DNS Rebind Toolkit
A front-end JavaScript toolkit for creating DNS rebinding attacks
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl (@Ne0nd0g). Our Motivation While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for vulnerabilities in the cluster, and there is a lack of more complex attack vector coverage. They might allow you to see the problem but not exploit it. It is important to run the exploit to simulate a real-world attack that will be used to determine corporate resilience across the network. When running an exploit, it will practice the organization's cyber event management, which doesn't happen when scanning for cluster issues. It can help the organization learn how to operate when real attacks happen, see if its other detection system works as expected and what changes should be made. We wanted to create an offensive tool that will meet these requirements. But we had another reason to create such a tool. We already had two open-source tools (KubiScan and kubeletctl) related to Kubernetes, and we had an idea for more.
A front-end JavaScript toolkit for creating DNS rebinding attacks
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
Customize Empire's GET request URIs, user agent, and headers for evading detection and masquerading as other applications.
Automatic tool for DNS rebinding-based SSRF attacks
Comprehensive tutorial on modern exploitation techniques with a focus on understanding exploitation from scratch.
A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.