Kubestroyer

module

v0.0.0-...-f902f43 Latest Latest Go to latest Published: Apr 30, 2023 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Rolix44/Kubestroyer

README ¶

Kubestroyer

Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests
Explore the docs »

Report Bug · Request Feature

Table of Contents

About The Project
- Built With
Getting Started
- Prerequisites
- Installation
Usage
Roadmap
Contributing
License
Contact

About The Project

Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations.

The tool is scanning known Kubernetes ports that can be exposed as well as exploiting them.

(back to top)

Built With

(back to top)

Getting Started

To get a local copy up and running, follow these simple example steps.

Prerequisites

Go 1.19

wget https://go.dev/dl/go1.19.4.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.19.4.linux-amd64.tar.gz

Installation

Use prebuilt binary

or

Using go install command :

$ go install github.com/Rolix44/Kubestroyer@latest

or

build from source:

Clone the repo

$ git clone https://github.com/Rolix44/Kubestroyer.git

build the binary

$ go build -o Kubestroyer cmd/kubestroyer/main.go

(back to top)

Usage

Parameter	Description	Mand/opt	Example
-t / --target	Target (IP, domain or file)	Mandatory	-t localhost,127.0.0.1 / -t ./domain.txt
--node-scan	Enable node port scanning (port 30000 to 32767)	Optionnal	-t localhost --node-scan
--anon-rce	RCE using Kubelet API anonymous auth	Optionnal	-t localhost --anon-rce
-x	Command to execute when using RCE (display service account token by default)	Optionnal	-t localhost --anon-rce -x "ls -al"

(back to top)

Currently supported features

Target
- List of multiple targets
- Input file as target
Scanning
- Known ports scan
- Node port scan (30000 to 32767)
- Port description
Vulnerabilities
- Annon RCE on Kubelet
  - Choose command to execute

(back to top)

Roadmap

Choose the pod for anon RCE
Etcd exploit
Kubelet read-only API parsing for information disclosure

See the open issues for a full list of proposed features (and known issues).

(back to top)

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

Fork the Project
Create your Feature Branch (git checkout -b feature/AmazingFeature)
Commit your Changes (git commit -m 'Add some AmazingFeature')
Push to the Branch (git push origin feature/AmazingFeature)
Open a Pull Request

(back to top)

License

Distributed under the MIT License. See LICENSE.txt for more information.

(back to top)

Contact

Rolix - @Rolix_cy - rolixcy@protonmail.com

Project Link: https://github.com/Rolix44/Kubestroyer

(back to top)

Directories ¶

Path	Synopsis
cmd
kubestroyer
pkg
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL