pentest-container-k8s
npx machina-cli add skill 0x-Professor/Agent-Skills-Hub/pentest-container-k8s --openclawFiles (1)
SKILL.md
1.3 KB
Pentest Container K8s
Stage
- PTES: 5-6
- MITRE: T1610, T1611
Objective
Map container and cluster misconfigurations with exploit relevance.
Required Workflow
- Validate scope before any active action and reject out-of-scope targets.
- Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
- Write findings in canonical finding_schema format with reproducible PoC notes.
- Honor dry-run mode and require explicit --i-have-authorization for live execution.
- Export deterministic artifacts for downstream skill consumption.
Execution
python skills/pentest-container-k8s/scripts/container_k8s.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run
Outputs
container-findings.jsonk8s-rbac-risks.jsonk8s-report.json
References
references/tools.mdskills/autonomous-pentester/shared/scope_schema.jsonskills/autonomous-pentester/shared/finding_schema.json
Legal and Ethical Notice
WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.
Source
git clone https://github.com/0x-Professor/Agent-Skills-Hub/blob/main/skills/pentest-container-k8s/SKILL.mdView on GitHub Overview
pentest-container-k8s evaluates Docker and Kubernetes security controls to uncover RBAC abuse vectors, container breakout risks, and secret exposure. It maps container and cluster misconfigurations to exploit relevance and produces reproducible findings for remediation.
How This Skill Works
The skill runs a Python tool (container_k8s.py) that validates the test scope, executes only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK, and outputs findings and PoCs in a canonical format. It supports a dry-run mode and requires explicit --i-have-authorization for live tests, exporting artifacts like container-findings.json, k8s-rbac-risks.json, and k8s-report.json.
When to Use It
- During a containerized app security assessment to verify RBAC and secret exposure controls
- When validating Kubernetes RBAC configurations and service accounts before production deployment
- In red-team/blue-team exercises with authorized targets focusing on privilege escalation paths
- For environments with sensitive data in containers that may be exposed via secrets
- To map misconfigurations against MITRE ATT&CK techniques such as T1610, T1611
Quick Start
- Step 1: Prepare scope.json and target details
- Step 2: Run the tool: python skills/pentest-container-k8s/scripts/container_k8s.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run
- Step 3: Review container-findings.json, k8s-rbac-risks.json, and k8s-report.json and plan remediations
Best Practices
- Obtain written authorization and clearly scope the targets before testing
- Run in dry-run mode first to avoid live impact
- Capture reproducible PoC notes and map findings to the canonical finding_schema
- Export deterministic artifacts (container-findings.json, k8s-rbac-risks.json, k8s-report.json) for downstream use
- Review results against PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK mappings
Example Use Cases
- An RBAC misconfiguration allowed a non-admin service account to create cluster roles, enabling privilege escalation
- Secrets mounted in environment variables or config maps were exposed in pod specs or logs
- A privileged pod with hostPath access enabled container breakout from the pod into the host
- Kubernetes token exposure through insecure API access or leaked service account tokens
- Misconfigured imagePullSecrets or secret management led to sensitive data leakage on nodes
Frequently Asked Questions
Add this skill to your agents
