DEV Community: vasant

Kubestriker - A Blazing fast Security Auditing tool for kubernetes!!

vasant — Fri, 15 Jan 2021 03:56:09 +0000

A Blazing fast Security Auditing tool for kubernetes!!

Kubernetes is a big, complex, fast-moving platform that solves problems such as high availability, resiliency, and scaling by providing an extensible, declarative platform that automates the management of containers.

Enterprise organisations across nearly all verticals, including those with strong security requirements, such as financial services, healthcare, government, and telecommunications, are deploying production applications to Kubernetes clusters.

While this rapid adoption of Kubernetes shows just how disruptive these technologies have been, they have also led to new security problems.

The security of the cluster, of course, cannot be achieved in a single process. There are many moving parts within the Kubernetes cluster that must be properly secured. But with so many moving parts, keeping your Kubernetes secure is no trivial task.

Basic Overview

Kubestriker performs numerous in depth checks on kubernetes infra to identify the security misconfigurations and challenges that devops engineers/developers are likely to encounter when using Kubernetes, especially in production and at scale.

kubestriker is Platform agnostic and works equally well across more than one platform such as self hosted kubernetes, Amazon EKS, Azure AKS, Google GKE etc.

Table of content

How To Install
- Clone the repo and install
- Install using pip
- How to spin up kubestriker container
Types of Scans
- Authenticated scans
- Unauthenticated scans
- Identifying an open Insecure port on kubernetes master node
- Identifying a worker Node with kubelet readwrite and readonly ports open
Current Capabilities
Future improvements
Suggestions
Contributors
Statistics
License
Support

How To Install

Clone the repo and install

To install this tool or clone and run this application, you'll need Git, python3 and pip installed on your computer. It is advised you install this tool in virtual environment

From your command line:


# Create python virtual environment
$ python3 -m venv env

# Activate python virtual environment
$ source env/bin/activate

# Clone this repository
$ git clone https://github.com/vchinnipilli/kubestriker.git

# Go into the repository
$ cd kubestriker

# Install dependencies
$ pip install -r requirements.txt

# Incase of prompt toolkit or selectmenu errors
$ pip install prompt-toolkit==1.0.15 
$ pip install -r requirements.txt

# Gearing up Kubestriker
$ python -m kubestriker

# Result will be generated in the current working directory with the name of the target

Install using pip

To install and run this application, you'll need pip installed on your computer. From your command line:


# Create python virtual environment
$ python3 -m venv env

# Activate python virtual environment
$ source env/bin/activate

# Install using pip
$ pip install kubestriker

# Incase of prompt toolkit or selectmenu errors
$ pip install prompt-toolkit==1.0.15 
$ pip install kubestriker

# Gearing up Kubestriker
$ python -m kubestriker

# Result will be generated in the current working directory with the name of the target

How to spin up kubestriker container

Use this link to view the Kubestriker container latest releases

# Spinning up the kubestriker Container
$ docker run -it --rm -v /Users/vasantchinnipilli/.kube/config:/root/.kube/config -v "$(pwd)":/kubestriker --name kubestriker cloudsecguy/kubestriker:v1.0.0

# Replace the user vasantchinnipilli above with your username or absolute path of kube config file
$ docker run -it --rm -v /Users/<yourusername>/.kube/config:/root/.kube/config -v "$(pwd)":/kubestriker --name kubestriker cloudsecguy/kubestriker:v1.0.0

# Gearing up Kubestriker
$ python -m kubestriker

# Result will be generated in the current working directory with the name of the target

Types of Scans

Authenticated scans

Authenticated scan expects the user to have atleast read-only privileges and provide a token during the scan. please use the below provided links to create read-only users

Create read-only user for Amazon eks\
Create read-only user for Azure aks\
Create read-only user for Google gke\
Create a subject using Role based access control

# To grab a token from eks cluster
$ aws eks get-token --cluster-name cluster-name --region ap-southeast-2

# To grab a token from aks cluster
$ az aks get-credentials --resource-group myResourceGroup --name myAKSCluster

# To grab a token from gke cluster
$ gcloud container clusters get-credentials CLUSTER_NAME --zone=COMPUTE_ZONE

# To grab a token from service account
$ kubectl -n namespace get secret serviceaccount-token -o jsonpath='{.data.token}'

# To grab a token from a pod directly or via command execution bug
$ cat /run/secrets/kubernetes.io/serviceaccount/token

Unauthenticated scans

Unauthenticated scan will be successful incase of anonymous access is permitted on the target cluster

Identifying an open Insecure port on kubernetes master node

Identifying a worker Node with kubelet readwrite and readonly ports open

Current Capabilities

Scans Self Managed and cloud provider managed kubernetes infra
Reconnaissance phase checks for various services or open ports
Performs automated scans incase of insecure, readwrite or readonly services are enabled
Performs both authenticated scans and unauthenticated scans
Scans for wide range of IAM Misconfigurations in the cluster
Scans for wide range of Misconfigured containers
Scans for wide range of Misconfigured Pod Security Policies
Scans for wide range of Misconfigured Network policies
Scans the privileges of a subject in the cluster
Run commands on the containers and streams back the output
Provides the endpoints of the misconfigured services
Provides possible privilege escalation details
Elaborative report with detailed explanation

Future improvements

Automated exploitation based on the issues identified
api and cicd automation friendly
A Decent FrontEnd to make the lives easier

Suggestions

Kubestriker is an opensource and emailware. Meaning, if you liked using this tool or it has helped you in any way or if you have any suggestions/improvements, I'd like you send me an email at vchinnipilli@gmail.com about anything you'd want to say about this tool. I'd really appreciate it!

Contributors

Statistics

License

Apache License

Support

vasant chinnipilli builds and maintains kubestriker to audit and secure kubernetes infrastructure.

Start with Documentation - will be available soon for quick tutorials and examples.

If you need direct support you can contact me at vchinnipilli@gmail.com.

Find me here!!

Docker for Devs and Security Professionals

vasant — Wed, 12 Aug 2020 07:20:26 +0000

Docker, and the containers it makes possible, has revolutionized the software industry and in a few years, their popularity as a tool and platform has skyrocketed and Docker containers have become a massively popular technology.

Docker for Devs and Security Professionals | by Vasant Chinnipilli | Aug, 2020 | Medium

Vasant Chinnipilli ・ Aug 5, 2020 ・ 9 min read
Medium

In this blog post, I will walk you through the basic components, architecture, and basic commands of docker that help with da-to-day activities.

Vulnerability Management of Containers Images using OpenSource

vasant — Wed, 12 Aug 2020 07:11:57 +0000

Containers have revolutionised application development and have taken the enterprise by storm — in particular, the way they are built and scaled.

The same flexibility that makes containers useful to developers also poses many security challenges. The biggest cloud security threat facing container users is the false assumption that containers equal security.

In every container, there are naturally going to be many different and individually complex components that can all introduce security risks and vulnerabilities. As container adoption continues to grow, a strong focus on security is an absolute must.

Vulnerability Management of Containers using OpenSource | by Vasant Chinnipilli | Aug, 2020 | Medium

Vasant Chinnipilli ・ Aug 5, 2020 ・ 5 min read
Medium

In this Blog Post, we will be looking at the various open-source image scanning tools to identify and secure the container images from vulnerabilities.

How I pwned hundreds of users for less than $25?

vasant — Fri, 24 Jul 2020 12:00:50 +0000

Introduction

As long as employees do not consider security as their responsibility and use insanely Easy to Guess Passwords, no matter how much time and money organisations invest in training, right tools, and strict policies, security compromises are inevitable.

How I pwned hundreds of users for less than $25? | by Vasant Chinnipilli | Medium

Vasant Chinnipilli ・ Jul 18, 2020 ・
Medium

A while ago, I was engaged in performing an internal Penetration test for a reputed organisation which heavily relied on Windows infrastructure. The infrastructure was spread across different locations with a design called for every location to have its own domain, complete with numerous domain controllers (DCs), DNS servers, WINS servers, DHCP servers and work stations with so many missing patches.

This blog post explains the different stages involved in a penetration testing and gaining access to a infrastructure

Originally Published at: https://www.cloudsecguy.dev

Attacking CI/CD Tools The Crown Jewels — Series 2

vasant — Fri, 24 Jul 2020 11:54:53 +0000

Introduction

Automating to build projects based on pull requests is something DevOps teams cannot avoid in CI/CD pipelines. When you set up automated builds (also called auto builds), you create a list of branches and tags that you want to build. When you push code to a source code branch for one of those listed image tags, the push uses a webhook to trigger a new build.

In the previous blog post, we have seen different techniques such as gaining access to build servers, cloud infrastructure, and backdooring build servers.

Attacking CI/CD Tools The Crown Jewels — Series 2 | by Vasant Chinnipilli | The Innovation | Jul, 2020 | Medium

Vasant Chinnipilli ・ Jul 24, 2020 ・ 4 min read
Medium

In this blog post, we will see how internal users with no access to build servers harness automated build triggers to their advantage to gain access to the build servers and infrastructure.

Such attacks are evident in companies that open-source their projects and accept contributions from external sources.

Attacking CI/CD Tools The Crown Jewels — Series 1

vasant — Fri, 24 Jul 2020 11:23:18 +0000

CI/CD toolchain which builds and deploys the infrastructure and code into production is as critical as a production-grade system. CI/CD pipelines are at the heart of daily operations for many organisations today, also the place in our technology stack where our infrastructure has access to many different resources, from development and production environment to analytics keys and code signing credentials.

With such wide access comes security considerations making CI/CD tools effectively extend the attack surface of our production system to our build and automated test and deployment environment. We should always keep in mind that the attack vectors are not always external, internal threats always exist.

Attacking CI/CD Tools The Crown Jewels — Series 1 | by Vasant Chinnipilli | The Innovation | Jul, 2020 | Medium

Vasant Chinnipilli ・ Jul 24, 2020 ・ 5 min read
Medium

This blog post is an attempt to explain how malicious insiders, penetration testers, or attackers with limited privileges can target CI/CD tools to penetrate deep inside and gain access to the information infrastructure. The term developer in the blogpost refers to Developers with limited access, Grey box Penetration testers, and hackers who gained access to internal infrastructure.

This blog post is originally published at https://cloudsecguy.dev

DEV Community: vasant

Kubestriker - A Blazing fast Security Auditing tool for kubernetes!!

A Blazing fast Security Auditing tool for kubernetes!!

Basic Overview

Table of content

How To Install

Clone the repo and install

Install using pip

How to spin up kubestriker container

Types of Scans

Authenticated scans

Unauthenticated scans

Identifying an open Insecure port on kubernetes master node

Identifying a worker Node with kubelet readwrite and readonly ports open

Current Capabilities

Future improvements

Suggestions

Contributors

Statistics

License

Support

Find me here!!

Docker for Devs and Security Professionals

Docker for Devs and Security Professionals | by Vasant Chinnipilli | Aug, 2020 | Medium

Vasant Chinnipilli ・ Aug 5, 2020 ・ 9 min read Medium

Vulnerability Management of Containers Images using OpenSource

Vulnerability Management of Containers using OpenSource | by Vasant Chinnipilli | Aug, 2020 | Medium

Vasant Chinnipilli ・ Aug 5, 2020 ・ 5 min read Medium

How I pwned hundreds of users for less than $25?

Introduction

How I pwned hundreds of users for less than $25? | by Vasant Chinnipilli | Medium

Vasant Chinnipilli ・ Jul 18, 2020 ・ Medium

Attacking CI/CD Tools The Crown Jewels — Series 2

Introduction

Attacking CI/CD Tools The Crown Jewels — Series 2 | by Vasant Chinnipilli | The Innovation | Jul, 2020 | Medium

Vasant Chinnipilli ・ Jul 24, 2020 ・ 4 min read Medium

Attacking CI/CD Tools The Crown Jewels — Series 1

Attacking CI/CD Tools The Crown Jewels — Series 1 | by Vasant Chinnipilli | The Innovation | Jul, 2020 | Medium

Vasant Chinnipilli ・ Jul 24, 2020 ・ 5 min read Medium

Vasant Chinnipilli ・ Aug 5, 2020 ・ 9 min read
Medium

Vasant Chinnipilli ・ Aug 5, 2020 ・ 5 min read
Medium

Vasant Chinnipilli ・ Jul 18, 2020 ・
Medium

Vasant Chinnipilli ・ Jul 24, 2020 ・ 4 min read
Medium

Vasant Chinnipilli ・ Jul 24, 2020 ・ 5 min read
Medium