Docker Cheatsheet
Docker is an open-source platform that automates the deployment,
scaling, and management of applications within lightweight containers.
Containers package an application and its dependencies into a single
unit, ensuring consistent environments across various stages of
development, testing, and production. Whether you are just getting
started or looking to enhance your containerization workflow, this
cheatsheet serves as a quick reference guide to the most commonly used
Docker commands and concepts. With this guide, you’ll have the essential
tools at your fingertips to build, manage, and deploy applications
efficiently.
General Docker Info
Command Description
docker version Full description of Docker version.
docker info Displays system-wide Docker info.
docker -v Short description of Docker version.
docker run hello-world Runs a test container to verify Docker installation.
Post-Installation Steps
If you need to run sudo with every Docker command, follow these steps:
Command Description
sudo groupadd docker Creates the Docker group.
sudo usermod -aG docker $USER Adds the current user to the Docker group.
Log out and back in Reevaluate group membership.
docker run hello-world Verify Docker commands can run without sudo.
�Docker Image Management
Command Description
docker image ls List all local Docker images.
docker image pull [image-name] Pull a specified image from the registry.
docker image rm [image-name] Remove an image by name.
docker image rm [image-id] Remove an image by ID.
docker image prune Remove unused images.
Searching Images
Command Description
docker search [image-name] Search for images matching a name.
docker search [image-name] --filter "is-official=true" Find only official images.
docker search [image-name] --filter "stars=1000" Find images with 1,000+ stars.
Docker Containers
LISTING CONTAINERS
Command Description
docker container ls List all running containers.
docker container ls -a List all containers (running and stopped).
docker container inspect [container-name] Get detailed info about a specific container.
docker container ls --filter "status=exited" List all stopped containers.
RUNNING CONTAINERS
Command Description
docker container run [image-name] Run a container from a specified image.
docker container run --rm [image-name] Automatically remove the container when it stops.
�Command Description
docker container run -it [image-name] /bin/ Attach to an interactive shell within the
sh container.
REMOVING CONTAINERS
Command Description
docker container rm [container-name] Remove a specific container.
docker container rm $(docker ps -aq) Remove all containers.
Volume Management
LISTING AND INSPECTING VOLUMES
Command Description
docker volume ls List all volumes.
docker volume inspect [volume-name] Inspect details of a specific volume.
REMOVING VOLUMES
Command Description
docker volume rm [volume-name] Remove a specific volume.
docker volume rm $(docker volume ls -q) Remove all unused volumes.
PrivEsc-Relevant Docker Commands
Command Description
docker run --privileged -it [image-name] Run a container with privileged access (critical
/bin/bash PrivEsc vulnerability).
docker exec -it [container-name] /bin/ Execute a shell in a running container (may help if
bash the container has root).
docker cp [container-id]:/path/to/file /
Copy files from a container to the host.
dest/path
�Command Description
docker inspect --format '{{.Mounts}}'
Check mounted volumes for sensitive data.
[container]
docker images Check for vulnerable or outdated images.
Exploiting Docker Misconfigurations
DOCKER PRIVILEGED CONTAINER EXPLOIT
When a container runs with --privileged, it allows access to host
resources.
Command Description
docker run --privileged -it alpine /bin/sh Run a privileged container and potentially escape.
CHECK HOST MOUNTS
Sensitive files like /etc/passwd or /root might be mounted into
containers.
Command Description
docker inspect --format '{{.Mounts}}' [container-name] Check mounts for host directories.
ESCAPE TO HOST VIA /PROC
Some misconfigurations expose /proc filesystem, allowing host-level
access.
Command Description
cat /proc/version Check host OS version (from within container).
mount -t proc proc /proc Mount host /proc to potentially modify settings.
