{"id":13773489,"url":"https://github.com/r0binak/MTKPI","last_synced_at":"2025-05-11T05:34:52.252Z","repository":{"id":190498959,"uuid":"679623735","full_name":"r0binak/MTKPI","owner":"r0binak","description":"🧰 Multi Tool Kubernetes Pentest Image ","archived":false,"fork":false,"pushed_at":"2025-04-16T11:40:39.000Z","size":8766,"stargazers_count":229,"open_issues_count":1,"forks_count":19,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-04-16T12:46:58.695Z","etag":null,"topics":["container-security","image","kubernetes","kubernetes-security","pentest","redteam"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/r0binak.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-17T08:53:49.000Z","updated_at":"2025-04-16T11:40:43.000Z","dependencies_parsed_at":"2024-01-17T13:13:28.789Z","dependency_job_id":"2c6b305b-3fef-447e-909e-cabdbf548f9a","html_url":"https://github.com/r0binak/MTKPI","commit_stats":null,"previous_names":["r0binak/mtkpi"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r0binak%2FMTKPI","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r0binak%2FMTKPI/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r0binak%2FMTKPI/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r0binak%2FMTKPI/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/r0binak","download_url":"https://codeload.github.com/r0binak/MTKPI/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253523689,"owners_count":21921815,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["container-security","image","kubernetes","kubernetes-security","pentest","redteam"],"created_at":"2024-08-03T17:01:16.171Z","updated_at":"2025-05-11T05:34:47.212Z","avatar_url":"https://github.com/r0binak.png","language":"Shell","funding_links":[],"categories":["Tools"],"sub_categories":["Attack"],"readme":"# MTKPI \n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://github.com/r0binak/MTKPI/blob/master/LICENSE)\n[![Github Stars](https://img.shields.io/github/stars/r0binak/MTKPI)](https://github.com/r0binak/MTKPI/stargazers)\n[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](https://github.com/r0binak/MTKPI/pulls)\n[![Docker Pulls MTKPI](https://img.shields.io/docker/pulls/r0binak/mtkpi?logo=docker)](https://hub.docker.com/r/r0binak/mtkpi)\n\n![Logo](images/logo.jpg)\n\n**MTKPI** – Multi Tool Kubernetes Pentest Image. This docker image contains all the most popular and necessary tools for Kubernetes penetration testing. Everything you need at your fingertips.\n\n*Image was generated by [Kandinsky 2.2](https://www.sberbank.com/promo/kandinsky/)*\n\nDisclaimer\n-----\n\n\u003e [!WARNING]  \n\u003e **This is a tool for testing purpose only, do not use it for malicious acts. Some tools inside MTKPI can adversely affect the entire cluster, which in turn can lead to data corruption. Test environments with multiple nodes can be deployed with KIND**\n\n## Motivation\nWhen you're pentesting a Kubernetes cluster, you'll certainly use automated tools to perform the checks. But what if your cluster is network-limited and you can't download the tools you need inside the Pod? Or a read-only container file system? In this case, the only solution is to use a ready-to-use image, inside of which there are all the tools you need. This image includes all possible popular tools for pentesting a Kubernetes cluster, including those with automatic checks.\n\n## Threat Matrix for Kubernetes\n![Logo](images/matrix.png)\nMTKPI covers most of the techniques described in Microsoft Threat Matrix for Kubernetes. This in turn provides a wide range of pentesting possibilities. If necessary, you can add the necessary tools to the image and increase the coverage of the matrix.\n\n## What's inside?\n### Shell via web\nOften, when pentesting Kubernetes Cluster, you have a developer Service Account with limited permissions. In other words, you don't have sufficient permissions to run `pods/exec`, which means you just can't get inside the container. However, it's more common for developers to have rights to create `port-forward`. This is why I used [ttyd](https://github.com/tsl0922/ttyd) as the base image ― it is a simple command-line tool for sharing terminals over the web.\n### Tools\nFor convenience, I also have made a list of all possible tools that can be useful when pentesting Kubernetes and packed it in an image:\n\n- [botb](https://github.com/brompwnie/botb)\n- [kubeletctl](https://github.com/cyberark/kubeletctl)\n- [kubesploit agent](https://github.com/cyberark/kubesploit)\n- [CDK](https://github.com/cdk-team/CDK)\n- [peirates](https://github.com/inguardians/peirates)\n- [traitor](https://github.com/liamg/traitor)\n- [ctrsploit](https://github.com/ctrsploit/ctrsploit)\n- [kdigger](https://github.com/quarkslab/kdigger)\n- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/)\n- [linuxprivchecker](https://github.com/sleventyeleven/linuxprivchecker)\n- [deepce](https://github.com/stealthcopter/deepce)\n- [helm](https://helm.sh)\n- [kube-hunter](https://github.com/aquasecurity/kube-hunter)\n- [kube-bench](https://github.com/aquasecurity/kube-bench)\n- [DDexec](https://github.com/carlospolop/DDexec)\n- [kubetcd](https://github.com/nccgroup/kubetcd)\n\n### Bypass signature engine\nSometimes, runtime security tools are found in Kubernetes clusters that work on a signature-based approach. Security tools like Falco and Tracee are quite easy to bypass, as their behavior is predefined by rules and signatures. There are quite a few ways to do this, one of the simplest being to rename executables. This is the method used in MTKPI.\n\nFor example:\n\n- `kubectl` → `k`\n- `python3` → `pton3`\n- `curl` → `kurl`\n- `wget` → `vget`\n\nYou can read more about the ways to bypass Falco [here](https://github.com/blackberry/Falco-bypasses).\n\n## Usage\n\nFor fast deployment, run the following command:\n```bash\nkubectl apply -f https://raw.githubusercontent.com/r0binak/MTKPI/main/deploy/mtkpi.yaml\n```\n\nPod:\n```yaml\napiVersion: v1\nkind: Pod\nmetadata:\n  name: mtkpi-pod\n  labels:\n    app: mtkpi\nspec:\n  containers:\n  - name: mtkpi-pod\n    image: r0binak/mtkpi:v1\n    ports:\n    - containerPort: 7681\n    securityContext:\n      readOnlyRootFilesystem: true\n```\nService:\n```yaml\napiVersion: v1\nkind: Service\nmetadata:\n  name: mtkpi-svc\n  labels:\n    app: mtkpi\nspec:\n  type: ClusterIP\n  ports:\n  - port: 7681\n    protocol: TCP\n  selector:\n    app: mtkpi\n```\n\nTo access the container, just run the command:\n\n```bash\nkubectl port-forward mtkpi-pod 7681:7681\n```\n\nOpen in your browser:\n\n```\nlocalhost:7681\n```\n![In action](/images/in-action.png)\n\n## Contributing\nIf you liked this, I'd appreciate some PR 🙂\n\n## References\n\n* https://github.com/madhuakula/hacker-container\n* https://github.com/antitree/cmd_and_kubectl_demos/tree/master/images/botty\n* https://github.com/raesene/alpine-containertools\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr0binak%2FMTKPI","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fr0binak%2FMTKPI","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr0binak%2FMTKPI/lists"}