MTKPI – Multi Tool Kubernetes Pentest Image is a docker image containing all the necessary tools for Kubernetes penetration testing, generated by Kandinsky 2.2. It includes popular tools for pentesting a Kubernetes cluster, covering techniques from the Microsoft Threat Matrix for Kubernetes. Disclaimer: This tool is for testing purposes only and should not be used for malicious acts as it can adversely affect the entire cluster.
FEATURES
ALTERNATIVES
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
SharpPrinter enables efficient discovery of network printers for security and management purposes.
A penetration testing tool for intercepting SSH connections and logging plaintext passwords.
A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.
A technique for social engineering and untrusted command execution using ClickOnce technology
A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.
Abusing SCF files to gather user hashes from an unauthenticated writable Windows-based file share.
Redboto is a collection of scripts for red team operations against the AWS API.
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.