Hacker Container is a simple alpine based docker container with commonly used tools and utilities while performing security assessments for containerised and Kuberentes cluster environments.
The repository and project information can be found here https://github.com/madhuakula/hacker-container
While performing and testing container or Kubernetes infrastructure, I always have to install some common tools inside a container to perform further exploitation and later movement with in the cluster.
To give an example, I have found redis service within the cluster without any authentication and network security policies. So I had to install and setup redis-cli to communicate and see what more data I can get from the server.
In another case, I wanted to understand what all privileges and capabilities I had for the container. So I end up running amicontained or capsh --print
Having multiple tools and processes running in a single container is not a good approach in real-world. This container is not for running production workloads or real-world applications.
- Consider that we want to perform a white box security assessment of Kubernetes cluster, and we got one pod access with limited privileges in the cluster. In this scenario we can use this container as an attacker, with all the utilities to perform assessment and understand cluster environment. Similarly in black box assessments as well, it helps you with all the utilities in a single place to perform further exploitation
- Also, there could be an usecase where your cluster doesn’t have internet access and wanted to perform specific assessment. You end up downloading required tools and build it from scratch with all the requirements. Hence using this container helps you to gain more time in identifying and exploiting vulnerabilities in the infrastructure instead of investing time in setup
There are almost nearly 50 commonly used tools and utilities for hackers, security researchers and penetration testers. The detailed list of tools can be found at https://github.com/madhuakula/hacker-container/blob/master/list.todo
The idea behind these tools is not to add all of them and making a big fat container. But just adding useful utilities or commonly highly required tools while performing containerised security assessments.
The simplest way to get started with Hacker container is trying out the container in Play With Docker
- Just run the following command to explore in the docker container environments
docker run --rm -it madhuakula/hacker-container
- To deploy as a Pod in Kubernetes cluster run the following command
kubectl run -it hacker-container --image=madhuakula/hacker-container
This container can be used in different ways in different environments, it aids your penetration testing or security assessments of container and Kubernetes cluster environments.