Kubernetes Goat
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Portainer | 26,681 | 2 | 3 hours ago | 78 | April 21, 2021 | 465 | zlib | Go | ||
| Making Docker and Kubernetes management easy. | ||||||||||
| Trivy | 18,764 | 44 | 4 hours ago | 198 | July 31, 2023 | 188 | apache-2.0 | Go | ||
| Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more | ||||||||||
| Authelia | 17,453 |  | 2 | 5 hours ago | 64 | October 28, 2019 | 98 | apache-2.0 | Go | |
| The Single Sign-On Multi-Factor portal for web apps | ||||||||||
| Vitess | 16,819 | 89 | 2 hours ago | 413 | July 28, 2023 | 825 | apache-2.0 | Go | ||
| Vitess is a database clustering system for horizontal scaling of MySQL. | ||||||||||
| Cilium | 16,557 | 22 | 2 hours ago | 763 | July 27, 2023 | 1,094 | apache-2.0 | Go | ||
| eBPF-based Networking, Security, and Observability | ||||||||||
| Teleport | 15,136 | 8 | 2 hours ago | 252 | July 29, 2021 | 2,366 | apache-2.0 | Go | ||
| Protect access to all of your infrastructure. | ||||||||||
| Linkerd2 | 9,896 | 12 | 11 hours ago | 108 | March 23, 2022 | 250 | apache-2.0 | Go | ||
| Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x. | ||||||||||
| Kubescape | 8,902 | 2 | a day ago | 199 | July 06, 2023 | 49 | apache-2.0 | Go | ||
| Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources. | ||||||||||
| Netmaker | 7,989 | 2 | 9 hours ago | 84 | July 31, 2023 | 166 | other | Go | ||
| Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks. | ||||||||||
| Devops Resources | 7,566 | 2 months ago | 14 | Groovy | ||||||
| DevOps resources - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP | ||||||||||
Kubernetes Goat
✨ The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🚀
🙌 Refer to https://madhuakula.com/kubernetes-goat for the guide 📖
🧰 Setting up Kubernetes Goat
-
Ensure you have admin access to the Kubernetes cluster and installed
kubectl. Refer to the docs for installation -
Ensure you have the
helmpackage manager installed. Refer to the docs for installation -
To set up the Kubernetes Goat resources in your cluster, run the following commands:
git clone https://github.com/madhuakula/kubernetes-goat.git
cd kubernetes-goat
chmod +x setup-kubernetes-goat.sh
bash setup-kubernetes-goat.sh
- Ensure the pods are running before running the access script
kubectl get pods
- Access Kubernetes Goat by exposing the resources to the local system (port-forward) by the following command:
bash access-kubernetes-goat.sh
- Then navigate to
http://127.0.0.1:1234
Refer to https://madhuakula.com/kubernetes-goat/docs/how-to-run for setting up Kubernetes Goat in various environments like GKE, EKS, AKS, K3S, KIND, etc.
🏆 Scenarios
- Sensitive keys in codebases
- DIND (docker-in-docker) exploitation
- SSRF in the Kubernetes (K8S) world
- Container escape to the host system
- Docker CIS benchmarks analysis
- Kubernetes CIS benchmarks analysis
- Attacking private registry
- NodePort exposed services
- Helm v2 tiller to PwN the cluster - [Deprecated]
- Analyzing crypto miner container
- Kubernetes namespaces bypass
- Gaining environment information
- DoS the Memory/CPU resources
- Hacker container preview
- Hidden in layers
- RBAC least privileges misconfiguration
- KubeAudit - Audit Kubernetes clusters
- Falco - Runtime security monitoring & detection
- Popeye - A Kubernetes cluster sanitizer
- Secure network boundaries using NSP
- Cilium Tetragon - eBPF-based Security Observability and Runtime Enforcement
- Securing Kubernetes Clusters using Kyverno Policy Engine
📖 Documentation Guide
Here is the detailed step by step guide for learning and using Kubernetes Goat 🎉: documentation guide
Reference: https://madhuakula.com/kubernetes-goat
⚠️ Disclaimer
Kubernetes Goat has intentionally created vulnerabilities, applications, and configurations to attack and gain access to your cluster and workloads. Please DO NOT run this alongside your production environments and infrastructure. We highly recommend running this in a safe and isolated (contained) environment.
Kubernetes Goat is used for educational purposes only. Do not test or apply these attacks on any systems without permission. Kubernetes Goat comes with absolutely no warranties, by using it you take full responsibility for all outcomes.
📝 License
✨ Acknowledgements
Thanks to to these wonderful people: 🎉
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)
