https://github.com/sleventyeleven/kubernetes-harvester
Credential and sensitive information harvester for kubernetes environments.
https://github.com/sleventyeleven/kubernetes-harvester
devops devops-tools kubernetes kubernetes-harvester oscp security
Last synced: about 1 year ago
JSON representation
Credential and sensitive information harvester for kubernetes environments.
- Host: GitHub
- URL: https://github.com/sleventyeleven/kubernetes-harvester
- Owner: sleventyeleven
- License: mit
- Created: 2020-12-03T05:38:48.000Z (over 5 years ago)
- Default Branch: main
- Last Pushed: 2021-03-02T07:27:45.000Z (over 5 years ago)
- Last Synced: 2025-03-26T15:43:10.957Z (over 1 year ago)
- Topics: devops, devops-tools, kubernetes, kubernetes-harvester, oscp, security
- Language: Python
- Homepage:
- Size: 13.7 KB
- Stars: 11
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Kubernetes-Harvester
## Overview
harvester.py is a fairly simple script that attempt to utilize the automountservicetoken or ~/.kube/config
credentials to request all pod specs from kubernetes.
The each pod spec's container(s) environment variables are then reviewed for key words which could indicate potential credentials.
The script then goes further to similar examine any configmaps loaded into a containers Env and also reviews the Env hardcoded with the image manifest.
Finally it checks to see if auth tokens for the main cloud providers can be requested via the metadata API.
## Basic Usage
usage: harvester.py [-h] [-v] [-w] [-o OUTFILE]
Try to gather potential creds from kubernetes
optional arguments:
-h, --help show this help message and exit
-v, --verbose Whether or not to display additional log information
-w, --write Whether to write a log file, can be used with -0 to
specify name/location
-o OUTFILE, --outfile OUTFILE
The file to write results (needs to be writable for
current user)
## TODO
* Enhance configmap code to include nested maps and function loads like container envFrom
* Review command history for other interesting files that might be embedded within the image