Kubernetes Pentesting

Name: Kubernetes Pentesting
Author: yaklang

yaklang/hack-skills

Run a structured Kubernetes penetration test covering API access, RBAC, service accounts, etcd, Kubelet, cloud metadata, and admission bypass paths.

Overview

Kubernetes Pentesting is an agent skill for the Ship phase that provides an expert attack playbook for API server, RBAC, workload, and cloud-metadata abuse against Kubernetes clusters.

Install

npx skills add https://github.com/yaklang/hack-skills --skill kubernetes-pentesting

What is this skill?

API server anonymous access checks and authenticated enumeration patterns
RBAC namespace-scoped vs cluster-scoped escalation guidance
Service account token abuse, etcd secret extraction, and Kubelet API angles
Cloud IMDS paths for EKS, GKE, and AKS from compromised workloads
Cross-links to container escape, Linux privesc, lateral movement, and SSRF-to-API routes
Playbook sections include API server, RBAC, service accounts, etcd, Kubelet, cloud IMDS, admission webhooks, and network
Related routing lists 5 companion skills for escape, privesc, lateral movement, security bypass, and SSRF

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.1k installs on skills.sh; 980 GitHub stars; 0/3 security scanners passed (skills.sh audits).

What problem does it solve?

You host on Kubernetes but lack a repeatable way to find RBAC gaps, token leaks, and control-plane exposure before attackers do.

Who is it for?

Indie operators running K8s in production who want agent-guided pentest steps during pre-launch review or post-incident verification.

Skip if: Serverless-only deployments with no cluster access model, or builders who only need kubectl deploy tutorials without threat modeling.

When should I use this skill?

Targeting Kubernetes clusters via API server, RBAC, service accounts, etcd, Kubelet, pod escape, cloud metadata, admission webhooks, or registry secrets.

What do I get? / Deliverables

You work through prioritized cluster attack paths with linked follow-on skills for escape, privesc, and lateral movement on confirmed findings.

Enumerated attack surface map
Documented RBAC and token abuse findings
Pivot plan to container-escape or Linux privesc skills when needed

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Primary fit

Cluster attack playbooks belong in Ship security review before you expose workloads—or after a compromise during Operate hardening. Canonical shelf is ship/security because the playbook enumerates offensive validation of RBAC, control plane exposure, and pod-level escape chains.

Also useful

OperateInfrastructure & cost

How it compares

Offensive cluster playbook—not a Helm hardening chart or managed Kubernetes setup wizard.

Common Questions / FAQ

Who is kubernetes-pentesting for?

Solo and small-team builders responsible for their own Kubernetes security testing and incident response on authorized clusters.

When should I use kubernetes-pentesting?

During Ship security review before go-live, or Operate when validating suspected RBAC or service-account compromise in staging or production.

Is kubernetes-pentesting safe to install?

Treat it as authorized offensive content; check the Security Audits panel on this page and never aim these steps at clusters you do not own or have written permission to test.

SKILL.md

READMESKILL.md - Kubernetes Pentesting

# SKILL: Kubernetes Pentesting — Expert Attack Playbook

> **AI LOAD INSTRUCTION**: Expert Kubernetes attack techniques. Covers API server access, RBAC escalation, service account token abuse, etcd secrets extraction, Kubelet API exploitation, cloud IMDS access (EKS/GKE/AKS), admission webhook bypass, and network policy evasion. Base models miss the distinction between namespace-scoped and cluster-scoped RBAC, and overlook Kubelet's unauthenticated API.

## 0. RELATED ROUTING

Before going deep, consider loading:

- [container-escape-techniques](../container-escape-techniques/SKILL.md) for escaping from a compromised pod to the underlying node
- [linux-privilege-escalation](../linux-privilege-escalation/SKILL.md) once on a node for escalating to root
- [linux-lateral-movement](../linux-lateral-movement/SKILL.md) for pivoting between nodes
- [linux-security-bypass](../linux-security-bypass/SKILL.md) when Pod Security Standards or seccomp profiles restrict your actions
- [ssrf-server-side-request-forgery](../ssrf-server-side-request-forgery/SKILL.md) when exploiting SSRF to reach the K8s API or cloud metadata

---

## 1. K8S API SERVER ACCESS

### 1.1 Anonymous Access Check

```bash
# Check if anonymous auth is enabled (default: limited in modern clusters)
curl -sk https://APISERVER:6443/api/v1/namespaces
curl -sk https://APISERVER:6443/version
curl -sk https://APISERVER:6443/api
curl -sk https://APISERVER:6443/apis

# Common API server ports:
# 6443 — secure API (default)
# 8443 — alternative secure
# 8080 — insecure API (legacy, no auth needed)
```

### 1.2 Token-Based Authentication (from inside pod)

```bash
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
CACERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
APISERVER="https://kubernetes.default.svc"

curl -s --cacert $CACERT -H "Authorization: Bearer $TOKEN" \
  $APISERVER/api/v1/namespaces/$NAMESPACE/pods
```

### 1.3 Certificate / Kubeconfig Authentication

```bash
# Common kubeconfig locations: ~/.kube/config, /etc/kubernetes/admin.conf,
# /etc/kubernetes/kubelet.conf, /var/lib/kubelet/kubeconfig
kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods --all-namespaces
```

---

## 2. RBAC ENUMERATION

### 2.1 Self-Permission Check

```bash
# What can I do?
kubectl auth can-i --list
kubectl auth can-i --list -n kube-system

# Specific checks
kubectl auth can-i create pods
kubectl auth can-i create pods -n kube-system
kubectl auth can-i get secrets
kubectl auth can-i '*' '*'     # Full cluster admin?

# Via API (from inside pod):
curl -s --cacert $CACERT -H "Authorization: Bearer $TOKEN" \
  $APISERVER/apis/authorization.k8s.io/v1/selfsubjectrulesreviews \
  -H "Content-Type: application/json" \
  -d "{\"apiVersion\":\"authorization.k8s.io/v1\",\"kind\":\"SelfSubjectRulesReview\",\"spec\":{\"namespace\":\"$NAMESPACE\"}}"
```

### 2.2 Role and ClusterRole Enumeration

```bash
kubectl get roles --all-namespaces && kubectl get clusterroles
kubectl describe clusterrole CLUSTER_ROLE_NAME

# Find overprivileged roles (wildcard verbs/resources):
kubectl get clusterroles -o json | python3 -c 'import sys,json;data=json.load(sys.stdin);[print(f"OVERPRIVILEGED: {r[\"metadata\"][\"name\"]}") for r in data["items"] for rule in r.get("rules",[]) if "*" in rule.get("verbs",[]) or "*" in rule.get("resources",[])]'
```

### 2.3 Dangerous RBAC Permissions

| Permission | Risk | Escalation Path |
|---|---|---|
| `pods/exec` | **Critical** | Exec into any pod (access secrets, tokens) |
| `pods` (create) | **Critical** | Create privileged pod → node access |
| `secrets` (get/list) | **Critical** | Rea

What is this skill?

API server anonymous access checks and authenticated enumeration patterns

RBAC namespace-scoped vs cluster-scoped escalation guidance

Service account token abuse, etcd secret extraction, and Kubelet API angles

Cloud IMDS paths for EKS, GKE, and AKS from compromised workloads

Cross-links to container escape, Linux privesc, lateral movement, and SSRF-to-API routes

Playbook sections include API server, RBAC, service accounts, etcd, Kubelet, cloud IMDS, admission webhooks, and network

Related routing lists 5 companion skills for escape, privesc, lateral movement, security bypass, and SSRF

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.1k installs on skills.sh; 980 GitHub stars; 0/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

Also useful

OperateInfrastructure & cost

SKILL.md

READMESKILL.md - Kubernetes Pentesting

# SKILL: Kubernetes Pentesting — Expert Attack Playbook

> **AI LOAD INSTRUCTION**: Expert Kubernetes attack techniques. Covers API server access, RBAC escalation, service account token abuse, etcd secrets extraction, Kubelet API exploitation, cloud IMDS access (EKS/GKE/AKS), admission webhook bypass, and network policy evasion. Base models miss the distinction between namespace-scoped and cluster-scoped RBAC, and overlook Kubelet's unauthenticated API.

## 0. RELATED ROUTING

Before going deep, consider loading:

- [container-escape-techniques](../container-escape-techniques/SKILL.md) for escaping from a compromised pod to the underlying node
- [linux-privilege-escalation](../linux-privilege-escalation/SKILL.md) once on a node for escalating to root
- [linux-lateral-movement](../linux-lateral-movement/SKILL.md) for pivoting between nodes
- [linux-security-bypass](../linux-security-bypass/SKILL.md) when Pod Security Standards or seccomp profiles restrict your actions
- [ssrf-server-side-request-forgery](../ssrf-server-side-request-forgery/SKILL.md) when exploiting SSRF to reach the K8s API or cloud metadata

---

## 1. K8S API SERVER ACCESS

### 1.1 Anonymous Access Check

```bash
# Check if anonymous auth is enabled (default: limited in modern clusters)
curl -sk https://APISERVER:6443/api/v1/namespaces
curl -sk https://APISERVER:6443/version
curl -sk https://APISERVER:6443/api
curl -sk https://APISERVER:6443/apis

# Common API server ports:
# 6443 — secure API (default)
# 8443 — alternative secure
# 8080 — insecure API (legacy, no auth needed)
```

### 1.2 Token-Based Authentication (from inside pod)

```bash
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
CACERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
APISERVER="https://kubernetes.default.svc"

curl -s --cacert $CACERT -H "Authorization: Bearer $TOKEN" \
  $APISERVER/api/v1/namespaces/$NAMESPACE/pods
```

### 1.3 Certificate / Kubeconfig Authentication

```bash
# Common kubeconfig locations: ~/.kube/config, /etc/kubernetes/admin.conf,
# /etc/kubernetes/kubelet.conf, /var/lib/kubelet/kubeconfig
kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods --all-namespaces
```

---

## 2. RBAC ENUMERATION

### 2.1 Self-Permission Check

```bash
# What can I do?
kubectl auth can-i --list
kubectl auth can-i --list -n kube-system

# Specific checks
kubectl auth can-i create pods
kubectl auth can-i create pods -n kube-system
kubectl auth can-i get secrets
kubectl auth can-i '*' '*'     # Full cluster admin?

# Via API (from inside pod):
curl -s --cacert $CACERT -H "Authorization: Bearer $TOKEN" \
  $APISERVER/apis/authorization.k8s.io/v1/selfsubjectrulesreviews \
  -H "Content-Type: application/json" \
  -d "{\"apiVersion\":\"authorization.k8s.io/v1\",\"kind\":\"SelfSubjectRulesReview\",\"spec\":{\"namespace\":\"$NAMESPACE\"}}"
```

### 2.2 Role and ClusterRole Enumeration

```bash
kubectl get roles --all-namespaces && kubectl get clusterroles
kubectl describe clusterrole CLUSTER_ROLE_NAME

# Find overprivileged roles (wildcard verbs/resources):
kubectl get clusterroles -o json | python3 -c 'import sys,json;data=json.load(sys.stdin);[print(f"OVERPRIVILEGED: {r[\"metadata\"][\"name\"]}") for r in data["items"] for rule in r.get("rules",[]) if "*" in rule.get("verbs",[]) or "*" in rule.get("resources",[])]'
```

### 2.3 Dangerous RBAC Permissions

| Permission | Risk | Escalation Path |
|---|---|---|
| `pods/exec` | **Critical** | Exec into any pod (access secrets, tokens) |
| `pods` (create) | **Critical** | Create privileged pod → node access |
| `secrets` (get/list) | **Critical** | Rea

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is kubernetes-pentesting for?

When should I use kubernetes-pentesting?

Is kubernetes-pentesting safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is kubernetes-pentesting for?

When should I use kubernetes-pentesting?

Is kubernetes-pentesting safe to install?

SKILL.md