├── .flake8 ├── .github └── workflows │ └── lint.yml ├── .gitignore ├── .isort.cfg ├── LICENSE.md ├── README.md ├── docker-compose.yml ├── docs ├── .gitkeep ├── ACCESS_POD.md ├── ACCESS_SECRET.md ├── AZURE_POD_IDENTITY_EXCEPTION.md ├── BOUND_TO.md ├── CAN_ACCESS_DANGEROUS_HOST_PATH.md ├── CAN_ACCESS_HOST_FD.md ├── CAN_CGROUP_BREAKOUT.md ├── CAN_EXEC_THROUGH_KUBELET.md ├── CAN_IMPERSONATE.md ├── CAN_LOAD_KERNEL_MODULES.md ├── CAN_NSENTER_HOST.md ├── CREATE_POD_WITH_SA.md ├── CREATE_PRIVILEGED_WORKLOAD.md ├── CREATE_SECRET_WITH_TOKEN.md ├── DEBUG_POD.md ├── EXEC_INTO.md ├── GENERATE_CLIENT_CERTIFICATE.md ├── GENERATE_TOKEN.md ├── GET_AUTHENTICATION_TOKEN_FOR.md ├── GRANTS_PERMISSION.md ├── IS_CLUSTER_ADMIN.md ├── IS_PRIVILEGED.md ├── MOUNTS_SECRET.md ├── PATCH_NAMESPACE_TO_BYPASS_PSA.md ├── RBAC_ESCALATE_TO.md ├── REPLACE_IMAGE.md ├── UPDATE_AWS_AUTH.md ├── UPDATE_WORKLOAD_WITH_SA.md ├── USES_ACCOUNT.md └── logo.png ├── icekube ├── __init__.py ├── attack_paths.py ├── cli.py ├── config.py ├── icekube.py ├── kube.py ├── log_config.py ├── models │ ├── __init__.py │ ├── _helpers.py │ ├── api_resource.py │ ├── base.py │ ├── cluster.py │ ├── clusterrole.py │ ├── clusterrolebinding.py │ ├── group.py │ ├── namespace.py │ ├── node.py │ ├── pod.py │ ├── policyrule.py │ ├── role.py │ ├── rolebinding.py │ ├── secret.py │ ├── securitycontextconstraints.py │ ├── serviceaccount.py │ ├── signer.py │ └── user.py ├── neo4j.py ├── relationships.py └── utils.py ├── mypy.ini ├── poetry.lock └── pyproject.toml /.flake8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/.flake8 -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/.github/workflows/lint.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/.gitignore -------------------------------------------------------------------------------- /.isort.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/.isort.cfg -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/LICENSE.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/README.md -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docker-compose.yml -------------------------------------------------------------------------------- /docs/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/ACCESS_POD.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/ACCESS_POD.md -------------------------------------------------------------------------------- /docs/ACCESS_SECRET.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/ACCESS_SECRET.md -------------------------------------------------------------------------------- /docs/AZURE_POD_IDENTITY_EXCEPTION.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/AZURE_POD_IDENTITY_EXCEPTION.md -------------------------------------------------------------------------------- /docs/BOUND_TO.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/BOUND_TO.md -------------------------------------------------------------------------------- /docs/CAN_ACCESS_DANGEROUS_HOST_PATH.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/CAN_ACCESS_DANGEROUS_HOST_PATH.md -------------------------------------------------------------------------------- /docs/CAN_ACCESS_HOST_FD.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/CAN_ACCESS_HOST_FD.md -------------------------------------------------------------------------------- /docs/CAN_CGROUP_BREAKOUT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/CAN_CGROUP_BREAKOUT.md -------------------------------------------------------------------------------- /docs/CAN_EXEC_THROUGH_KUBELET.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/CAN_EXEC_THROUGH_KUBELET.md -------------------------------------------------------------------------------- /docs/CAN_IMPERSONATE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/CAN_IMPERSONATE.md -------------------------------------------------------------------------------- /docs/CAN_LOAD_KERNEL_MODULES.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/CAN_LOAD_KERNEL_MODULES.md -------------------------------------------------------------------------------- /docs/CAN_NSENTER_HOST.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/CAN_NSENTER_HOST.md -------------------------------------------------------------------------------- /docs/CREATE_POD_WITH_SA.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/CREATE_POD_WITH_SA.md -------------------------------------------------------------------------------- /docs/CREATE_PRIVILEGED_WORKLOAD.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/CREATE_PRIVILEGED_WORKLOAD.md -------------------------------------------------------------------------------- /docs/CREATE_SECRET_WITH_TOKEN.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/CREATE_SECRET_WITH_TOKEN.md -------------------------------------------------------------------------------- /docs/DEBUG_POD.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/DEBUG_POD.md -------------------------------------------------------------------------------- /docs/EXEC_INTO.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/EXEC_INTO.md -------------------------------------------------------------------------------- /docs/GENERATE_CLIENT_CERTIFICATE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/GENERATE_CLIENT_CERTIFICATE.md -------------------------------------------------------------------------------- /docs/GENERATE_TOKEN.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/GENERATE_TOKEN.md -------------------------------------------------------------------------------- /docs/GET_AUTHENTICATION_TOKEN_FOR.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/GET_AUTHENTICATION_TOKEN_FOR.md -------------------------------------------------------------------------------- /docs/GRANTS_PERMISSION.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/GRANTS_PERMISSION.md -------------------------------------------------------------------------------- /docs/IS_CLUSTER_ADMIN.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/IS_CLUSTER_ADMIN.md -------------------------------------------------------------------------------- /docs/IS_PRIVILEGED.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/IS_PRIVILEGED.md -------------------------------------------------------------------------------- /docs/MOUNTS_SECRET.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/MOUNTS_SECRET.md -------------------------------------------------------------------------------- /docs/PATCH_NAMESPACE_TO_BYPASS_PSA.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/PATCH_NAMESPACE_TO_BYPASS_PSA.md -------------------------------------------------------------------------------- /docs/RBAC_ESCALATE_TO.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/RBAC_ESCALATE_TO.md -------------------------------------------------------------------------------- /docs/REPLACE_IMAGE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/REPLACE_IMAGE.md -------------------------------------------------------------------------------- /docs/UPDATE_AWS_AUTH.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/UPDATE_AWS_AUTH.md -------------------------------------------------------------------------------- /docs/UPDATE_WORKLOAD_WITH_SA.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/UPDATE_WORKLOAD_WITH_SA.md -------------------------------------------------------------------------------- /docs/USES_ACCOUNT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/USES_ACCOUNT.md -------------------------------------------------------------------------------- /docs/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/docs/logo.png -------------------------------------------------------------------------------- /icekube/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/__init__.py -------------------------------------------------------------------------------- /icekube/attack_paths.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/attack_paths.py -------------------------------------------------------------------------------- /icekube/cli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/cli.py -------------------------------------------------------------------------------- /icekube/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/config.py -------------------------------------------------------------------------------- /icekube/icekube.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/icekube.py -------------------------------------------------------------------------------- /icekube/kube.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/kube.py -------------------------------------------------------------------------------- /icekube/log_config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/log_config.py -------------------------------------------------------------------------------- /icekube/models/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/__init__.py -------------------------------------------------------------------------------- /icekube/models/_helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/_helpers.py -------------------------------------------------------------------------------- /icekube/models/api_resource.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/api_resource.py -------------------------------------------------------------------------------- /icekube/models/base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/base.py -------------------------------------------------------------------------------- /icekube/models/cluster.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/cluster.py -------------------------------------------------------------------------------- /icekube/models/clusterrole.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/clusterrole.py -------------------------------------------------------------------------------- /icekube/models/clusterrolebinding.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/clusterrolebinding.py -------------------------------------------------------------------------------- /icekube/models/group.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/group.py -------------------------------------------------------------------------------- /icekube/models/namespace.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/namespace.py -------------------------------------------------------------------------------- /icekube/models/node.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/node.py -------------------------------------------------------------------------------- /icekube/models/pod.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/pod.py -------------------------------------------------------------------------------- /icekube/models/policyrule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/policyrule.py -------------------------------------------------------------------------------- /icekube/models/role.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/role.py -------------------------------------------------------------------------------- /icekube/models/rolebinding.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/rolebinding.py -------------------------------------------------------------------------------- /icekube/models/secret.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/secret.py -------------------------------------------------------------------------------- /icekube/models/securitycontextconstraints.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/securitycontextconstraints.py -------------------------------------------------------------------------------- /icekube/models/serviceaccount.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/serviceaccount.py -------------------------------------------------------------------------------- /icekube/models/signer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/signer.py -------------------------------------------------------------------------------- /icekube/models/user.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/models/user.py -------------------------------------------------------------------------------- /icekube/neo4j.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/neo4j.py -------------------------------------------------------------------------------- /icekube/relationships.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/relationships.py -------------------------------------------------------------------------------- /icekube/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/icekube/utils.py -------------------------------------------------------------------------------- /mypy.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/mypy.ini -------------------------------------------------------------------------------- /poetry.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/poetry.lock -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/IceKube/HEAD/pyproject.toml --------------------------------------------------------------------------------