mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-10 21:24:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
1.5 KiB
1.5 KiB
API Reference: Performing Container Escape Detection
kubernetes Python Client
from kubernetes import client, config
config.load_kube_config() # or config.load_incluster_config()
v1 = client.CoreV1Api()
pods = v1.list_pod_for_all_namespaces()
for pod in pods.items:
spec = pod.spec
# Check host namespace sharing
print(spec.host_pid, spec.host_network, spec.host_ipc)
for c in spec.containers:
sc = c.security_context
if sc:
print(sc.privileged, sc.capabilities, sc.run_as_user)
for vol in spec.volumes or []:
if vol.host_path:
print(vol.host_path.path)
Container Escape Vectors
| Vector | Field | Severity |
|---|---|---|
| Privileged mode | securityContext.privileged |
CRITICAL |
| SYS_ADMIN cap | capabilities.add |
CRITICAL |
| Docker socket | hostPath: /var/run/docker.sock |
CRITICAL |
| Host PID ns | hostPID: true |
HIGH |
| Host Network | hostNetwork: true |
HIGH |
| Writable / mount | hostPath: / |
CRITICAL |
| Run as root | runAsUser: 0 |
MEDIUM |
Dangerous Linux Capabilities
SYS_ADMIN, SYS_PTRACE, SYS_RAWIO, SYS_MODULE,
DAC_READ_SEARCH, NET_ADMIN, NET_RAW
References
- kubernetes Python client: https://github.com/kubernetes-client/python
- Pod Security Standards: https://kubernetes.io/docs/concepts/security/pod-security-standards/
- Container escapes: https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/