As a penetration tester, it is very difficult to remember various commands from different tools. This blog contains the frequently used docker and docker-compose CLI commands along with their short description.
Docker CLI
| Command | Description |
|---|---|
| docker info | Display system wide information related to docker installation (e.g. docker registry) |
| docker images | Check the list of docker images available locally |
| docker run container_name:tag | Run a docker container. e.g. docker run busybox:1.24 |
| docker run container_name:tag command | Start the docker container and run the command inside it. e.g. docker run busybox:1.24 echo "hello world" |
| docker run -it container_name:tag | Start the docker container in interactive (-i) mode with TTY (-t). |
| docker exec -it container_id sh | Get the TTY shell inside the container |
| docker run -d container_name:tag | Run the container in detached mode (-d) i.e. background |
| docker run --rm container_name:tag | Remove the containers from the file system on exit |
| docker run --name container_name busybox:1.24 | Run the container and assign it a name |
| docker run -e ENV_VAR container_name:tag | Start a container and pass an environment variable |
| docker run --user 1001:1001 container_name:tag | Start a container with non-root user |
| docker run -p host_port:container_port container_name:tag | Expose the container port |
| docker run -itd --pids-limit 6 container_name | Enforce cgroup settings on the container. For e.g. create a container which can have maximum of 6 pids |
| docker ps | Check the list of docker containers running in background |
| docker ps -a | Get the list of all containers including the stopped ones |
| docker ps -aq -f status=exited | List all exited containers |
| docker ps -aq --no-trunc -f status=exited | xargs docker rm | Remove the stopped containers |
| docker stop $(docker ps -aq) | Stop all the running containers |
| docker rm container_name | Remove the container from the file system |
| docker rm $(docker ps -aq) | Remove all the running containers from file system |
| docker rmi image-id | Remove an image from the file system |
| docker rmi $(docker images) | Remove all the images from the file system |
| docker system prune | Delete the unused dangling resources (eg. images, containers, volumes) |
| docker rename old_name new_name | Rename the container |
| docker inspect container_id | Get detailed information about the container |
| docker inspect container_id | grep MergedDir | Locate the path of container's filesystem on the host. The path will be similar to /var/lib/docker/overlay2/ |
| docker logs container_id | Get logs of running container |
| docker history container_name:tag | List of the layers of images which makes the container |
| docker stop -t 20 container_id | Wait for 20 sec before killing the container |
| docker volume create volume_name | Create a docker volume |
| docker volume ls | List all the existing volumes |
| docker volume inspect volume_name | Find the mount point of the volume on host |
| docker run -v /var/host:/var/docker | Mount the host volume "/var/host" to the directory "/var/docker" of the container |
| docker build -t tag_name . | Build the docker image using Dockerfile (in the current directory, denoted by .) and assign it a tag name |
| docker build -t repository_name/container_name . --no-cache=true | Building docker image using commit. Don't use cache while building new image. |
| docker commit container_id repository:tag | Commit the changes to docker registry. Default docker registry is dockerhub |
| docker stats | Check the status of the container. (this will show pid). This will increase if more number of processes are created inside container |
| docker save image_name > image.tar | Save or export the image in tar format |
| docker -H tcp://10.10.10.10:2375 ps | Specify the host (-H) and mode (tcp) to access the docker daemon and run the command. Host can also be configured via environment variable export DOCKER_HOST="tcp://10.10.10.10:2375" |
Docker Compose CLI
| docker-compose up -d | use the docker-compose.yml to automate the build and start of container |
|---|---|
| docker-compose start -d | use the docker-compose.yml to automate the build and start of container |
| docker-compose ps | check the status of the container managed by docker-compose |
| docker-compose logs | output the logs for compose managed containers |
| docker-compose logs -f | Follow the logs |
| docker-compose logs | get the log of the particular container |
| docker-compose stop | stop all running containers without removing them |
| docker-compose rm | remove all the containers |
| docker-compose build | rebuild the images created from dockerfile |
I hope this article was informative. If I missed any frequently used important docker command, please let me know in the comments section, I will add them here. Share this if you found it useful. Please subscribe to the mailing list (on the right sidebar) to get updated with my latest post. Feel free to post your comments and feedback.
Happy Learning 🙂
One Thought on “Docker commands cheatsheet”