avolens / kubefuzz
Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.
☆71Updated last year
Related projects: ⓘ
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆56Updated 6 months ago
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆78Updated 7 months ago
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆64Updated 9 months ago
- insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.☆49Updated 2 years ago
- ☆15Updated 2 months ago
- ☆90Updated 4 months ago
- ☆24Updated 4 months ago
- Kubernetes offensive framework built in eBPF☆34Updated last year
- Correlates serviceaccounts and pods to the permissions granted to them via rolebindings and clusterrolesbindings.☆34Updated 2 years ago
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆110Updated last year
- ☆19Updated 5 months ago
- A simple mitmproxy blueprint to intercept HTTPS traffic from app running on Kubernetes☆62Updated 2 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆56Updated last year
- Format agnostic SBOM tooling☆63Updated this week
- Kubernetes Unhinged Shell 😎☆46Updated last year
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆76Updated this week
- Kubernetes audit logging, when you don't control the control plane☆64Updated this week
- Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.☆19Updated last year
- PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…☆65Updated last year
- ☆51Updated 6 months ago
- boostsecurityio/lotp☆97Updated 5 months ago
- ☆85Updated this week
- ☆82Updated 2 months ago
- ☆163Updated 2 months ago
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆131Updated this week
- a tool to audit the istio service mesh☆173Updated 2 years ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆37Updated 11 months ago
- A beginner-friendly CTF about Kubernetes security.☆76Updated 2 years ago
- A repository to store Rad Fingerprinting data.☆23Updated last month
- Modron - Cloud security compliance☆32Updated 10 months ago