Link Search Menu Expand Document

Tools for Attackers

Container Attack Surface Assessment & Breakout

Useful tools to run inside a container to assess the sandbox that’s in use, and exploit some common breakout issues.

  • amicontained - will show you information about the container runtime and rights you have.
  • ConMachi - Pentester focused container attack surface assessment tool.
  • deepce - Docker Enumeration, Escalation of Privileges and Container Escapes
  • botb - Container breakout assessment tool. Can automatically exploit common issues like the Docker socket mount.
  • keyctl-unmask - Tool that specifically focuses on grabbing kernel keyring entries from containers that allow the keyctl syscall

Container Orchestration Tools

RBAC Assessment Tooling

  • kubectl-who-can - Tool that lets you ask “who can” do things in RBAC, e.g. who can get secrets.
  • rakkess - Shows the RBAC permissions available to a user as a list
  • rback - tool for graphical representation of RBAC permissions in a kubernetes cluster.

Kubernetes Security Auditing Tools

  • kube-bench - Tool to assess compliance with the CIS benchmark for various Kubernetes distributions.

Kubernetes Penetration Testing Tool

  • kube-hunter - Tool to test and exploit standard Kubernetes Security Vulnerabilities.
  • kubestrike - Security auditing tool for Kubernetes looks at Authenticated and unauthenticated scanning.
  • peirates - Kubernetes container breakout tool
  • kdigger - Kubernetes breakout/discovery tool

Kubelet Tooling

  • kubeletctl - This is a good tool to automate the process of assessing a kubelet instance. If the instance is vulnerable it can also carry out some exploit tasks.

etcd Tooling

  • auger - Tool for decoding information pulled directly from the etcd database.

Container Registry Tooling

  • reg - Tool for interacting with Container registries
  • regclient - Another tool for interacting with container registries
  • go-pillage-registries - Tool to search the manifests and configuration for images in a registry for potentially sensitive information.

Training Tools

If you’re looking to practice with some of the tools here, in a safe environment, there are projects to help with that.