Code Monkey home page Code Monkey logo

i-sylar / kubernetes-goat Goto Github PK

View Code? Open in Web Editor NEW

This project forked from madhuakula/kubernetes-goat

0.0 0.0 0.0 120.53 MB

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground ๐Ÿš€

Home Page: https://madhuakula.com/kubernetes-goat

License: MIT License

Shell 1.38% JavaScript 7.68% Python 1.08% Go 0.20% TypeScript 0.83% CSS 4.45% HTML 83.15% Smarty 0.05% Batchfile 0.08% Dockerfile 0.92% Mustache 0.18%

kubernetes-goat's Introduction

Kubernetes Goat

Kubernetes Goat

โœจ The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security ๐Ÿš€

๐Ÿ™Œ Refer to https://madhuakula.com/kubernetes-goat for the guide ๐Ÿ“–

Netlify Status License: MIT GitHub release Github Stars PRs Welcome Docker Pulls Kubernetes Goat Twitter Discord

Kubernetes Goat Home

โš™๏ธ Setting up Kubernetes Goat

  • Ensure you have admin access to the Kubernetes cluster and installed kubectl. Refer to the docs for installation
  • Ensure you have the helm package manager installed. Refer to the docs for installation
  • To set up the Kubernetes Goat resources in your cluster, run the following commands
git clone https://github.com/madhuakula/kubernetes-goat.git
cd kubernetes-goat
bash setup-kubernetes-goat.sh
  • Ensure the pods are running before running the access script
kubectl get pods

all pods running in kubectl get pods

  • Access the Kubernetes Goat by exposing the resources to the local system (port-forward) by the following command
bash access-kubernetes-goat.sh

Refer to https://madhuakula.com/kubernetes-goat/docs/how-to-run for setting up Kubernetes Goat in various environments like GKE, EKS, AKS, K3S, KIND, etc.

๐Ÿ† Scenarios

  1. Sensitive keys in codebases
  2. DIND (docker-in-docker) exploitation
  3. SSRF in the Kubernetes (K8S) world
  4. Container escape to the host system
  5. Docker CIS benchmarks analysis
  6. Kubernetes CIS benchmarks analysis
  7. Attacking private registry
  8. NodePort exposed services
  9. Helm v2 tiller to PwN the cluster - [Deprecated]
  10. Analyzing crypto miner container
  11. Kubernetes namespaces bypass
  12. Gaining environment information
  13. DoS the Memory/CPU resources
  14. Hacker container preview
  15. Hidden in layers
  16. RBAC least privileges misconfiguration
  17. KubeAudit - Audit Kubernetes clusters
  18. Falco - Runtime security monitoring & detection
  19. Popeye - A Kubernetes cluster sanitizer
  20. Secure network boundaries using NSP

๐Ÿ“– Documentation Guide

Here is the detailed step by step documentation guide for learning and playing around with Kubernetes Goat ๐ŸŽ‰

Kubernetes Goat Documentation Guide

Reference: https://madhuakula.com/kubernetes-goat

โš ๏ธ Disclaimer

Kubernetes Goat has intentionally created vulnerabilities, applications, and configurations to attack and gain access to your cluster and workloads. Please DO NOT run alongside your production environments and infrastructure. So we highly recommend running this in a safe and isolated environment.

Kubernetes Goat is used for educational purposes only, do not test or apply these attacks on any systems without permission. Kubernetes Goat comes with absolutely no warranties, by using it you take full responsibility for all the outcomes.

๐Ÿ“ License

MIT

โœจ Acknowledgements

Thanks go to these wonderful people ๐ŸŽ‰

madhuakula
madhuakula		 apvarun
apvarun		 ant4g0nist
ant4g0nist		 phpsystems
phpsystems		 adamhurm
adamhurm		 mkcn
mkcn
0xCardinal
0xCardinal		 macagr
macagr		 rewanthtammana
rewanthtammana 		avicoder
avicoder		 NF997
NF997		 smoyer64
smoyer64
wurstbrot
wurstbrot		 podjackel
podjackel		 shivankar-madaan
shivankar-madaan

kubernetes-goat's People

Contributors

madhuakula avatar phpsystems avatar adamhurm avatar mkcn avatar 0xcardinal avatar macagr avatar rewanthtammana avatar avicoder avatar nf997 avatar smoyer64 avatar wurstbrot avatar podjackel avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.