kubernetes-pentesting
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous shell commands for manipulating Kubernetes resources, including a high-risk payload for creating a privileged pod that uses 'nsenter' to gain full root access to the host node's namespaces.
- [CREDENTIALS_UNSAFE]: Detailed instructions are included for harvesting sensitive credentials from multiple sources, including Kubernetes Service Account tokens from the filesystem, cloud provider IAM credentials from metadata services (AWS IMDS, GKE Metadata, Azure IMDS), and Docker registry pull secrets.
- [DATA_EXFILTRATION]: Techniques are documented for dumping secrets directly from the etcd database and programmatically listing all secrets via the Kubernetes API.
- [EXTERNAL_DOWNLOADS]: The documentation references and recommends the use of external exploitation tools such as kube-hunter, peirates, kubesploit, and CDK, which are common utilities for Kubernetes-focused attacks.
Audit Metadata