Welcome Kubernetes-Goat

Author: madhuakula

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Madhu Akula
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,47 @@
+#!/bin/bash
+# Author: Madhu Akula
+# This program has been created as part of Kuberentes Goat
+# Kuberentes Goat Access vulnerable infrastrcuture 
+
+# Checking kubectl setup
+kubectl version --short > /dev/null 2>&1 
+if [ $? -eq 0 ];
+then
+    echo "kubectl setup looks good."
+else 
+    echo "Please check kubectl setup."
+    exit;
+fi
+
+echo 'Creating port forward for all the Kubernetes Goat resources to locally. We will be using 1230 to 1236 ports locally!'
+
+# Exposing Sensitive keys in code bases Scenario
+export POD_NAME=$(kubectl get pods --namespace default -l "app=build-code" -o jsonpath="{.items[0].metadata.name}")
+kubectl port-forward $POD_NAME 1230:3000 > /dev/null 2>&1 & 
+
+# Exposing DIND(docker-in-docker) exploitation Scenario
+export POD_NAME=$(kubectl get pods --namespace default -l "app=health-check" -o jsonpath="{.items[0].metadata.name}")
+kubectl port-forward $POD_NAME 1231:80 > /dev/null 2>&1 & 
+
+# Exposing SSRF in K8S world Scenario
+export POD_NAME=$(kubectl get pods --namespace default -l "app=internal-proxy" -o jsonpath="{.items[0].metadata.name}")
+kubectl port-forward $POD_NAME 1232:3000 > /dev/null 2>&1 & 
+
+# Exposing Container escape to access host system Scenario
+export POD_NAME=$(kubectl get pods --namespace default -l "app=system-monitor" -o jsonpath="{.items[0].metadata.name}")
+kubectl port-forward $POD_NAME 1233:8080 > /dev/null 2>&1 & 
+
+# Exposing Kubernetes Goat Home
+export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=kubernetes-goat-home" -o jsonpath="{.items[0].metadata.name}")
+kubectl port-forward $POD_NAME 1234:80 > /dev/null 2>&1 & 
+
+# Exposing Attacking private registry Scenario
+export POD_NAME=$(kubectl get pods --namespace default -l "app=poor-registry" -o jsonpath="{.items[0].metadata.name}")
+kubectl port-forward $POD_NAME 1235:5000 > /dev/null 2>&1 & 
+
+# Exposing Attacking private registry Scenario
+export POD_NAME=$(kubectl get pods --namespace default -l "app=hunger-check" -o jsonpath="{.items[0].metadata.name}")
+kubectl port-forward $POD_NAME 1236:8080 > /dev/null 2>&1 & 
+
+
+echo "Visit http://127.0.0.1:1234 to get started with your Kuberenetes Goat hacking!"

access-kubernetes-goat.sh

@@ -0,0 +1 @@
+book

guide/.gitignore

@@ -0,0 +1,6 @@
+[book]
+authors = ["Madhu Akula"]
+language = "en"
+multilingual = false
+src = "src"
+title = "Kubernetes Goat"