• Stars
    star
    3,454
  • Rank 12,915 (Top 0.3 %)
  • Language
    HTML
  • License
    MIT License
  • Created over 4 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground ๐Ÿš€

Kubernetes Goat

Kubernetes Goat

โœจ The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security ๐Ÿš€

๐Ÿ™Œ Refer to https://madhuakula.com/kubernetes-goat for the guide ๐Ÿ“–

Netlify Status License: MIT GitHub release Github Stars PRs Welcome Docker Pulls Kubernetes Goat Twitter Discord

Kubernetes Goat Home

๐Ÿงฐ Setting up Kubernetes Goat

  • Ensure you have admin access to the Kubernetes cluster and installed kubectl. Refer to the docs for installation

  • Ensure you have the helm package manager installed. Refer to the docs for installation

  • To set up the Kubernetes Goat resources in your cluster, run the following commands:

git clone https://github.com/madhuakula/kubernetes-goat.git
cd kubernetes-goat
chmod +x setup-kubernetes-goat.sh
bash setup-kubernetes-goat.sh
  • Ensure the pods are running before running the access script
kubectl get pods

all pods running in kubectl get pods

  • Access Kubernetes Goat by exposing the resources to the local system (port-forward) by the following command:
bash access-kubernetes-goat.sh

Refer to https://madhuakula.com/kubernetes-goat/docs/how-to-run for setting up Kubernetes Goat in various environments like GKE, EKS, AKS, K3S, KIND, etc.

๐Ÿ† Scenarios

  1. Sensitive keys in codebases
  2. DIND (docker-in-docker) exploitation
  3. SSRF in the Kubernetes (K8S) world
  4. Container escape to the host system
  5. Docker CIS benchmarks analysis
  6. Kubernetes CIS benchmarks analysis
  7. Attacking private registry
  8. NodePort exposed services
  9. Helm v2 tiller to PwN the cluster - [Deprecated]
  10. Analyzing crypto miner container
  11. Kubernetes namespaces bypass
  12. Gaining environment information
  13. DoS the Memory/CPU resources
  14. Hacker container preview
  15. Hidden in layers
  16. RBAC least privileges misconfiguration
  17. KubeAudit - Audit Kubernetes clusters
  18. Falco - Runtime security monitoring & detection
  19. Popeye - A Kubernetes cluster sanitizer
  20. Secure network boundaries using NSP
  21. Cilium Tetragon - eBPF-based Security Observability and Runtime Enforcement
  22. Securing Kubernetes Clusters using Kyverno Policy Engine

๐Ÿ“– Documentation Guide

Here is the detailed step by step guide for learning and using Kubernetes Goat ๐ŸŽ‰: documentation guide

Kubernetes Goat Documentation Guide

Reference: https://madhuakula.com/kubernetes-goat

โš ๏ธ Disclaimer

Kubernetes Goat has intentionally created vulnerabilities, applications, and configurations to attack and gain access to your cluster and workloads. Please DO NOT run this alongside your production environments and infrastructure. We highly recommend running this in a safe and isolated (contained) environment.

Kubernetes Goat is used for educational purposes only. Do not test or apply these attacks on any systems without permission. Kubernetes Goat comes with absolutely no warranties, by using it you take full responsibility for all outcomes.

๐Ÿ“ License

MIT

โœจ Acknowledgements

Thanks to to these wonderful people: ๐ŸŽ‰

madhuakula
madhuakula
apvarun
apvarun
ant4g0nist
ant4g0nist
phpsystems
phpsystems
adamhurm
adamhurm
malwareowl
malwareowl
mkcn
mkcn
0xCardinal
0xCardinal
macagr
macagr
rewanthtammana
rewanthtammana
avicoder
avicoder
dependabot[bot]
dependabot[bot]
AmeerAssadi
AmeerAssadi
NF997
NF997
smoyer64
smoyer64
suneshgovind
suneshgovind
wurstbrot
wurstbrot
shivankar-madaan
shivankar-madaan
bzd111
bzd111
hexachordanu
hexachordanu
podjackel
podjackel
ravenium
ravenium

More Repositories

1

hacker-container

The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Containers, Kubernetes Clusters, and Cloud Native workloads.
Dockerfile
225
star
2

wincmdfu

Windows one line commands that make life easier, shortcuts and command line fu.
173
star
3

security-automation-with-ansible-2

Ansible Playbooks for Security Automation with Ansible2 book
HTML
96
star
4

docker-security-checker

Dockerfile Security Checker using OPA Rego policies with Conftest
Open Policy Agent
51
star
5

PaloaltoNetworks-Custom-URL-Category

Automated PAN Firewall Custom URL Category using Python and PAN API
Python
14
star
6

hacked-emails

Command line hacked-emails
Go
10
star
7

aws-iam-analyser

AWS IAM Analysis utility to gather entire useful information from an AWS account
Python
10
star
8

introduction-to-containers-using-docker

An Introduction to Containers using Docker and using it for Security Automation - null Bangalore Puliya
HTML
8
star
9

what-is-this-secret

What is this secret?
Go
5
star
10

kubernetes-network-security-boundaries

Python
4
star
11

null-puliya-markdown-automation

Automating Documentation, Presentation, Knowledge base using Markdown (Zero to Hero)
HTML
4
star
12

random-scripts

some useful scripts
Shell
4
star
13

madhuakula.com

Madhu Akula's website
Shell
3
star
14

madhuakula

2
star
15

toc-page-hugo-theme

Table of Contents Page (toc-page) is a minimal, single-page theme for Hugo
HTML
2
star
16

kubernetes-security-resources

A curated list of kubernetes security related resources (Tools, Blog Posts, Videos, Docs, Books, etc.)
2
star
17

present

Reveal JS presentation with reveal-md using Docker
1
star
18

security-headers

Security Headers of any website
1
star
19

PAC

Palo Alto Networks Command Line Utility
1
star
20

content

HTML
1
star