creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 06:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-kubernetes-penetration-testing/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

41 lines
1.5 KiB
Markdown
Raw Blame History

# API Reference — Performing Kubernetes Penetration Testing
## Libraries Used
- **subprocess**: Execute kubectl commands for cluster reconnaissance and testing
- **json**: Parse Kubernetes API JSON output
## CLI Interface
```
python agent.py recon
python agent.py sa-perms [--namespace default]
python agent.py dashboards
python agent.py escape [--namespace default]
```
## Core Functions
### `enumerate_cluster_info()` — Cluster reconnaissance
Gathers: K8s version, node info (OS, kubelet), namespaces, services with types/ports.
### `test_service_account_permissions(namespace)` — RBAC permission testing
Tests 8 permissions via `kubectl auth can-i`:
get pods, list/get secrets, create pods, exec into pods, get nodes, list namespaces, create clusterroles.
### `scan_exposed_dashboards()` — Find management interfaces
Searches for: dashboard, grafana, prometheus, kibana, jaeger, argocd, rancher, lens.
Flags LoadBalancer/NodePort services as externally accessible.
### `check_pod_escape_vectors(namespace)` — Container escape analysis
Detects: privileged mode, CAP_SYS_ADMIN/SYS_PTRACE, hostPath mounts (/, /etc, docker.sock, /proc, /sys),
hostPID namespace, hostNetwork.
## Dangerous Permissions (CRITICAL)
- `list secrets` / `get secrets --all-namespaces`
- `create pods` (pod creation with escalation)
- `create pods/exec` (remote code execution)
- `create clusterroles` (RBAC escalation)
## Dependencies
System: kubectl with cluster access
No Python packages required.
Reference in New Issue View Git Blame Copy Permalink