badPods
prowler
badPods | prowler | |
---|---|---|
2 | 1 | |
529 | 7,019 | |
0.0% | - | |
1.8 | 10.0 | |
almost 2 years ago | over 1 year ago | |
Shell | Shell | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
badPods
- Bad Pods: Kubernetes Pod Privilege Escalation
-
[Security] Escaping a docker container through the web shell
Here is the section where I show a few different ways to exploit privileged mode using the Felix Wilhelm technique. https://github.com/BishopFox/badPods/tree/main/manifests/priv#remote-code-execution.
prowler
-
How to do AWS security assesment?
https://github.com/toniblyx/prowle (it's look like huge checklist)
What are some alternatives?
sig-security - 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
bucketeer - Bucketeer is a small script that builds off the useful Sublist3r tool. The Tool tries to identify S3 Buckets and other useful subdomain information, that is used to perform subdomain takeover attacks.
podschecker - podschecker is a simple script thats check your pods health on your terminal, it can send x11 notifications
git-landmine - create local malicious git repo
prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
yatas - :owl::mag_right: A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
s3audit-ts - CLI tool for auditing S3 buckets
cloudtrail-event-fuzzy-viewer - cli tool for searching cloudtrail events using fuzzy search
og-aws - 📙 Amazon Web Services — a practical guide
Datovy - Heathcare Communicable Disease Data Repository
cybersecurity-security-harderning - A collection of awesome security hardening software, libraries, learning tutorials & documents, e-books, best practices, checklists, benchmarks about hardening in Cybersecurity
cset - Cybersecurity Evaluation Tool