Kubesploit
Cross-platform command & control server and agent focused on containerized environments.
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin.
The currently available modules are:
- Container breakout using mounting
- Container breakout using docker.sock
- Container breakout using CVE-2019-5736 exploit
- Scan for Kubernetes cluster known CVEs
- Port scanning with focus on Kubernetes services
- Kubernetes service scan from within the container
- Light kubeletctl containing the following options: Scan for containers with RCE, Scan for Pods and containers, Scan for tokens from all available containers, Run command with multiple options
- cGroup breakout
- Kernel module breakout
- Var log escape
- Deepce: Docker enumeration (Open-Source project integrated as a module)
- Vulnerability test: check which of kubesploit exploits your container is vulnerable to