Detects Kubernetes container escape attempts by checking privileged mode, dangerous capabilities, host namespace sharing, risky hostPath mounts, and cgroup abuses like CVE-2022-0492 using Python Kubernetes client. For auditing cluster security.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
审计 Kubernetes Pod 的容器逃逸向量,包括特权模式(Privileged Mode)、危险能力(Dangerous Capabilities)、宿主机命名空间共享和可写的 hostPath 挂载。
Audits Kubernetes pods for container escape vectors including privileged containers, dangerous capabilities, host mounts, namespace sharing, and cgroup vulnerabilities using Python client.
Detects Kubernetes container escape attempts via privileged checks, dangerous capabilities, host mounts, namespaces, and cgroup abuse using Python client. For security audits and investigations.
Detects container escape attempts using Falco rules for privileged access, Docker socket mounts, sensitive paths, namespace changes, and auditd in Docker and Kubernetes.
Share bugs, ideas, or general feedback.
审计 Kubernetes Pod 的容器逃逸向量,包括特权模式(Privileged Mode)、危险能力(Dangerous Capabilities)、宿主机命名空间共享和可写的 hostPath 挂载。
from kubernetes import client, config
config.load_kube_config()
v1 = client.CoreV1Api()
pods = v1.list_pod_for_all_namespaces()
for pod in pods.items:
for container in pod.spec.containers:
sc = container.security_context
if sc and sc.privileged:
print(f"特权容器: {pod.metadata.namespace}/{pod.metadata.name}")
主要逃逸向量:
# 检查 Docker socket 挂载
for vol in pod.spec.volumes or []:
if vol.host_path and "docker.sock" in (vol.host_path.path or ""):
print(f"暴露的 Docker socket:{pod.metadata.name}")