Skip to content

powellsz/kubernetes-goat

 
 

Repository files navigation

Kubernetes Goat

Netlify Status License: MIT GitHub release Github Stars PRs Welcome Twitter

The Kubernetes Goat designed to be intentionally vulnerable cluster environment to learn and practice Kubernetes security.

Refer to https://madhuakula.com/kubernetes-goat for the guide.

Kubernetes-Goat logo

Recent Kubernetes Goat Presentation & Video at OWASP Bay Area Meetup

Introducing Kubernetes Goat - OWASP Bay Area Meetup

https://youtu.be/DQllxpb46Yw

🎲 Just click and Play in browser for free using Katacoda Playground - Try now

Katacoda Playground Kubernetes Goat

https://katacoda.com/madhuakula/scenarios/kubernetes-goat

⚙️ Setting up Kubernetes Goat

  • Before we setup the Kubernetes Goat, ensure that you have created and admin access to the Kubernetes cluster
kubectl version --short
  • Setup the helm version 2 in path as helm2. Refer to helm releases for more information about setup
helm2 --help
  • Then finally setup Kubernetes Goat by running the following command
git clone https://github.com/madhuakula/kubernetes-goat.git
cd kubernetes-goat
bash setup-kubernetes-goat.sh
  • To export the ports/services locally to start learning, run the following command
bash access-kubernetes-goat.sh

🏁 Scenarios

  1. Sensitive keys in code bases
  2. DIND(docker-in-docker) exploitation
  3. SSRF in K8S world
  4. Container escape to access host system
  5. Docker CIS Benchmarks analysis
  6. Kubernetes CIS Benchmarks analysis
  7. Attacking private registry
  8. NodePort exposed services
  9. Helm v2 tiller to PwN the cluster
  10. Analysing crypto miner container
  11. Kubernetes Namespaces bypass
  12. Gaining environment information
  13. DoS the memory/cpu resources
  14. Hacker Container preview

Kubernetes Goat Home

❤️ Showcase

⚠️ Disclaimer

Kubernetes Goat creates intentionally vulnerable resources into your cluster. DO NOT deploy Kubernetes Goat in a production environment or alongside any sensitive cluster resources.

Kubernetes Goat comes with absolutely no warranties whatsoever. By using Kubernetes Goat, you take full responsibility for any and all outcomes that result.

✨ Contributors

Thanks goes to these wonderful people 🎉

madhuakula
madhuakula
wurstbrot
wurstbrot
podjackel
podjackel

About

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • HTML 72.3%
  • Shell 10.6%
  • Dockerfile 7.5%
  • JavaScript 4.5%
  • Smarty 2.6%
  • Python 2.0%
  • Go 0.5%