Kdigger Kubernetes渗透测试工具

Kdigger 即 "Kubernetes digger" 的简称，是用于 Kubernetes 渗透测试的上下文发现工具。

此工具主要用来加速渗透测试过程，可以通过调用mount命令或执行ls /dev列出 dev 中存在的所有设备。

示例

$ kdigger dig dev
### DEVICES ###
Comment: 16 devices are available.
+-------------+-------+----------------------+-----------------+
|     MODE    | ISDIR |        MODTIME       |       NAME      |
+-------------+-------+----------------------+-----------------+
| Lrwxrwxrwx  | false | 2021-10-11T07:32:14Z | core            |
| Lrwxrwxrwx  | false | 2021-10-11T07:32:14Z | fd              |
| Dcrw-rw-rw- | false | 2021-10-11T07:32:14Z | full            |
| dtrwxrwxrwx | true  | 2021-10-11T07:31:54Z | mqueue          |
| Dcrw-rw-rw- | false | 2021-10-11T07:32:14Z | null            |
| Lrwxrwxrwx  | false | 2021-10-11T07:32:14Z | ptmx            |
| drwxr-xr-x  | true  | 2021-10-11T07:32:14Z | pts             |
| Dcrw-rw-rw- | false | 2021-10-11T07:32:14Z | random          |
| dtrwxrwxrwx | true  | 2021-10-11T07:31:54Z | shm             |
| Lrwxrwxrwx  | false | 2021-10-11T07:32:14Z | stderr          |
| Lrwxrwxrwx  | false | 2021-10-11T07:32:14Z | stdin           |
| Lrwxrwxrwx  | false | 2021-10-11T07:32:14Z | stdout          |
| -rw-rw-rw-  | false | 2021-10-11T07:32:14Z | termination-log |
| Dcrw-rw-rw- | false | 2021-10-11T07:32:14Z | tty             |
| Dcrw-rw-rw- | false | 2021-10-11T07:32:14Z | urandom         |
| Dcrw-rw-rw- | false | 2021-10-11T07:32:14Z | zero            |
+-------------+-------+----------------------+-----------------+

$ kdigger dig authorization
### AUTHORIZATION ###
Comment: Checking current context/token permissions in the "default" namespace.
+---------------------------------+-----------------+----------------+----------+
|            RESOURCES            | NONRESOURCEURLS | RESSOURCENAMES |   VERBS  |
+---------------------------------+-----------------+----------------+----------+
| selfsubjectaccessreviews.author | []              | []             | [create] |
| ization.k8s.io                  |                 |                |          |
| selfsubjectrulesreviews.authori | []              | []             | [create] |
| zation.k8s.io                   |                 |                |          |
|                                 | [/api/*]        | []             | [get]    |
|                                 | [/api]          | []             | [get]    |
|                                 | [/apis/*]       | []             | [get]    |
|                                 | [/apis]         | []             | [get]    |
|                                 | [/healthz]      | []             | [get]    |
|                                 | [/healthz]      | []             | [get]    |
|                                 | [/livez]        | []             | [get]    |
|                                 | [/livez]        | []             | [get]    |
|                                 | [/openapi/*]    | []             | [get]    |
|                                 | [/openapi]      | []             | [get]    |
|                                 | [/readyz]       | []             | [get]    |
|                                 | [/readyz]       | []             | [get]    |
|                                 | [/version/]     | []             | [get]    |
|                                 | [/version/]     | []             | [get]    |
|                                 | [/version]      | []             | [get]    |
|                                 | [/version]      | []             | [get]    |
| apiservices                     | []              | []             | [list]   |
| namespaces                      | []              | []             | [list]   |
| apiservices.apiregistration.k8s | []              | []             | [list]   |
| .io                             |                 |                |          |
| namespaces.apiregistration.k8s. | []              | []             | [list]   |
| io                              |                 |                |          |
+---------------------------------+-----------------+----------------+----------+