Skip to content
A collection post-exploitation scripts for determining if that shell you just got is in a container, what kind, and ways to escape.
Go Shell
Branch: master
Clone or download
corysabol Merge pull request #11 from ProfessionallyEvil/enum4k8s
Mergin enum4k8s tool into master
Latest commit 5d47933 Sep 9, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
fingerprinting
misc modified create script to use ENV vars; added script to start container Jul 21, 2018
payloads started Go port; basic docker fingerprinting in place Nov 13, 2018
.gitignore
LICENSE add aibc script, add simple command to find docker.sock in bash Jul 17, 2018
README.md Update README.md Nov 6, 2018
backdoor.sh add backdoor Nov 10, 2018
enum4k8s.go
harpoon.go

README.md

Harpoon

                          ,   ,
    ~~~~~~~~~~~~~~~~~~~~~~~"o"~~~~
            ____________     o
    	 _--            --_ o
        /       ___      __\ o
       / _         _\    \__o 
      / / |              X  |
     / /   \	           /
    / _ \   \             /
    \/ \/    -.____ ____.-

Containerization recon and exploitation tool.
Usage: aibc [options]
Options:
    -c, --check_for_docker_sock         try and find the docker socket on the system, only works if it's named docker.sock
    -d, --dump_container_list           if the docker socket was found then try to query it for a JSON blob of the containers on the host
    -e, --exploit_docker_sock           if the socket was found, try to create a container with host /etc/ mounted and attach a shell
    -g, --check_cgroup                  check the cgroup files for container runtimes, :/docker/, :/garden/, etc
    -f, --find                          use find to try and locate any files with a container runtime in the name
    -m, --check_mac                     check the eth0 mac address, docker assigns in a somewhat predictable manner, UNRELIABLE CHECK
    -s, --docker_sock <socket_path>     specify the path to the docker socket, this is needed for --dump_container_list and --exploit        
    -h, --help                          show this help
        --default                       run all the options
You can’t perform that action at this time.