BOtB v1.8: Container analysis and utilization tool

BOtB is a container analysis and utilization tool designed for use by computer engineers, while at the same time being CI / CD friendly with their common technologies.

Mode

BOtB is a CLI tool that allows you to:

  • Take advantage of common container vulnerabilities
  • Perform joint actions after operating the containers
  • Enable when some tools or binaries are not available in the container
  • Use them of BOtB with CI / CD technologies to test the development of the container
  • Perform the above in either manual or automated approach

Specifications

  • Find and identify the UNIX domain slots
  • Identify the UNIX domain hosts that support HTTP
  • Find and identify Docker on UNIX domain sockets or an interface
  • Analyze and locate sensitive strings in ENV and edit it in ProcFS, ie / Proc / {pid} / Environ
  • Identify them finally metadata services, e.g.  http://169.254.169.254,  http://metadata.google.internal/  and  http://100.100.100.200/
  • Perform a container breakout via CVE-2019-5736
  • Domain of binary files with custom payload
  • Perform operations in CI / CD mode and return only output codes> 0
  • Find metadata information from GCP endpoints
  • Upload data to S3
  • Force BOtB to always return an output code 0 (useful for non-blocking CI / CD)
  • Perform the above from CLI arguments or from a YAML configuration file
  • Perform a reverse DNS lookup
  • Identify the secrets of Kubernetes service accounts and try to use them

Use

 

Instructions on how to use the program, you will find here.

You can download the program from here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).