Kubestroyer – Kubernetes Exploitation Tool
Kubestroyer
Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests
About The Project
Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations.
The tool is scanning known Kubernetes ports that can be exposed as well as exploiting them.
Getting Started
To get a local copy up and running, follow these simple example steps.
Prerequisites
- Go 1.19
wget https://go.dev/dl/go1.19.4.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.19.4.linux-amd64.tar.gz
Installation
Use prebuilt binary
or
Using go install command :
$ go install github.com/Rolix44/Kubestroyer@latestor
build from source:
- Clone the repo
$ git clone https://github.com/Rolix44/Kubestroyer.git - build the binary
$ go build -o Kubestroyer cmd/kubestroyer/main.go
Usage
| Parameter | Description | Mand/opt | Example |
|---|---|---|---|
| -t / –target | Target (IP, domain or file) | Mandatory | -t localhost,127.0.0.1 / -t ./domain.txt |
| –node-scan | Enable node port scanning (port 30000 to 32767) | Optionnal | -t localhost –node-scan |
| –anon-rce | RCE using Kubelet API anonymous auth | Optionnal | -t localhost –anon-rce |
| -x | Command to execute when using RCE (display service account token by default) | Optionnal | -t localhost –anon-rce -x “ls -al” |
Currently supported features
-
Target
- List of multiple targets
- Input file as target
-
Scanning
- Known ports scan
- Node port scan (30000 to 32767)
- Port description
-
Vulnerabilities
- Annon RCE on Kubelet
- Choose command to execute
- Annon RCE on Kubelet
Roadmap
- Choose the pod for anon RCE
- Etcd exploit
- Kubelet read-only API parsing for information disclosure
See the open issues for a full list of proposed features (and known issues).
Contributing
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag “enhancement”. Don’t forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
License
Distributed under the MIT License. See LICENSE.txt for more information.
Contact
Rolix – @Rolix_cy – [email protected]
Project Link: https://github.com/Rolix44/Kubestroyer
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
