Login
Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests
Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations.
The tool is scanning known Kubernetes ports that can be exposed as well as exploiting them.
To get a local copy up and running, follow these simple example steps.
FreshRSS wget https://go.dev/dl/go1.19.4.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.19.4.linux-amd64.tar.gzUse prebuilt binary
or
Using go install command :
$ go install github.com/Rolix44/Kubestroyer@latestor
build from source:
$ git clone https://github.com/Rolix44/Kubestroyer.git$ go build -o Kubestroyer cmd/kubestroyer/main.go | Parameter | Description | Mand/opt | Example |
|---|---|---|---|
| -t / --target | Target (IP, domain or file) | Mandatory | -t localhost,127.0.0.1 / -t ./domain.txt |
| --node-scan | Enable node port scanning (port 30000 to 32767) | Optionnal | -t localhost --node-scan |
| --anon-rce | RCE using Kubelet API anonymous auth | Optionnal | -t localhost --anon-rce |
| -x | Command to execute when using RCE (display service account token by default) | Optionnal | -t localhost --anon-rce -x "ls -al" |
Target
Scanning
Vulnerabilities
See the open issues for a full list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
git checkout -b feature/AmazingFeature)git commit -m 'Add some AmazingFeature')git push origin feature/AmazingFeature)Distributed under the MIT License. See LICENSE.txt for more information.
Rolix - @Rolix_cy - rolixcy@protonmail.com
Project Link: https://github.com/Rolix44/Kubestroyer
