├── LICENSE
├── README.md
└── docker_ports.sh


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2023 Yaroslav
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Docker Exposed Port Checker 🛡️
 2 | 
 3 | ## Overview
 4 | 
 5 | This Bash script helps you quickly identify which Docker container ports are exposed and which are internal. It's a handy tool for self-checking, especially when you're running multiple containers. The aim is to boost your security by ensuring you're not unintentionally exposing more than you should.
 6 | 
 7 | ## How to Use 🚀
 8 | 
 9 | 1. Download the script.
10 | 2. Run the script: `./docker_ports.sh`.
11 | 
12 | **Note:** My best friend is a colorblind person, so I want software developers to be aware when designing their applications, therefore this script could be run as `./docker_ports.sh --i-am-colorblind` to output everything in the color friendly mode.
13 | 
14 | 
15 | ## Output 📊
16 | 
17 | - Ports that are exposed to the internet will be displayed in **red**.
18 | - Ports that are internal-only will appear in **green**.
19 | 
20 | ## Why You Need This 🤔
21 | 
22 | Managing Docker containers can get complex, and it's easy to accidentally expose a port you didn't intend to. This script offers a quick and easy way to review your port exposure, helping you identify any potential security risks.
23 | 
24 | ## Disclaimer
25 | 
26 | Yeah, it's just a fancy output of `docker ps --format '{{.Names}}\t{{.Ports}}'`
27 | 
28 | Stay secure! 🛡️
29 | 


--------------------------------------------------------------------------------
/docker_ports.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # ANSI color codes
 4 | RED='\033[0;31m'
 5 | GREEN='\033[0;32m'
 6 | NC='\033[0m' # No Color
 7 | 
 8 | # Initialize output variables and max length
 9 | exposed_output=""
10 | not_exposed_output=""
11 | max_length=0
12 | color_blind_mode=0
13 | 
14 | # Check for color-blind mode flag
15 | if [[ "$1" == "--i-am-colorblind" ]]; then
16 |   color_blind_mode=1
17 | fi
18 | 
19 | # Get Docker container info
20 | docker_output=$(docker ps --format '{{.Names}}\t{{.Ports}}')
21 | 
22 | # First pass to find the longest container name
23 | while read -r line; do
24 |   container=$(echo -e "$line" | awk '{print $1}')
25 |   length=${#container}
26 |   if (( length > max_length )); then
27 |     max_length=$length
28 |   fi
29 | done <<< "$docker_output"
30 | 
31 | # Second pass to generate the output
32 | while read -r line; do
33 |   container=$(echo -e "$line" | awk '{print $1}')
34 |   ports=$(echo -e "$line" | cut -f2-)
35 | 
36 |   # Skip containers with no ports or no mappings
37 |   if [ -z "$ports" ] || [[ "$ports" == *"<->"* ]] || [[ ! "$ports" == *'->'* ]]; then
38 |     continue
39 |   fi
40 | 
41 |   # Remove IP prefixes and trailing comma
42 |   ports=$(echo "$ports" | sed 's/0.0.0.0://g' | sed 's/127.0.0.1://g' | sed 's/,$//')
43 | 
44 |   # Align output
45 |   padding=$(printf "%*s" $((max_length - ${#container})) "")
46 | 
47 |   # Check if ports are exposed
48 |   if [[ "$line" == *"0.0.0.0:"* ]] || [[ "$line" == *":::"* ]]; then
49 |     if (( color_blind_mode )); then
50 |       exposed_output+="Exposed: ${container}${padding} : ${ports}\n"
51 |     else
52 |       exposed_output+="${RED}${container}${padding} : ${ports}${NC}\n"
53 |     fi
54 |   else
55 |     if (( color_blind_mode )); then
56 |       not_exposed_output+="Not Exposed: ${container}${padding} : ${ports}\n"
57 |     else
58 |       not_exposed_output+="${GREEN}${container}${padding} : ${ports}${NC}\n"
59 |     fi
60 |   fi
61 | done <<< "$docker_output"
62 | 
63 | # Sort and print output
64 | echo -e "$exposed_output"
65 | echo -e "$not_exposed_output"
66 | 


--------------------------------------------------------------------------------