{"id":13645805,"url":"https://github.com/cyberark/kubeletctl","last_synced_at":"2025-04-04T17:08:19.489Z","repository":{"id":38195513,"uuid":"253574487","full_name":"cyberark/kubeletctl","owner":"cyberark","description":"A client for kubelet","archived":false,"fork":false,"pushed_at":"2023-10-11T21:05:31.000Z","size":15895,"stargazers_count":686,"open_issues_count":7,"forks_count":76,"subscribers_count":29,"default_branch":"master","last_synced_at":"2024-04-16T00:16:27.606Z","etag":null,"topics":["client","containers","devops","devops-tools","golang","kubelet","kubelet-cri","kubeletctl","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyberark.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-04-06T17:52:15.000Z","updated_at":"2024-04-15T08:06:41.000Z","dependencies_parsed_at":"2024-01-13T12:23:02.883Z","dependency_job_id":"3d0ffe92-25b9-4cd8-b4bd-acfa552009d8","html_url":"https://github.com/cyberark/kubeletctl","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":"cyberark/conjur-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fkubeletctl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fkubeletctl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fkubeletctl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fkubeletctl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyberark","download_url":"https://codeload.github.com/cyberark/kubeletctl/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247217184,"owners_count":20903009,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["client","containers","devops","devops-tools","golang","kubelet","kubelet-cri","kubeletctl","kubernetes"],"created_at":"2024-08-02T01:02:42.250Z","updated_at":"2025-04-04T17:08:19.472Z","avatar_url":"https://github.com/cyberark.png","language":"Go","funding_links":[],"categories":["Kubernetes tooling","Repositories / Tools","蓝队工具","Diagnostics \u0026 Troubleshooting","Go","kubernetes","Tools"],"sub_categories":["Attacking","红队工具","Kubernetes"],"readme":"[![GitHub release][release-img]][release]\n[![License][license-img]][license]\n[![Go version][shield-go-version]][go-version]\n![Downloads][download]\n\n\u003cimg src=\"https://github.com/cyberark/kubeletctl/blob/assets/kubeletctl_2x_transparent.png\" width=\"260\"\u003e  \n\n## Overview\nKubeletctl is a command line tool that implement kubelet's API.  \nPart of kubelet's API is documented but most of it is not.  \nThis tool covers all the documented and undocumented APIs.  \nThe full list of all kubelet's API can be view through the tool or this [API table](https://github.com/cyberark/kubeletctl/blob/master/API_TABLE.md).  \nA related blog post:  \nhttps://www.cyberark.com/resources/threat-research-blog/using-kubelet-client-to-attack-the-kubernetes-cluster\n\n## What can it do ?\n- Run any kubelet API call\n- Scan for nodes with opened kubelet API\n- Scan for containers with RCE\n- Run a command on all the available containers by kubelet at the same time\n- Get service account tokens from all available containers by kubelet\n- Nice printing :)\n\n## Installation  \nOn the [releases](https://github.com/cyberark/kubeletctl/releases) page you will find the latest releases with links based on the operating system.  \n\nFor the following examples, we will use the kubeletctl_linux_amd64 binary link. If you plan to use other link, change it accordingly.   \n### wget\n```\nwget https://github.com/cyberark/kubeletctl/releases/download/v1.13/kubeletctl_linux_amd64 \u0026\u0026 chmod a+x ./kubeletctl_linux_amd64 \u0026\u0026 mv ./kubeletctl_linux_amd64 /usr/local/bin/kubeletctl\n```  \n\n### curl\n```\ncurl -LO https://github.com/cyberark/kubeletctl/releases/download/v1.13/kubeletctl_linux_amd64 \u0026\u0026 chmod a+x ./kubeletctl_linux_amd64 \u0026\u0026 mv ./kubeletctl_linux_amd64 /usr/local/bin/kubeletctl\n```\n\n## Usage\nkubeletctl works similar to kubectl, use the following syntax to run commands:  \n```\nUsage:\n  kubeletctl [flags]\n  kubeletctl [command]\n\nAvailable Commands:\n  attach        Attach to a container\n  configz       Return kubelet's configuration.\n  containerLogs Return container log\n  cri           Run commands inside a container through the Container Runtime Interface (CRI)\n  debug         Return debug information (pprof or flags)\n  exec          Run commands inside a container\n  healthz       Check the state of the node\n  help          Help about any command\n  log           Return the log from the node.\n  metrics       Return resource usage metrics (such as container CPU, memory usage, etc.)\n  pods          Get list of pods on the node\n  portForward   Attach to a container\n  run           Run commands inside a container\n  runningpods   Returns all pods running on kubelet from looking at the container runtime cache.\n  scan          Scans for nodes with opened kubelet API\n  spec          Cached MachineInfo returned by cadvisor\n  stats         Return statistical information for the resources in the node.\n  version       Print the version of the kubeletctl\n\nFlags:\n      --cacert string      CA certificate (example: /etc/kubernetes/pki/ca.crt )\n      --cert string        Private key (example: /var/lib/kubelet/pki/kubelet-client-current.pem)\n      --cidr string        A network of IP addresses (Example: x.x.x.x/24)\n  -k, --config string      KubeConfig file\n  -c, --container string   Container name\n  -h, --help               help for kubeletctl\n      --http               Use HTTP (default is HTTPS)\n  -i, --ignoreconfig       Ignore the default KUBECONFIG environment variable or location ~/.kube\n      --key string         Digital certificate (example: /var/lib/kubelet/pki/kubelet-client-current.pem)\n  -n, --namespace string   pod namespace\n  -p, --pod string         Pod name\n      --port string        Kubelet's port, default is 10250\n  -r, --raw                Prints raw data\n  -s, --server string      Server address (format: x.x.x.x. For Example: 123.123.123.123)\n  -u, --uid string         Pod UID\n\nUse \"kubeletctl [command] --help\" for more information about a command.\n\n```\n\nTo view the details on each command or subcommand use the `-h`\\\\`--help` switch.\n\n## Demo\n![kubeletctl](https://github.com/cyberark/kubeletctl/blob/assets/kubeletctl_gif2.gif)\n\n\n\n## Build  \nPrerequisite:  \n-  [go](https://golang.org/doc/install)  \n-  [gox](https://github.com/mitchellh/gox)  \n\nTo build the project run:  \n```\n# If some of the libraries are not installed\ngo mod tidy\nmake -j all\n```\n\nThis will create `build/kubeletctl_{{.OS}}_{{.Arch}}` binaries.  \n\nFor Windows users it is possible to use `gox` directly:  \n```\ngox -ldflags \"-s -w\" -osarch linux/amd64 -osarch linux/386 -osarch windows/amd64 -osarch windows/386 -osarch=\"darwin/amd64\"\n```\n\n## Build with Dockerfile locally\nYou can use the attached release Dockerfile to build a local image by running:  \n```\nmake docker-release\n```\n\nThen run:  \n```\ndocker run -it --rm kubeletctl:release\n```\n\nThis will fetch and unpack the latest release binary into the Dockerfile.\n\nIf you wish to build from source run:\n```\nmake docker\n```\n\nThen run:  \n```\ndocker run -it --rm kubeletctl:latest\n```\n\n## Contributing\n\nWe welcome contributions of all kinds to this repository.  \nFor instructions on how to get started and descriptions\nof our development workflows, please see our [contributing guide](https://github.com/cyberark/conjur-api-go/blob/master/CONTRIBUTING.md).\n\n## License\nCopyright (c) 2020 CyberArk Software Ltd. All rights reserved  \nThis repository is licensed under Apache License 2.0 - see [`LICENSE`](LICENSE) for more details.\n\n## Share Your Thoughts And Feedback\nFor more comments, suggestions or questions, you can contact Eviatar Gerzi ([@g3rzi](https://twitter.com/g3rzi)) from CyberArk Labs.\nYou can find more projects developed by us in https://github.com/cyberark/.\n\n[release-img]: https://img.shields.io/github/release/cyberark/kubeletctl.svg\n[release]: https://github.com/cyberark/kubeletctl/releases\n\n[license-img]: https://img.shields.io/github/license/cyberark/kubeletctl.svg\n[license]: https://github.com/cyberark/kubeletctl/blob/master/LICENSE\n\n[shield-go-version]: https://img.shields.io/github/go-mod/go-version/cyberark/kubeletctl\n[go-version]: https://github.com/cyberark/kubeletctl/blob/master/go.mod\n\n[download]: https://img.shields.io/github/downloads/cyberark/kubeletctl/total?logo=github\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fkubeletctl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberark%2Fkubeletctl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fkubeletctl/lists"}