CyberArk Labs has launched a new open source tool, named Kubesploit, for testing the security of Kubernetes environments. The tool is a full framework built to help penetration testers and Red Teamers in performing an in-depth test to mimic real world attack scenarios that threaten many organizations worldwide.
The CyberArk Labs team already has two open-source tools (KubiScan and kubeletctl) related to Kubernetes, and it wanted to create additional tools for these environments. “Instead of creating a project for each one, we thought it would be better to create a single, centralized tool, which was the genesis for Kubesploit,” Eviatar Gerzi from CyberArk Labs said in a blog post.
Kubesploit is a framework written in Golang and builds on top of the Merlin project (by Russel Van Tuyl), a cross-platform post-exploitation HTTP/2 Command & Control server and agent.
Merlin also has a way to add new modules dynamically that allow us to create relevant modules for Kubernetes.
The team added Go Interpreter named “Yaegi” to Kubesploit. With this capability, it is possible to write new Golang modules on the fly and run them while the agent is still running. Supporting the run of Golang code can allow writing complex code and integrate exploits written already in Go.
It also makes it easier for the open-source community to contribute new modules, and the fact that Kubernetes was also written in Golang could allow easier integration of related pieces of code.