, ns host level namespaces break the isolations
shared-socket, sock abuse runtime's api via shared socket
help, h Shows a list of commands or help for one command
OPTIONS:
--help, -h show help- ✔️ : Fully Supported
- ⭕ : Partially Supported
- 🐛 : Known Bug
- ❌ : Not Supported
-: Not Applicable
| vul | desc | check | exploit |
|---|---|---|---|
| cve-2016-8867 | ambient capabilities allow local users to gain privileges | ✔️ | ✔️ |
| cve-2016-9962 | ❌ | ❌ | |
| CVE-2017-1002101 | ❌ | ✔️ | |
| cve-2019-5736 | escape by overwrite runc executable file via /proc/self/exe | ✔️ | - |
| └─exec | cve-2019-5736 exploit via runc exec process | ✔️ | ✔️ |
| └─image | cve-2019-5736 exploit via a malicious image | ✔️ | ✔️ |
| CVE-2019-14271 | ❌ | ✔️ | |
| CVE-2019-16884 | ❌ | ✔️ | |
| CVE-2020-8555 | ❌ | ✔️ | |
| cve-2020-8558 | access services bound to 127.0.0.1 from adjacent hosts | ✔️ | ✔️ |
| CVE-2020-15157 | ❌ | ✔️ | |
| cve-2020-15257 | abuse the containerd-shim's abstract unix socket in a container with host network namespace | ✔️ | ✔️ |
| CVE-2021-3493 | ❌ | ✔️ | |
| CVE-2021-21285 | ❌ | ✔️ | |
| CVE-2021-22555 | ❌ | ✔️ | |
| CVE-2021-41091 | ❌ | ✔️ | |
| cve-2021-25741 | kubelet symlink exchange vulnerability allows mounting node filesystem inside a pod | ✔️ | ✔️ |
| cve-2022-0492 | escape via cgroup's release agent without CAP_SYS_ADMIN if kernel is vulnerable to CVE-2022-0492 | ✔️ | ✔️ |
| CVE-2022-0847 | ❌ | ✔️ | |
| cve-2022-39253 | read host file during docker build via git CVE-2022-39253 | ⭕ | ✔️ |
| CVE-2023-28642 | ❌ | ❌ | |
| cve-2024-0132 | gpu container escape via nvidia-container-toolkit CVE-2024-0132 | ⭕ | ✔️ |
| CVE-2024-21626 | ❌ | ❌ | |
| cve-2024-23650 | dos buildkit via oci exporter by sending a crafted request | ✔️ | ✔️ |
| cve-2025-23266 | gpu container escape via nvidia-container-toolkit cve-2025-23266 by running a malicious container image | ⭕ | ✔️ |
| cve-2025-23267 | ❌ | ❌ | |
| cve-2025-23359 | ❌ | ❌ | |
| cve-2025-31133 | ❌ | ❌ | |
| cve-2025-47290 | modify host file via containerd cve-2025-47290 during pulling image | ✔️ | ✔️ |
| cve-2025-52565 | ❌ | ❌ | |
| cve-2025-62725 | path traversal in docker compose oci artifacts allows arbitrary file write via malicious registry | ✔️ | ✔️ |
| caps | abuse dangerous capabilities in container | - | - |
| └─shocker | escape by CAP_DAC_READ_SEARCH, alias shocker, found by Sebastian Krahmer (stealth) in 2014 | ✔️ | ✔️ |
| └─sys_admin | abuse cap_sys_admin | ✔️ | - |
| └─release_agent | escape by cap_sys_admin via cgroups v1 release_agent | ✔️ | ✔️ |
| └─mount-device | ❌ | ❌ | |
| └─mount-proc | ❌ | ❌ | |
| └─device.allow | ❌ | ❌ | |
| └─ebpf | escape by loading evil eBPF programs into the kernel | ✔️ | - |
| └─bash | abuse eBPF to inject malicious commands into bash processes running on host | ✔️ | ✔️ |
| └─cron | abuse eBPF to inject malicious job into host's crontab | ✔️ | ✔️ |
| └─execve | abuse eBPF to hijack execve syscall to run arbitrary commands | ✔️ | ✔️ |
| └─kubelet | abuse eBPF to leak services account token from kubelet | ✔️ | ✔️ |
| └─sshd | ❌ | ❌ | |
| └─bpf | load evil bpf programs via cap_bpf | - | - |
| └─ebpf | same as caps/sys_admin/ebpf | ✔️ | - |
| └─sys_ptrace | abuse cap_sys_ptrace | ✔️ | - |
| └─pid_host | ptrace host processes in a container with cap_sys_ptrace and host pid namespace | ✔️ | ✔️ |
| └─sys_module | ❌ | ❌ | |
| └─net_admin | ❌ | ❌ | |
| naked | we call containers running without seccomp, AppArmor, or SELinux enabled 'naked containers', which leaves them highly vulnerable to kernel exploits and potential container escapes | ✔️ | - |
| namespace | shared host namespaces break the isolations | - | - |
| └─net | shared host network namespace breaks the network isolation | ✔️ | ❌ |
| └─shijack | ❌ | ❌ | |
| └─basic | ❌ | ❌ | |
| └─ali | ❌ | ❌ | |
| └─hw | ❌ | ❌ | |
| └─gcp | ❌ | ❌ | |
| └─aws | ❌ | ❌ | |
| └─pid | shared host pid namespace breaks the process isolation | - | - |
| └─proc_root | escape by abusing host pid ns via /proc/[pid]/root | ✔️ | ✔️ |
| fs | ❌ | ❌ | |
| └─proc-rw | ❌ | - | |
| └─core_pattern | ❌ | ❌ | |
| └─binfmt | ❌ | ❌ | |
| └─sys-rw | ❌ | ❌ | |
| └─lxcfs-rw | ❌ | ❌ | |
| shared-socket | abuse runtime's api via shared socket | - | - |
| └─docker.sock | escape by shared docker.sock via running a privileged container | ✔️ | ✔️ |
| └─containerd.sock | ❌ | ❌ | |
| exposed-api | - | - | |
| └─docker-2375 | ❌ | ❌ | |
| lxcfs | ❌ | ❌ | |
| fork-bomb | ✔️ | ✔️ |
$ ctrsploit exploit
NAME:
ctrsploit exploit - run a exploit
USAGE:
ctrsploit exploit [command options]
COMMANDS:
cve-2016-8867, 8867, amb Ambient Capabilities in the Linux kernel allow local users to gain privileges
cve-2019-5736, 5736 escape by overwrite runc executable file via /proc/self/exe
cve-2020-8558, 8558 access services bound to 127.0.0.1 from adjacent hosts
cve-2020-15257, 15257 abuse the containerd-shim's abstract unix socket in a container with host network namespace
cve-2021-25741, 25741, kubelet-subpath-symlink kubelet symlink exchange vulnerability allows mounting node filesystem inside a pod
cve-2021-25748, 25748, ingress-nginx-path-leak ingress-nginx path validation bypass vulnerability allows credential leakage through newline injection
cve-2022-0492, 0492 escape via cgroup's release agent without CAP_SYS_ADMIN if kernel is vulnerable to CVE-2022-0492
cve-2022-39253, 39253 read host file during docker build via git CVE-2022-39253
cve-2024-0132, 0132 gpu container escape via nvidia-container-toolkit CVE-2024-0132
cve-2024-23650, 23650 dos buildkit via oci exporter by sending a crafted request
cve-2025-23266, 23266 gpu container escape via nvidia-container-toolkit cve-2025-23266 by running a malicious container image
cve-2025-47290, 47290 modify host file via containerd cve-2025-47290 during pulling image
fork-bomb
shocker, cap_dac_read_search, open_by_handle_at escape by CAP_DAC_READ_SEARCH, alias shocker, found by Sebastian Krahmer (stealth) in 2014
cap_sys_admin, sys_admin abuse cap_sys_admin
release_agent, ra escape by cap_sys_admin via cgroups v1 release_agent
ebpf escape by loading evil eBPF programs into the kernel
ebpf-bash, bash abuse eBPF to inject malicious commands into bash processes running on host
ebpf-execve, execve abuse eBPF to hijack execve syscall to run arbitrary commands
ebpf-cron, cron abuse eBPF to inject malicious job into host's crontab
ebpf-kubelet, kubelet abuse eBPF to leak services account token from kubelet
cap_bpf, bpf load evil bpf programs via cap_bpf
cap_sys_ptrace, sys_ptrace, ptrace abuse cap_sys_ptrace
ptrace-pid-host, ptrace-pid ptrace host processes in a container with cap_sys_ptrace and host pid namespace
host-pid, pid shared host pid namespace breaks process isolation
host-pid-proc-root, proc escape by abusing host pid ns via /proc/[pid]/root
docker.sock, docker escape by shared docker.sock via running a privileged container
CVE-2021-22555, 22555 escape tech by using the CVE-2021-22555
CVE-2020-8555, 8555 k8s CVE-2020-8555 SSRF
CVE-2017-1002101, subPath1, 1002101, 2017-1002101 CVE-2017-1002101
dirty-pipe, dp, CVE-2022-0847, 0847 dirty-pipe
crash, c make container crash
help, h Shows a list of commands or help for one command
OPTIONS:
--help, -h show help$ ctrsploit checksec
NAME:
ctrsploit checksec - check security inside a container
USAGE:
ctrsploit checksec [command options]
COMMANDS:
auto, a auto check security
env, e gather information
cve-2016-8867, 8867, amb Ambient Capabilities in the Linux kernel allow local users to gain privileges
cve-2019-5736, 5736 escape by overwrite runc executable file via /proc/self/exe
cve-2020-8558, 8558 access services bound to 127.0.0.1 from adjacent hosts
cve-2020-15257, 15257 abuse the containerd-shim's abstract unix socket in a container with host network namespace
cve-2021-25741, 25741, kubelet-subpath-symlink kubelet symlink exchange vulnerability allows mounting node filesystem inside a pod
cve-2021-25748, 25748, ingress-nginx-path-leak ingress-nginx path validation bypass vulnerability allows credential leakage through newline injection
cve-2022-0492, 0492 escape via cgroup's release agent without CAP_SYS_ADMIN if kernel is vulnerable to CVE-2022-0492
cve-2022-39253, 39253 read host file during docker build via git CVE-2022-39253
cve-2024-0132, 0132 gpu container escape via nvidia-container-toolkit CVE-2024-0132
cve-2024-23650, 23650 dos buildkit via oci exporter by sending a crafted request
cve-2025-23266, 23266 gpu container escape via nvidia-container-toolkit cve-2025-23266 by running a malicious container image
cve-2025-47290, 47290 modify host file via containerd cve-2025-47290 during pulling image
fork-bomb
shocker, cap_dac_read_search, open_by_handle_at escape by CAP_DAC_READ_SEARCH, alias shocker, found by Sebastian Krahmer (stealth) in 2014
cap_sys_admin, sys_admin abuse cap_sys_admin
cap_bpf, bpf load evil bpf programs via cap_bpf
cap_sys_ptrace, sys_ptrace, ptrace abuse cap_sys_ptrace
ptrace-pid-host, ptrace-pid ptrace host processes in a container with cap_sys_ptrace and host pid namespace
naked we call containers running without seccomp, AppArmor, or SELinux enabled 'naked containers', which leaves them highly vulnerable to kernel exploits and potential container escapes
host-net, net shared host network namespace breaks the network isolation
host-pid, pid shared host pid namespace breaks process isolation
docker.sock, docker escape by shared docker.sock via running a privileged container
help, h Shows a list of commands or help for one command
OPTIONS:
--help, -h show help$ ctrsploit --colorful checksec auto
✔ ptrace-pid-host # ptrace host processes in a container with cap_sys_ptrace and host pid namespace
✔ cap_sys_admin # abuse cap_sys_admin
✘ cve-2016-8867 # Ambient Capabilities in the Linux kernel allow local users to gain privileges
✘ cve-2020-8558 # access services bound to 127.0.0.1 from adjacent hosts
✘ cve-2021-25741 # kubelet symlink exchange vulnerability allows mounting node filesystem inside a pod
✘ cve-2025-23266 # gpu container escape via nvidia-container-toolkit cve-2025-23266 by running a malicious container image
✔ shocker # escape by CAP_DAC_READ_SEARCH, alias shocker, found by Sebastian Krahmer (stealth) in 2014
✘ cve-2022-39253 # read host file during docker build via git CVE-2022-39253
✘ cve-2024-0132 # gpu container escape via nvidia-container-toolkit CVE-2024-0132
✔ cap_sys_ptrace # abuse cap_sys_ptrace
✔ naked # we call containers running without seccomp, AppArmor, or SELinux enabled 'naked containers', which leaves them highly vulnerable to kernel exploits and potential container escapes
✔ host-pid # shared host pid namespace breaks process isolation
✘ cve-2019-5736 # escape by overwrite runc executable file via /proc/self/exe
✘ cve-2020-15257 # abuse the containerd-shim's abstract unix socket in a container with host network namespace
✘ cve-2025-47290 # modify host file via containerd cve-2025-47290 during pulling image
✔ cap_bpf # load evil bpf programs via cap_bpf
✔ host-net # shared host network namespace breaks the network isolation
✘ docker.sock # escape by shared docker.sock via running a privileged container
✘ cve-2022-0492 # escape via cgroup's release agent without CAP_SYS_ADMIN if kernel is vulnerable to CVE-2022-0492
✘ cve-2024-23650 # dos buildkit via oci exporter by sending a crafted request
✘ fork-bomb// TODO