The CDK contains a collection of penetration testing open source tools for containers, designed to deliver exploits to vulnerable machines without any dependency on the operating system.
Comes with useful networking tools and many powerful PoCs / EXPs to help you easily access a K8s cluster.
Character
The CDK has three modules:
- Evaluate: collect information inside the container to find potential vulnerabilities.
- Exploit: for container escaping and exploiting vulnerabilities
- Tool: network and API tools for TCP / HTTP requests, tunnels and K8s cluster management.
Use
cdk evaluate [–full] cdk run (–list | [ …])
cdk auto-escape
cdk [ …]
Evaluate:
cdk evaluate Gather information to find weakness inside container.
cdk evaluate –full Enable file scan during information gathering.
Exploit:
cdk run –list List all available exploits.
cdk run [ …] Run single exploit, docs in https://github.com/cdk-team/CDK/wiki
Auto Escape:
cdk auto-escape Escape container in different ways then let target execute .
tool:
vi Edit files in container like “vi” command.
ps Show process information like “ps -ef” command.
nc [options] Create TCP tunnel.
ifconfig Show network information.
kcurl (get | post) Make request to K8s api-server.
ucurl (get | post) Make request to docker unix socket.
probe TCP port scan, example: cdk probe 10.0.1.0-255 80,8080-9443 50 1000
Options:
-h –help Show this help msg.
-v –version Show version.
You can download the program from here.
Read them Technology News from all over the world, with the validity of iGuRu.gr
Follow us on Google News
Edge 88.0.705.50 fixes to many security vulnerabilities
»
Comment Policy:
IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators