badPods
Pod exploit demonstrator
A collection of Kubernetes pod manifests demonstrating the impact of elevated privileges on security and functionality.
A collection of manifests that will create pods with elevated privileges.
599 stars
21 watching
102 forks
Language: Shell
last commit: over 2 years ago assessmentexploitationhostipchostnetworkhostpathhostpidkubernetespenetration-testingpodspodspecprivilegedsecurity
Related projects:
Repository | Description | Stars |
---|---|---|
danielsagi/kube-pod-escape | An exploit allowing unauthorized access to sensitive data on a host machine through Kubernetes logs | 92 |
caiobegotti/pod-dive | Provides a tool to inspect and view details of pods on Kubernetes nodes | 58 |
bgeesaman/subpath-exploit | Demonstrates an escape vulnerability in Kubernetes allowing privileged access to a pod through symlinks | 35 |
bishopfox/h2csmuggler | Smuggling HTTP traffic past proxy rules to bypass access controls | 650 |
bishopfox/gadgetprobe | Tools for analyzing and exploiting vulnerabilities in Java deserialization vulnerabilities | 585 |
brompwnie/botb | A tool designed to analyze and exploit vulnerabilities in containers for pentesters and engineers | 638 |
pyroxenites/boftools | A collection of tools and techniques for exploiting vulnerabilities in software applications. | 17 |
luisfontes19/xxexploiter | An application used to exploit XXE vulnerabilities by generating XML payloads and serving them to test web applications. | 542 |
gabeduke/kubectl-iexec | An interactive tool for executing commands on pods in a Kubernetes cluster. | 135 |
r3dxpl0it/cve-2018-4407 | Exploits a heap buffer overflow vulnerability in the XNU operating system kernel to cause a denial-of-service attack on iOS and macOS devices. | 35 |
pathtofile/bad-bpf | Demonstrates security vulnerabilities in the Linux kernel's eBPF system | 549 |
1n3/intruderpayloads | A collection of tools and methodologies for web application testing and vulnerability assessment. | 3,686 |
0xjcn/damn-vulnerable-defi-v3-ctf | A DeFi protocol with intentional vulnerabilities for testing and learning secure smart contract development | 25 |
s0lst1c3/eaphammer | A toolkit for exploiting weaknesses in WPA2-Enterprise networks to gain unauthorized access to credentials | 2,194 |
ex0dus-0x/ward | Creates stealthy droppers for loading malicious code into memory | 18 |