View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005756Kali LinuxNew Tool Requestspublic2019-10-26 07:212020-01-13 13:47
Reporteraveronesis Assigned To 
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status closedResolutionreopened 
Summary0005756: Kubolt - scanning public kubernetes clusters
Description

Hello,
I would like to request on addition Kubolt utility to the Kali default packages.
Why? - because at the moment Kali doesn't have offensive tool to attack k8s clusters.
You can examine my tool on github - https://github.com/averonesis/kubolt
Let me know if I need make any changes to the tool/code.

Activities

averonesis

averonesis

2019-10-26 07:29

reporter   ~0011224

g0tmi1k

g0tmi1k

2020-01-13 13:27

administrator   ~0011886

Nice tool - but we can't have that depancy with Shodan (how would you edit your API key when its packaged up?)

A lot of this could be repeated with a bit of cURL and bash loops too
averonesis

averonesis

2020-01-13 13:40

reporter   ~0011895

Hello, @g0tmilk
What if I add a key to start with requirement to fill own Shodan API key?
And I'm not fully agree with bash scripting is the same, because kubolt is actually automate two processes:

  • look for potentially vulnerable servers in Shodan
  • check for vulnerability exploitation
    So, this could be highly useful if you start pentest some company and you know their ASN, for example :)
    Anyway, I know that recon-ng tool also have ability to input Shodan API key to perform scans - agree, this is not the same, but it's also have dependency on shodan in some way...
    And today I think every pentester has Shodan API key, as well as Shodan provide a free limited API key.

Thank you.
g0tmi1k

g0tmi1k

2020-01-13 13:42

administrator   ~0011897

The sole input can't be from an online service (such as Shodan).
Manual import would be required.
averonesis

averonesis

2020-01-13 13:45

reporter   ~0011899

ok, if I add a new feature as scan from list of IPs - kubolt would be accepted, right?

g0tmi1k

g0tmi1k

2020-01-13 13:47

administrator   ~0011902

Last edited: 2020-01-13 13:47

Sure =)

Issue History

Date Modified Username Field Change
2019-10-26 07:21 averonesis New Issue
2019-10-26 07:29 averonesis Note Added: 0011224
2019-10-28 14:07 g0tmi1k Summary Add kubolt to kali => kubolt - Kubolt utility for scanning public kubernetes clusters
2019-10-28 14:07 g0tmi1k Summary kubolt - Kubolt utility for scanning public kubernetes clusters => Kubolt - scanning public kubernetes clusters
2019-10-28 16:01 g0tmi1k Severity minor => feature
2019-10-28 16:01 g0tmi1k Status new => assigned
2020-01-06 13:07 g0tmi1k Status assigned => acknowledged
2020-01-06 13:13 g0tmi1k Status acknowledged => new
2020-01-06 13:13 g0tmi1k Category Queued Tool Addition => New Tool Requests
2020-01-13 13:27 g0tmi1k Note Added: 0011886
2020-01-13 13:28 g0tmi1k Status new => closed
2020-01-13 13:28 g0tmi1k Resolution open => won't fix
2020-01-13 13:40 averonesis Status closed => feedback
2020-01-13 13:40 averonesis Resolution won't fix => reopened
2020-01-13 13:40 averonesis Note Added: 0011895
2020-01-13 13:42 g0tmi1k Note Added: 0011897
2020-01-13 13:43 g0tmi1k Status feedback => closed
2020-01-13 13:45 averonesis Status closed => feedback
2020-01-13 13:45 averonesis Note Added: 0011899
2020-01-13 13:47 g0tmi1k Note Added: 0011902
2020-01-13 13:47 g0tmi1k Status feedback => closed
2020-01-13 13:47 g0tmi1k Note Edited: 0011902