Skip to content

Exploit: service probe

cdxy edited this page Nov 27, 2020 · 2 revisions

Exploit: service-probe

扫描指定网段的端口识别敏感服务如kubelet, K8s dashboard, docker API以及其他服务,便于发现后续攻击点。


Scan targeted subnet IP/Port in order to find service like kubelet, K8s dashboard, docker and other APIs for further exploiting.

If you want to customize scan task, see


cdk run service-probe <ip-range>

Valid input is an IP range like or just a single IP like


// find K8s api-server addr
env | grep KUBE 
// scan its open service
./cdk run service-probe


edit this pre-defined sensitive PORTs in then rebuild CDK.

var TCPScannerConf = TCPScannerConfS{
	Timeout:     500 * time.Millisecond,
	MaxParallel: 50,
	PortList: map[string]string{
		//"test": "1-3",
		"http":             "80",
		"https":            "443",
		"ssh":              "22",
		"docker-api":       "2375",
		"http-1":           "8080",
		"https-1":          "8443",
		"k8s-api-server":   "6443",
		"kubelet-auth":     "10250",
		"kubelet-read":     "10255",
		"nodeport-service": "30000-32767", //default NodePort service port range:30000-32767。