Skip to content

Instantly share code, notes, and snippets.

@dustinbutterworth
Created August 18, 2022 17:48
Show Gist options
  • Save dustinbutterworth/8c088ab503dadcada46daf071de37aae to your computer and use it in GitHub Desktop.
Save dustinbutterworth/8c088ab503dadcada46daf071de37aae to your computer and use it in GitHub Desktop.
az acr repository secrets hunting
#!/usr/bin/env bash
# ./acr-secret-recon.sh nginx myrepo.repo.com myrepo
image=${1}
docker_repo=${2}
acr_repo_name=${3}
mkdir ${image}
cd ${image}
tag=$(az acr repository show-tags -n ${acr_repo_name} --repository ${image} | jq '.[-1]' -r)
docker pull ${docker_repo}/${image}:${tag}
image_id=$(docker images | grep ${image} | awk '{print $3}')
docker image history -H --no-trunc ${image_id} > ${image}-history.txt
gf sec
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment