badPods

Pod exploit demonstrator

A collection of Kubernetes pod manifests demonstrating the impact of elevated privileges on security and functionality.

A collection of manifests that will create pods with elevated privileges.

GitHub

599 stars
21 watching
102 forks
Language: Shell
last commit: over 2 years ago
assessmentexploitationhostipchostnetworkhostpathhostpidkubernetespenetration-testingpodspodspecprivilegedsecurity

Related projects:

Repository Description Stars
danielsagi/kube-pod-escape An exploit allowing unauthorized access to sensitive data on a host machine through Kubernetes logs 92
caiobegotti/pod-dive Provides a tool to inspect and view details of pods on Kubernetes nodes 58
bgeesaman/subpath-exploit Demonstrates an escape vulnerability in Kubernetes allowing privileged access to a pod through symlinks 35
bishopfox/h2csmuggler Smuggling HTTP traffic past proxy rules to bypass access controls 650
bishopfox/gadgetprobe Tools for analyzing and exploiting vulnerabilities in Java deserialization vulnerabilities 585
brompwnie/botb A tool designed to analyze and exploit vulnerabilities in containers for pentesters and engineers 638
pyroxenites/boftools A collection of tools and techniques for exploiting vulnerabilities in software applications. 17
luisfontes19/xxexploiter An application used to exploit XXE vulnerabilities by generating XML payloads and serving them to test web applications. 542
gabeduke/kubectl-iexec An interactive tool for executing commands on pods in a Kubernetes cluster. 135
r3dxpl0it/cve-2018-4407 Exploits a heap buffer overflow vulnerability in the XNU operating system kernel to cause a denial-of-service attack on iOS and macOS devices. 35
pathtofile/bad-bpf Demonstrates security vulnerabilities in the Linux kernel's eBPF system 549
1n3/intruderpayloads A collection of tools and methodologies for web application testing and vulnerability assessment. 3,686
0xjcn/damn-vulnerable-defi-v3-ctf A DeFi protocol with intentional vulnerabilities for testing and learning secure smart contract development 25
s0lst1c3/eaphammer A toolkit for exploiting weaknesses in WPA2-Enterprise networks to gain unauthorized access to credentials 2,194
ex0dus-0x/ward Creates stealthy droppers for loading malicious code into memory 18