Penetration Testing tool specially built for Cloud-Native environment.
The tool is meant to be run inside a "breached" container. To imitate this behaivour we will upload the tool to a chosen container and use it from there.
In-order to do that we can use the script run_on_pod.sh:
foo@bar:~$ ./run_on_pod.sh
Usage: ./run_on_pod.sh <pod-name>
foo@bar:~$ ./run_on_pod.sh messageproxy
Found pod: messageproxy-5bbb44f79-l2c9h!
Uploading pentest tool to pod... Done!
Running shell on pod. The tool located at /pentest
root@messageproxy-5bbb44f79-l2c9h:/#From now we have a shell on the "breached" pod and we can run the pentest tool:
root@messageproxy-5bbb44f79-l2c9h:/# /pentest
This tool is made for Penetration Testing cloud-native,
kubernetes environment. Use pentest run to start.
Usage:
pentest [command]
Available Commands:
extractors Extractors command
help Help about any command
run Start penetration testing environment
testers Testers command
Flags:
-h, --help help for pentest
Use "pentest [command] --help" for more information about a command.And we can run it simply using the "run" command:
root@messageproxy-5bbb44f79-l2c9h:/# /pentest run
[INFO] Phase 1 - Check if Kubernetes is RBAC mis-configured
[INFO] Kubernetes cluster api is accessible! There are 61 pods on cluster!
[INFO] Phase 1 - Done.
[INFO] Phase 2 - Extracting cluster data.
[INFO] Collecting using extractors.ArpCacheExtractor...
[INFO] Collecting using extractors.ArpScanExtractor...
[INFO] Scanning subnet 10.100.1.87/24
...Before start, enter pipenv environment:
foo@bar:~$ pipenv shell
Launching subshell in virtual environment…And then run
(pentest) foo@bar:~$ pipenv install
Installing dependencies from Pipfile.lock (da70db)…
...Just run ./build.py:
(pentest) foo@bar:~$ ./build.py
Building target: linux
Getting go dependencies...
Done.
Building...
Done.
Building target: darwin
Getting go dependencies...
...Simply create new file inside src/pentest/extractors directory. It should be inside the extractors package and have the following structure:
package extractors
import (
"pentest/engine"
)
type ExampleExtractor struct{}
func (e ExampleExtractor) Extract() {
// The actual extracting logic
engine.Logger.Debugf("Extracting targets from example")
engine.AddIP("111.111.11.11")
engine.AddPort(1337)
engine.AddUsername("example")
engine.AddPassword("victory")
}
func (e ExampleExtractor) Summary() {
// Summary printed after finishing extractors phase
engine.Logger.Infof("IPs extracted using %T:", e)
for _, ip := range engine.GetIPsByOrigin(e) {
engine.Logger.Infof(" %s", ip)
}
}
func init() {
engine.Logger.Debugf("Adding Example Extractor")
engine.AddExtractor(ExampleExtractor{})
}Very similar to adding Extractor. Create a new file inside src/pentest/testers directory with the following structure:
package testers
import (
"pentest/engine"
)
type ExampleTester struct{}
func (tester ExampleTester) Test(target engine.Target) {
engine.Logger.Infof("Testing %s!", target)
engine.AddTestResult(tester, target, "Found example")
}
func init() {
engine.Logger.Debugf("Adding Example Tester")
engine.AddTester(ExampleTester{})
}