CDK is a specialized toolset for container security auditing, container escape exploitation, and cloud infrastructure pentesting. It provides a collection of scripts and tools designed to identify and exploit vulnerabilities in container runtimes to break out of isolated environments and execute commands on the underlying host operating system. The project features a dedicated Docker runtime exploit suite for abusing the Docker API, procfs, and cgroups to gain unauthorized host-level access. It includes specific techniques for bypassing isolation via LXCFS, user namespace exploitation, and ho
Kube-hunter is a security scanner and vulnerability hunter for Kubernetes clusters. It operates as a cloud-native penetration tool designed to identify security weaknesses, infrastructure misconfigurations, and exploitable gaps by simulating attacker techniques. The tool distinguishes itself through a dual-mode scanning engine that executes both remote external probes and internal network scans. It features identity-based impersonation, allowing it to use service account tokens and pod identities to simulate security access from specific cluster roles and determine the potential blast radius
kube-bench is a Kubernetes security benchmark scanner and configuration auditor. It verifies if a cluster adheres to the Center for Internet Security standards and other hardening guides to identify security misconfigurations and vulnerabilities. The tool operates as a containerized security scanner, utilizing host namespaces to analyze nodes and control plane components without requiring the installation of binaries directly on the host. It supports multiple Kubernetes distributions, applying environment-specific benchmarks to ensure auditing accuracy for managed services. The project cover
问脉已接入 openai, 可以使用 openai 对扫描的结果进行人性化分析,让您更加清晰的了解本次扫描发现了哪些风险。