Kubestroyer: Kubernetes exploitation tool

Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pen tests.

Kubestroyer

Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations.

The tool is scanning known Kubernetes ports that can be exposed as well as exploiting them.

Roadmap 

  • Split main into different packages
  • Target selection
    • List of multiple targets
    • input file as target parameter
  • Description for each detected open port
  • Choose the pod for anon RCE

Use of Kubestroyer

ParameterDescriptionMand/optExample
-t / –targetTarget (IP, domain or file)Mandatory-t localhost,127.0.0.1 / -t ./domain.txt
–node-scanEnable node port scanning (port 30000 to 32767)Optional-t localhost –node-scan
–anon-rceRCE using Kubelet API anonymous authOptional-t localhost –anon-rce
-xCommand to execute when using RCE (display service account token by default)Optional-t localhost –anon-rce -x “ls -al”

For more Hacking Tools click HERE

Download Kubestroyer