Subtrace is Wireshark for your Docker containers. It lets developers see all incoming and outgoing requests in their backend server so that they can resolve production issues faster. Works out-of-the-box, no code changes needed. Supports all languages (Python + Node + Go + everything else). See full payload, headers, status code, and latency.
rockslide is a simple, personal, self-hosted Platform-as-service (PaaS) that orchestrates container images as its core abstraction for shipping software. It allows a single developer to host one or more applications on a single machine with minimal fuss, simply pushing a container image to the built-in registry is enough to launch it on a custom domain with HTTPS support (hopefully soon) through letsencrypt.
Single static binary less than 10 mb in size, with a tiny set of external dependencies (podman). No additional CLI tools needed, simply pushing to a registry is enough. Allows for optionally protecting containers with an HTTP password.
Requires podman and nix as dependencies. Also requires running on a distro that is built using systemd.
A tool for exploring a docker image layer by layer, the contents of each layer, what changs in between each layer, and discovering ways to shrink the size of your Docker/OCI image. Additionally you can run this in your CI pipeline to ensure you're keeping wasted space to a minimum.
Welcome to Neko, a self-hosted virtual browser that runs in Docker and uses WebRTC technology. Neko is a powerful tool that allows you to run a fully-functional browser in a virtual environment, giving you the ability to access the internet securely and privately from anywhere. With Neko, you can browse the web, run applications, and perform other tasks just as you would on a regular browser, all within a secure and isolated environment. Whether you are a developer looking to test web applications, a privacy-conscious user seeking a secure browsing experience, or simply someone who wants to take advantage of the convenience and flexibility of a virtual browser, Neko is the perfect solution.
In addition to its security and privacy features, Neko offers the ability for multiple users to access it simultaneously. This makes it an ideal solution for teams or organizations that need to share access to a browser, as well as for individuals who want to use multiple devices to access the same virtual environment. With Neko, you can easily and securely share access to a browser with others, without having to worry about maintaining separate configurations or settings. Whether you need to collaborate on a project, access shared resources, or simply want to share access to a browser with friends or family, Neko makes it easy to do so.
Neko is also a great tool for hosting watch parties and interactive presentations. With its virtual browser capabilities, Neko allows you to host watch parties and presentations that are accessible from anywhere, without the need for in-person gatherings. This makes it easy to stay connected with friends and colleagues, even when you are unable to meet in person. With Neko, you can easily host a watch party or give an interactive presentation, whether it's for leisure or work. Simply invite your guests to join the virtual environment, and you can share the screen and interact with them in real-time.
Generate macOS valid serials, uuids, and board serials for good-faith Security Research & Apple Bug Bounty Research.
This project provides two tools for generating serial numbers for Hackintosh, OpenCore, Docker-OSX and OSX-KVM.
A reverse-engineering tool for docker environments. Takes all network connections from your docker containers and can export them as:
- graphviz .dot files
- structurizr dsl
- json stream of elements
OS-independent, it uses different strategies to get container connections. Produces detailed connections graph with ports. Fast, scans ~400 containers in around 5 seconds. Right now only established and listen connections are listed.
A presentation written up as a blog post which explains how Linux containers work from first principles. At no time are technologies like Docker or LXC involved.
Google's proof-of-concept self hosted Docker registry.
Podman is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI) Containers and Container Images. Podman provides a command line interface (CLI) familiar to anyone who has used the Docker Container Engine. Most users can simply alias Docker to Podman (alias docker=podman) without any problems. Similar to other common Container Engines (Docker, CRI-O, containerd), Podman relies on an OCI compliant Container Runtime (runc, crun, runv, etc) to interface with the operating system and create the running containers. This makes the running containers created by Podman nearly indistinguishable from those created by any other common container engine.
Containers under the control of Podman can either be run by root or by a non-privileged user. Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Podman specializes in all of the commands and functions that help you to maintain and modify OCI container images, such as pulling and tagging. It allows you to create, run, and maintain those containers and container images in a production environment.
Harbor is a self-hosted Docker registry that offers a large number of additional features that big companies probably love. Among those features are vulnerability scanning, third party authentication support, cryptographic signature and authentication, and a GUI.
When you use Docker Hub, this is what you're using.
docs/deploying.md describes how to deploy Registry as a Docker container. They definitely don't make it easy to break out of their ecosystem.
Quay is a self-hosted Docker container registry. Supports Docker registry protocol v2, Docker manifest schema v2.1 and v2.2, image discovery and squashing, third-party authentication, and more.
Metermon is a dockerized rtlamr wrapper that connects to an existing rtl_tcp instance and outputs formatted messages over MQTT for consumption by other software (e.g. telegraf for storage in influxdb and display in grafana, or import into Home Assistant).
The script can be run using docker (takes care of all dependencies) or standalone. It is designed to run on Raspberry Pi or similar.
By pulling apart this container it should be possible to figure out how to do this.
A tool to generate binary polyglots (files that are valid with several file formats).
Github org for Simplenetes, a full implementation of Kubernetes with shell scripts. Does not require root.
Docker re-implemented as a 100 line shell script.
A toolkit for building containers if you don't have Docker installed. Automatically garbage collects container images. Multiple output formats. Pluggable. Does not require running as root.
Namechecked for use with faasd.
In the default Arch repos.
faasd is OpenFaaS reimagined, but without the cost and complexity of Kubernetes. It runs on a single host with very modest requirements, making it fast and easy to manage. Under the hood it uses containerd and Container Networking Interface (CNI) along with the same core OpenFaaS components from the main project. Will work on something as lightweight as a RasPi or a $5us VPS. Doesn't use Kubernetes so maintenance and upgrading is far easier. Implemented as a single executable binary.
Language focused docker images, minus the operating system. Put a statically linked binary in there and fire it up. Designed with Go in mind.