madhuakula / hacker-container Goto Github PK

The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Containers, Kubernetes Clusters, and Cloud Native workloads.

License: MIT License

Dockerfile 97.84% Smarty 2.16%

container docker tools hacking security infosec kubernetes pentest pentesting kubernetes-cluster hacker-container security-tools

hacker-container's Introduction

Hacker Container

Container with all the list of useful tools/commands while hacking Kubernetes Clusters. Read more about it in the blogpost https://blog.madhuakula.com/hacker-container-for-kubernetes-security-assessments-7d1522e96073

List of the tools/commands/utilities available in container are list.todo

How to use Hacker Container

Just run the following command to explore in the docker container environments

docker run --rm -it madhuakula/hacker-container

To deploy as a Pod in Kubernetes cluster run the following command

kubectl run -it hacker-container --image=madhuakula/hacker-container

This container can be used in different ways in different environments, it aids your penetration testing or security assessments of container and Kubernetes cluster environments.

Hacker Container in Action

Feedback/Suggestions

Please feel free to create issue or make a pull request or tweet to me @madhuakula for improvements and suggestions

hacker-container's People

Contributors

Stargazers

Watchers

hacker-container's Issues

Kali?

Any reason this is not based on Kali as a base image?

See https://www.kali.org/docs/containers/official-kalilinux-docker-images/

documentation

Thank you for sharing your great work Madhu. Appreciate if you add elaborate documentation.

dockerd is not getting started and erroring out on iptables legacy issue

dockerd

INFO[2021-09-27T10:31:59.154233728Z] Starting up
INFO[2021-09-27T10:31:59.155458114Z] libcontainerd: started new containerd process pid=301
INFO[2021-09-27T10:31:59.155510290Z] parsed scheme: "unix" module=grpc
INFO[2021-09-27T10:31:59.155527513Z] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2021-09-27T10:31:59.155551030Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 }] } module=grpc
INFO[2021-09-27T10:31:59.155570358Z] ClientConn switching balancer to "pick_first" module=grpc
INFO[2021-09-27T10:31:59.170060879Z] starting containerd revision=7ad184331fa3e55e52b890ea95e65ba581ae3429 version=v1.2.13
ERRO[2021-09-27T10:31:59.170130972Z] failed to change OOM score to -500 error="write /proc/301/oom_score_adj: permission denied"
INFO[2021-09-27T10:31:59.170345114Z] loading plugin "io.containerd.content.v1.content"... type=io.containerd.content.v1
INFO[2021-09-27T10:31:59.170376282Z] loading plugin "io.containerd.snapshotter.v1.btrfs"... type=io.containerd.snapshotter.v1
WARN[2021-09-27T10:31:59.170638172Z] failed to load plugin io.containerd.snapshotter.v1.btrfs error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter"
INFO[2021-09-27T10:31:59.170689862Z] loading plugin "io.containerd.snapshotter.v1.aufs"... type=io.containerd.snapshotter.v1
WARN[2021-09-27T10:31:59.171331974Z] failed to load plugin io.containerd.snapshotter.v1.aufs error="modprobe aufs failed: "modprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1"
INFO[2021-09-27T10:31:59.171351431Z] loading plugin "io.containerd.snapshotter.v1.native"... type=io.containerd.snapshotter.v1
INFO[2021-09-27T10:31:59.171384552Z] loading plugin "io.containerd.snapshotter.v1.overlayfs"... type=io.containerd.snapshotter.v1
INFO[2021-09-27T10:31:59.171482278Z] loading plugin "io.containerd.snapshotter.v1.zfs"... type=io.containerd.snapshotter.v1
INFO[2021-09-27T10:31:59.171726810Z] skip loading plugin "io.containerd.snapshotter.v1.zfs"... type=io.containerd.snapshotter.v1
INFO[2021-09-27T10:31:59.171764853Z] loading plugin "io.containerd.metadata.v1.bolt"... type=io.containerd.metadata.v1
WARN[2021-09-27T10:31:59.171793393Z] could not use snapshotter zfs in metadata plugin error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin"
WARN[2021-09-27T10:31:59.171808584Z] could not use snapshotter btrfs in metadata plugin error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter"
WARN[2021-09-27T10:31:59.171822426Z] could not use snapshotter aufs in metadata plugin error="modprobe aufs failed: "modprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1"
INFO[2021-09-27T10:31:59.171920513Z] loading plugin "io.containerd.differ.v1.walking"... type=io.containerd.differ.v1
INFO[2021-09-27T10:31:59.171950507Z] loading plugin "io.containerd.gc.v1.scheduler"... type=io.containerd.gc.v1
INFO[2021-09-27T10:31:59.172004751Z] loading plugin "io.containerd.service.v1.containers-service"... type=io.containerd.service.v1
INFO[2021-09-27T10:31:59.172032848Z] loading plugin "io.containerd.service.v1.content-service"... type=io.containerd.service.v1
INFO[2021-09-27T10:31:59.172061335Z] loading plugin "io.containerd.service.v1.diff-service"... type=io.containerd.service.v1
INFO[2021-09-27T10:31:59.172078703Z] loading plugin "io.containerd.service.v1.images-service"... type=io.containerd.service.v1
INFO[2021-09-27T10:31:59.172114061Z] loading plugin "io.containerd.service.v1.leases-service"... type=io.containerd.service.v1
INFO[2021-09-27T10:31:59.172133283Z] loading plugin "io.containerd.service.v1.namespaces-service"... type=io.containerd.service.v1
INFO[2021-09-27T10:31:59.172149746Z] loading plugin "io.containerd.service.v1.snapshots-service"... type=io.containerd.service.v1
INFO[2021-09-27T10:31:59.172165105Z] loading plugin "io.containerd.runtime.v1.linux"... type=io.containerd.runtime.v1
INFO[2021-09-27T10:31:59.172246963Z] loading plugin "io.containerd.runtime.v2.task"... type=io.containerd.runtime.v2
INFO[2021-09-27T10:31:59.172316621Z] loading plugin "io.containerd.monitor.v1.cgroups"... type=io.containerd.monitor.v1
INFO[2021-09-27T10:31:59.172830133Z] loading plugin "io.containerd.service.v1.tasks-service"... type=io.containerd.service.v1
INFO[2021-09-27T10:31:59.172855990Z] loading plugin "io.containerd.internal.v1.restart"... type=io.containerd.internal.v1
INFO[2021-09-27T10:31:59.172891733Z] loading plugin "io.containerd.grpc.v1.containers"... type=io.containerd.grpc.v1
INFO[2021-09-27T10:31:59.172909331Z] loading plugin "io.containerd.grpc.v1.content"... type=io.containerd.grpc.v1
INFO[2021-09-27T10:31:59.172927521Z] loading plugin "io.containerd.grpc.v1.diff"... type=io.containerd.grpc.v1
INFO[2021-09-27T10:31:59.172943221Z] loading plugin "io.containerd.grpc.v1.events"... type=io.containerd.grpc.v1
INFO[2021-09-27T10:31:59.172954609Z] loading plugin "io.containerd.grpc.v1.healthcheck"... type=io.containerd.grpc.v1
INFO[2021-09-27T10:31:59.172973022Z] loading plugin "io.containerd.grpc.v1.images"... type=io.containerd.grpc.v1
INFO[2021-09-27T10:31:59.172989597Z] loading plugin "io.containerd.grpc.v1.leases"... type=io.containerd.grpc.v1
INFO[2021-09-27T10:31:59.173003375Z] loading plugin "io.containerd.grpc.v1.namespaces"... type=io.containerd.grpc.v1
INFO[2021-09-27T10:31:59.173016816Z] loading plugin "io.containerd.internal.v1.opt"... type=io.containerd.internal.v1
INFO[2021-09-27T10:31:59.173065528Z] loading plugin "io.containerd.grpc.v1.snapshots"... type=io.containerd.grpc.v1
INFO[2021-09-27T10:31:59.173115059Z] loading plugin "io.containerd.grpc.v1.tasks"... type=io.containerd.grpc.v1
INFO[2021-09-27T10:31:59.173135335Z] loading plugin "io.containerd.grpc.v1.version"... type=io.containerd.grpc.v1
INFO[2021-09-27T10:31:59.173153405Z] loading plugin "io.containerd.grpc.v1.introspection"... type=io.containerd.grpc.v1
INFO[2021-09-27T10:31:59.173405783Z] serving... address="/var/run/docker/containerd/containerd-debug.sock"
INFO[2021-09-27T10:31:59.173497892Z] serving... address="/var/run/docker/containerd/containerd.sock"
INFO[2021-09-27T10:31:59.173515172Z] containerd successfully booted in 0.003936s
INFO[2021-09-27T10:31:59.178963994Z] parsed scheme: "unix" module=grpc
INFO[2021-09-27T10:31:59.178983939Z] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2021-09-27T10:31:59.179026174Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 }] } module=grpc
INFO[2021-09-27T10:31:59.179041994Z] ClientConn switching balancer to "pick_first" module=grpc
INFO[2021-09-27T10:31:59.179808301Z] parsed scheme: "unix" module=grpc
INFO[2021-09-27T10:31:59.179834427Z] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2021-09-27T10:31:59.179859668Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 }] } module=grpc
INFO[2021-09-27T10:31:59.179868818Z] ClientConn switching balancer to "pick_first" module=grpc
INFO[2021-09-27T10:31:59.181143610Z] [graphdriver] using prior storage driver: aufs
WARN[2021-09-27T10:31:59.181158714Z] [graphdriver] WARNING: the aufs storage-driver is deprecated, and will be removed in a future release
WARN[2021-09-27T10:31:59.184272417Z] Your kernel does not support swap memory limit
WARN[2021-09-27T10:31:59.184285777Z] Your kernel does not support cgroup rt period
WARN[2021-09-27T10:31:59.184295754Z] Your kernel does not support cgroup rt runtime
WARN[2021-09-27T10:31:59.184304577Z] Your kernel does not support cgroup blkio weight
WARN[2021-09-27T10:31:59.184314438Z] Your kernel does not support cgroup blkio weight_device
INFO[2021-09-27T10:31:59.184479006Z] Loading containers: start.
WARN[2021-09-27T10:31:59.185419454Z] Running iptables --wait -t nat -L -n failed with message: iptables v1.8.7 (legacy): can't initialize iptables table nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded., error: exit status 3 INFO[2021-09-27T10:31:59.201562743Z] stopping event stream following graceful shutdown error="<nil>" module=libcontainerd namespace=moby INFO[2021-09-27T10:31:59.202006057Z] stopping healthcheck following graceful shutdown module=libcontainerd INFO[2021-09-27T10:31:59.202011436Z] stopping event stream following graceful shutdown error="context canceled" module=libcontainerd namespace=plugins.moby failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.7 (legacy): can't initialize iptables table nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)

Add Kube-Hunter and Kubeletctl to the Hacker-Container

Add KubiScan

A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control (RBAC) authorization model.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.