Container security
A container analysis and exploitation tool for pentesters and engineers.
Peirates - Kubernetes Penetration Testing tool
Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container
Test whether a container environment is vulnerable to container escapes via CVE-2022-0492
A container image that exfiltrates the underlying container runtime to a remote server
Correlates serviceaccounts and pods to the permissions granted to them via rolebindings and clusterrolesbindings.
⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
Kubernetes focused container assessment and context discovery tool for penetration testing
The Kubernetes Security Profiles Operator
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Writing a container in a few lines of Go code, as seen at DockerCon 2017 and on O'Reilly Safari
A beginner-friendly CTF about Kubernetes security.
Review Access - kubectl plugin to show an access matrix for k8s server resources
Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers.
Runs checks to see if an EKS cluster follows EKS Best Practices.
This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures
Show who has RBAC permissions to perform actions on different resources in Kubernetes
A tool to scan Kubernetes cluster for risky permissions
A collection of manifests that will create pods with elevated privileges.
Kubernetes audit logging, when you don't control the control plane
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster