https://github.com/jpts/coredns-enum
Discover K8s Services & Pods through DNS Records in CoreDNS
https://github.com/jpts/coredns-enum
coredns enumeration kubernetes networking security
Last synced: about 1 year ago
JSON representation
Discover K8s Services & Pods through DNS Records in CoreDNS
- Host: GitHub
- URL: https://github.com/jpts/coredns-enum
- Owner: jpts
- Created: 2022-11-13T21:06:49.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-03-17T13:34:14.000Z (over 2 years ago)
- Last Synced: 2024-06-21T14:09:20.251Z (about 2 years ago)
- Topics: coredns, enumeration, kubernetes, networking, security
- Language: Go
- Homepage:
- Size: 73.2 KB
- Stars: 5
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CoreDNS Enum
A tool to enumerate Kubernetes network information through DNS alone. It attempts to list service IPs, ports, and service endpoint IPs where possible.
The tool has two modes: wildcard & bruteforce. It will automagically detect if the DNS server you are targeting supports CoreDNS wildcards (< v1.9.0) and fallback to the bruteforce method if not. The bruteforce mode also tries to guess sensible CIDR ranges to scan by default (through parsing the API server HTTPS certificate). You can override this.
NB: Bruteforce mode should work against any DNS server compliant to the [Kubernetes DNS Spec](https://github.com/kubernetes/dns/blob/master/docs/specification.md).
```
Usage:
coredns-enum [flags]
Flags:
--cidr string Range to scan in bruteforce mode
-h, --help help for coredns-enum
-v, --loglevel int Set loglevel (-1 => 5) (default 1)
-t, --max-workers int Number of 'workers' to use for concurrency (default 50)
-m, --mode string Select mode: wildcard|bruteforce|auto (default "auto")
-n, --nsip string Nameserver to use (detected by default)
--nsport int Nameserver port to use (detected by default) (default 53)
--protocol string DNS protocol: udp|tcp|auto (default "auto")
--timeout float32 DNS query timeout (seconds) (default 0.5)
--zone string DNS zone (default "cluster.local")
```