{"id":13473704,"url":"https://github.com/lightspin-tech/red-kube","last_synced_at":"2025-03-26T19:34:36.267Z","repository":{"id":41532974,"uuid":"303978277","full_name":"lightspin-tech/red-kube","owner":"lightspin-tech","description":"Red Team K8S Adversary Emulation Based on kubectl","archived":false,"fork":false,"pushed_at":"2021-05-28T09:13:26.000Z","size":564,"stargazers_count":818,"open_issues_count":4,"forks_count":77,"subscribers_count":48,"default_branch":"main","last_synced_at":"2024-10-30T06:33:21.054Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lightspin-tech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-10-14T10:20:55.000Z","updated_at":"2024-09-16T23:20:22.000Z","dependencies_parsed_at":"2022-09-17T03:11:08.839Z","dependency_job_id":null,"html_url":"https://github.com/lightspin-tech/red-kube","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lightspin-tech%2Fred-kube","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lightspin-tech%2Fred-kube/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lightspin-tech%2Fred-kube/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lightspin-tech%2Fred-kube/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lightspin-tech","download_url":"https://codeload.github.com/lightspin-tech/red-kube/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245722898,"owners_count":20661847,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T16:01:06.119Z","updated_at":"2025-03-26T19:34:34.937Z","avatar_url":"https://github.com/lightspin-tech.png","language":"Python","funding_links":[],"categories":["Python","1 Offensive","Others (1002)","HarmonyOS","0x02 工具 :hammer_and_wrench:","Tools","Open Source Projects"],"sub_categories":["1.9 Tools","Windows Manager","2 云原生工具","Kubernetes"],"readme":"![red-kube](https://github.com/lightspin-tech/red-kube/blob/main/redcube.png)\n\n\nRed Team K8S Adversary Emulation Based on kubectl\n==============================\n\nRed Kube is a collection of kubectl commands written to evaluate the security posture of Kubernetes clusters from the attacker's perspective.\n\nThe commands are either passive for data collection and information disclosure or active for performing real actions that affect the cluster.\n\nThe commands are mapped to MITRE ATT\u0026CK Tactics to help get a sense of where we have most of our gaps and prioritize our findings.\n\nThe current version is wrapped with a python orchestration module to run several commands in one run based on different scenarios or tactics.\n\nPlease use with care as some commands are active and actively deploy new containers or change the role-based access control configuration.\n\n\n**Warning: You should NOT use red-kube commands on a Kubernetes cluster that you don't own!**\n\n## Prerequisites:\n\npython3 requirements\n```bash\npip3 install -r requirements.txt\n```\n\nkubectl (Ubuntu / Debian)\n```bash\nsudo apt-get update\nsudo apt-get install -y apt-transport-https ca-certificates curl\nsudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg\necho \"deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main\" | sudo tee /etc/apt/sources.list.d/kubernetes.list\nsudo apt-get update\nsudo apt-get install -y kubectl\n```\n\nkubectl (Red Hat based)\n```bash\ncat \u003c\u003cEOF \u003e /etc/yum.repos.d/kubernetes.repo\n[kubernetes]\nname=Kubernetes\nbaseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\nEOF\nyum install -y kubectl\n```\n\njq\n```bash\nsudo apt-get update -y\nsudo apt-get install -y jq\n```\n\n## Usage\n```bash\nusage: python3 main.py [-h] [--mode active/passive/all] [--tactic TACTIC_NAME] [--show_tactics] [--cleanup]\n\nrequired arguments:\n--mode            run kubectl commands which are active / passive / all modes\n--tactic          choose tactic\n\nother arguments:\n-h --help         show this help message and exit\n--show_tactics    show all tactics\n\n```\n\n### Commands by MITRE ATT\u0026CK Tactics\n| Tactic | Count |\n|-------|---------|\n| Reconnaissance  | 2 |\n| Initial Access  | 0 |\n| Execution | 0 |\n| Persistence | 2 |\n| Privilege Escalation | 4 |\n| Defense Evasion | 1 |\n| Credential Access | 8 |\n| Discovery | 15 |\n| Lateral Movement | 0 |\n| Collection | 1 |\n| Command and Control | 2 |\n| Exfiltration | 1 |\n| Impact | 0 |\n\n## Webinars\n**1 First Workshop with Lab01 and Lab02 [Webinar Link](https://www.lightspin.io/kubernetes-security-concepts-workshop)**\n\n**2 Second Workshop with Lab03 and Lab04 [Webinar Link](https://www.lightspin.io/webishop-specific-container-security-in-kubernetes)**\n\n## Presentations\n**[BlackHat Asia 2021](https://www.blackhat.com/asia-21/arsenal/schedule/#red-kube-22401)**\n\n## Q\u0026A\n**Why choosing kubectl and not using the kubernetes api in python?**\n\nWhen performing red team assessments and adversary emulations, the quick manipulations and tweaks for the tools used in the arsenal are critical.\n\nThe ability to run such assessments and combine the k8s attack techniques based on kubectl and powerful Linux commands reduces the time and effort significantly.\n\n\n### Contact Us\nThis research was held by Lightspin's Security Research Team.\nFor more information, contact us at support@lightspin.io.\n\n### License\nThis repository is available under the [Apache License 2.0](https://github.com/lightspin-tech/red-kube/blob/main/LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flightspin-tech%2Fred-kube","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flightspin-tech%2Fred-kube","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flightspin-tech%2Fred-kube/lists"}