avolens / kubefuzz

Related projects: ⓘ

• wiz-sec-public / namespacehound
  NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.
  ☆56Updated 6 months ago
• blackberry / Falco-bypasses
  Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).
  ☆78Updated 7 months ago
• bgeesaman / malicious-compliance
  Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"
  ☆64Updated 9 months ago
• nccgroup / insject
  insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.
  ☆49Updated 2 years ago
• jp-gouin / multi-cluster-supply-chain
  ☆15Updated 2 months ago
• raesene / container-security-site
  ☆90Updated 4 months ago
• raesene / eathar
  ☆24Updated 4 months ago
• yasindce1998 / KubeDagger
  Kubernetes offensive framework built in eBPF
  ☆34Updated last year
• twistlock / sa-hunter
  Correlates serviceaccounts and pods to the permissions granted to them via rolebindings and clusterrolesbindings.
  ☆34Updated 2 years ago
• controlplaneio / truffleproc
  truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)
  ☆110Updated last year
• raesene / Cloud-Native-Security-Talks
  ☆19Updated 5 months ago
• ofirc / k8s-sniff-https
  A simple mitmproxy blueprint to intercept HTTPS traffic from app running on Kubernetes
  ☆62Updated 2 months ago
• Rezonate-io / github-oidc-checker
  Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts
  ☆56Updated last year
• bomctl / bomctl
  Format agnostic SBOM tooling
  ☆63Updated this week
• krisnova / kush
  Kubernetes Unhinged Shell 😎
  ☆46Updated last year
• bullfrogsec / bullfrog
  Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows
  ☆76Updated this week
• RichardoC / kube-audit-rest
  Kubernetes audit logging, when you don't control the control plane
  ☆64Updated this week
• praetorian-inc / konstellation
  Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.
  ☆19Updated last year
• wiz-sec-public / peach-framework
  PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…
  ☆65Updated last year
• chainguard-dev / justtrustme
  ☆51Updated 6 months ago
• boostsecurityio / lotp
  boostsecurityio/lotp
  ☆97Updated 5 months ago
• google / osv-scalibr
  ☆85Updated this week
• redcanaryco / ebpfmon
  ☆82Updated 2 months ago
• WithSecureLabs / IceKube
  ☆163Updated 2 months ago
• synacktiv / octoscan
  Octoscan is a static vulnerability scanner for GitHub action workflows.
  ☆131Updated this week
• praetorian-inc / snowcat
  a tool to audit the istio service mesh
  ☆173Updated 2 years ago
• hashicorp-forge / semgrep-rules
  HashiCorp-relevant rules for the Semgrep code analysis tool
  ☆37Updated 11 months ago
• quarkslab / minik8s-ctf
  A beginner-friendly CTF about Kubernetes security.
  ☆76Updated 2 years ago
• rad-security / fingerprints
  A repository to store Rad Fingerprinting data.
  ☆23Updated last month
• nianticlabs / modron
  Modron - Cloud security compliance
  ☆32Updated 10 months ago