The BOtB is a tool for analyzing and exploiting containers designed for use by computer engineers, while at the same time being CI / CD friendly with their common technologies.
Mode
The BOtB is a CLI tool that allows you to:
- Take advantage of common container vulnerabilities
- Perform joint actions after operating the containers
- Enable when certain tools or binaries are not available in the container
- Use its capabilities BOtB with CI / CD technologies to test container development
- Perform the above in either a manual or automated approach
Characteristics
- Find and identify the UNIX domain slots
- Identify the UNIX domain hosts that support HTTP
- Find and recognize the Docker Daemon in UNIX domain slots or on an interface
- Analyze and locate sensitive strings in ENV and edit it in ProcFS, ie / Proc / {pid} / Environ
- Identify the endpoints of metadata services, e.g. http://169.254.169.254, http: //metadata.google.internal/ και http://100.100.100.200/
- Perform a container breakout via CVE-2019-5736
- Domain of binary files with custom payload
- Perform operations in CI / CD mode and return only output codes> 0
- Find metadata information from GCP endpoints
- Upload data to S3
- Force it BOtB always return an output code 0 (useful for non-blocking CI / CD)
- Perform the above from CLI arguments or from a YAML configuration file
- Perform a reverse DNS lookup
- Identify the secrets of Kubernetes service accounts and try to use them
Use
Instructions on how to use the program, you will find here.
You can download the program from here.
Spread the news
Windows functions instead of CCleaner
Comment Policy:
IGuRu.gr does not post comments directly. Malicious comments, comments that include ads, or comments with insults are deleted without any notice. We do not adopt the views expressed by our readers.
Your comments will be displayed after approval by the administrators