• Stars
    star
    586
  • Rank 76,279 (Top 2 %)
  • Language
    Python
  • License
    BSD 3-Clause "New...
  • Created over 5 years ago
  • Updated almost 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

Cloud Container Attack Tool (CCAT ☁️🐈)

Rhino PyPI GitHub license PRs Welcome

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

Quick reference

Requirements

  • Python 3.5+ is required.
  • Docker is required. Note: CCAT is tested with Docker Engine 19.03.1 version.
  • Named profile is required for using AWS functionality.
  • A service account or access token is required for using GCP functionality.

Installation

We recommend using the provided Docker image to run CCAT, so that you will not face any difficulty with the required dependencies on your own system.

Install CCAT from source

  $ git clone https://github.com/RhinoSecurityLabs/ccat.git
  $ cd ccat
  $ python3 setup.py install
  $ python3 ccat.py

Use CCAT's Docker Image

Warning: Running this command will mount your local AWS configuration files into the Docker container when it is launched. This means that any user with access to the container will have access to your host computer's AWS credentials.

Warning: Running this command will mount your local Unix socket that Docker daemon listens on by default into the Docker container when it is launched. This means that users with access to the container will have access to your Docker daemon, meaning they could escape to your host computer with ease.

  $ docker run -it -v ~/.aws:/root/.aws/ -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/app/ rhinosecuritylabs/ccat:latest

Getting Started

Example Usage

Below is an example scenario to demonstrate the usage of CCAT.

Starting with compromised AWS credentials, the attacker enumerates and explores ECR repositories. Then, the attacker found that they use NGINX Docker image and pulled that Docker image from ECR. Furthermore, the attacker creates a reverse shell backdoor into the target Docker image. Finally, the attacker pushes the backdoored Docker image to ECR.

Exploitation Route:

Roadmap

  • Container Escape Features
  • Amazon ECS Attack Features
  • Amazon EKS Attack Features
  • Azure Container Related Attack Features
  • GCP Container Related Attack Features
  • OpenShift Container Related Attack Features
  • IBM Cloud Container Related Attack Features
  • Alibaba Cloud Container Related Attack Features

Disclaimer

  • CCAT is tool that comes with absolutely no warranties whatsoever. By using CCAT, you take full responsibility for any and all outcomes that result.

More Repositories

1

pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Python
4,339
star
2

cloudgoat

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
Python
2,923
star
3

Security-Research

Exploits written by the Rhino Security Labs team
Python
1,057
star
4

AWS-IAM-Privilege-Escalation

A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.
894
star
5

IPRotate_Burp_Extension

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
Python
809
star
6

CVEs

A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
Python
793
star
7

GCPBucketBrute

A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
Python
478
star
8

SleuthQL

Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
Python
464
star
9

Cloud-Security-Research

Cloud-related research releases from the Rhino Security Labs team.
Python
353
star
10

GCP-IAM-Privilege-Escalation

A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.
Python
336
star
11

Swagger-EZ

A tool geared towards pentesting APIs using OpenAPI definitions.
JavaScript
169
star
12

IAMActionHunter

An AWS IAM policy statement parser and query tool.
Python
154
star
13

Aggressor-Scripts

Aggregation of Cobalt Strike's aggressor scripts.
PowerShell
144
star
14

dsnap

Utility for downloading and mounting EBS snapshots using the EBS Direct API's
Python
73
star
15

Presentations

A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.
37
star
16

little-stitch

Send and receive bypassing Little Snitch alerting.
Go
10
star