Init of Kubesploit code

Author: g3rzi

.gitattributes

@@ -1,20 +1,23 @@
-FROM golang:stretch
+FROM golang:1.14.15-alpine3.13 as builder
+
 
 # Build the Docker image first
 #  > sudo docker build -t merlin .
 
 # To start the Merlin Server, run
 #  > sudo docker run -it -p 443:443 --mount type=bind,src=/tmp,dst=/go/src/github.com/Ne0nd0g/merlin/data merlin
 
-RUN apt-get update && apt-get install -y git make vim gcc-mingw-w64
-WORKDIR $GOPATH/src/github.com/Ne0nd0g
-RUN git clone https://github.com/Ne0nd0g/merlin
 
-WORKDIR $GOPATH/src/github.com/Ne0nd0g/merlin
-RUN go mod download
-RUN make generate-agents
+RUN mkdir /src
+ADD . /src
+WORKDIR /src
+
 
-VOLUME ["data"]
-EXPOSE 443
+RUN apk update && apk upgrade && apk add bash && apk add vim && go get github.com/mitchellh/gox
+# RUN gox -ldflags "-s -w" -osarch linux/386 -output "merlin"
+RUN go build cmd/merlinserver/main.go
+#FROM alpine:latest
+#COPY --from=builder /src/merlin /app/
+#WORKDIR /app
 
-CMD ["go", "run", "cmd/merlinserver/main.go"]
+#ENTRYPOINT ["bash -c /src/merlin"]

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,4 +1,6 @@
-GNU GENERAL PUBLIC LICENSE
+Copyright (c) 2021 CyberArk Software Ltd. All rights reserved.
+
+                    GNU GENERAL PUBLIC LICENSE
                        Version 3, 29 June 2007
 
  Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
@@ -618,4 +620,57 @@ an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
 
-                     END OF TERMS AND CONDITIONS
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    {one line to give the program's name and a brief idea of what it does.}
+    Copyright (c) 2020 CyberArk Software Ltd. All rights reserved.
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    kubesploit Copyright (c) 2020 CyberArk Software Ltd. All rights reserved.
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.

.gitignore

@@ -0,0 +1,53 @@
+# Modules Mitigations
+<table>
+  <tbody>
+	<tr>
+	  <th>Module </th>
+	  <th align="center">Description</th>
+	  <th align="center">Mitigation</th>
+	</tr>
+	<tr>
+	  <td>
+		 Mount Container Breakout
+	  </td>
+	  <td align="left">         
+		  Can be exploit on privileged containers or containers with privilege to mount.  <br>
+		  Creates mount from the container to the host and has access to the host files.  <br>
+	  </td>
+	  <td align="left" >Reduce container privileges. Prevent creation of privileged containers or with the permissions to mount.</td>
+	</tr>
+	<tr>
+	  <td>
+		 docker.sock Breakout
+	  </td>
+	  <td align="left">         
+		  Can be exploit on containers with docker.sock mounted.  <br>
+		  It uses docker.sock to create new vulnerable (privileged, with mounts, etc.) container and escape to the host.  <br>
+	  </td>
+	  <td align="left" >Prevent creating containers with docker.sock mounted.</td>
+	</tr>	
+	<tr>
+	  <td>
+		 runC (CVE-2019-5736) Breakout
+	  </td>
+	  <td align="left">         
+		  This module exploit vulnerable runC to escape to the host.  <br>
+	  </td>
+	  <td align="left" >Make sure to have updated runC version (>1.0.0-rc6).</td>
+	</tr>	
+    <tr>
+      <td>
+         Kubelet attack
+      </td>
+      <td align="left">         
+          Some Kubernetes cluster might have nodes with Kubelet open for anonymous requests. <br>
+          This module exploit this by listing the pods vulnerable for RCE, run commands inside them and scan the service account tokens from all the pods. <br>
+      </td>
+      <td align="left" >Make sure that all the kubelets have the config file `/var/lib/kubelet/config.yaml` with the following: <br> 
+       1. No allowing anonymous request: `authentication: anonymous: enabled: false`.  <br>
+       2. Preventing authorization to anyone: `authorization: mode:` NOT set with AlwaysAllow. <br>
+       </td>
+    </tr>	
+    
+  </tbody>
+</table>