Peirates

What is Peirates?

Peirates, a Kubernetes penetration tool, enables an attacker to escalate privilege and pivot through a Kubernetes cluster. It automates known techniques to steal and collect service account tokens, secrets, obtain further code execution, and gain control of the cluster.

Where do I run Peirates?

You run Peirates from a container running on Kubernetes or from a Kubernetes node, outside the container.

Does Peirates attack a Kubernetes cluster?

Yes, it absolutely does. Talk to your lawyer and the cluster owners before using this tool in a Kubernetes cluster.

Who creates Peirates?

InGuardians' CTO Jay Beale first conceived of Peirates and put together a group of InGuardians developers to create it with him, including Faith Alderson, Adam Crompton and Dave Mayer. Faith convinced us to all learn Golang, so she could implement the tool's use of the kubectl library from the Kubernetes project. Adam persuaded the group to use a highly-interactive user interface. Dave brought contagious enthusiasm. Together, these four developers implemented attacks and began releasing this tool that we use on our penetration tests.

Other contributors have helped as well - see GitHub to see more, but please also review credits.md.

Do you welcome contributions?

Yes, we absolutely do. Submit a pull request and/or reach out to peirates-dev@inguardians.com.

What license is this released under?

Peirates is released under the GPLv2 license.

Running Peirates

If you just want the peirates binary to start attacking things, grab the latest release from the releases page.

Peirates as a Container Image

You can find a useful alpine-peirates container image on Docker Hub, with a version number tag that tracks the Peirates version.

For example, for alpine-peirates:1.1.16, which contains peirates version 1.1.16, run:

docker pull bustakube/alpine-peirates:1.1.16

Building Peirates

However, if you want to build from source, read on!

Get peirates

go get -v "github.com/inguardians/peirates"

Get libary sources if you haven't already (Warning: this will take almost a gig of space because it needs the whole kubernetes repository)

go get -v "k8s.io/kubectl/pkg/cmd" "github.com/aws/aws-sdk-go"

Build the executable

cd $GOPATH/github.com/inguardians/peirates/scripts
./build.sh

This will generate an executable file named peirates in the same directory.

Name	Name	Last commit message	Last commit date
Latest commit JayBeale v1.1.26 - handle case where kubelet config does not contain client key Mar 17, 2025 c4023a2 · Mar 17, 2025 History 654 Commits
.devcontainer	.devcontainer	fix my typos	Dec 23, 2022
.github	.github	add exec-into-peirates-pod.sh script (#36 )	May 17, 2023
.vscode	.vscode	fix my typos	Dec 23, 2022
build	build	adding contents to direct people to ../scripts/build.sh and ../deploy…	May 17, 2023
cmd	cmd	add exec-into-peirates-pod.sh script (#36 )	May 17, 2023
deployments	deployments	generalized Makefile to use an image repo name provided as an environ…	May 17, 2023
docs	docs	add exec-into-peirates-pod.sh script (#36 )	May 17, 2023
pkg	pkg	fixing cloud detection - trial 1	Jul 8, 2023
scripts	scripts	added static build as options	May 15, 2024
test	test	add exec-into-peirates-pod.sh script (#36 )	May 17, 2023
.dockerignore	.dockerignore	dev and app containers working	Dec 22, 2022
.envrc	.envrc	got shell and tool working in GCP deployment	Dec 22, 2022
.gitignore	.gitignore	add exec-into-peirates-pod.sh script (#36 )	May 17, 2023
.profile	.profile	fixed issue with images not being tagged correctly	Dec 23, 2022
LICENSE	LICENSE	Added GPLv2 license file to repo	Aug 13, 2020
Makefile	Makefile	Revert "Revert "detect which cloud provider we are using (#38 )" (#45 )"	Jul 8, 2023
README.md	README.md	Add docker hub reference	Feb 28, 2024
SECURITY.md	SECURITY.md	typo in markdown table	Dec 23, 2022
attack_create_hostfs_pod.go	attack_create_hostfs_pod.go	renaming files to follow golang conventions	May 22, 2024
aws.go	aws.go	nicer menu	May 14, 2024
changelog.md	changelog.md	updated changelog and dependency	Nov 5, 2023
cloud_detection.go	cloud_detection.go	added error handling to GetRequest - fixed panic	Oct 15, 2024
commandline.go	commandline.go	added service account token display and verbosity flag	Nov 5, 2023
config.go	config.go	v1.1.26 - handle case where kubelet config does not contain client key	Mar 17, 2025
credits.md	credits.md	credits fix	Apr 30, 2024
curl.go	curl.go	added feature to write kubectl, curl and shell output to a file	May 14, 2024
cve-2024-21626.go	cve-2024-21626.go	Added intro message for leakyvessels	Feb 21, 2024
decode_jwt.go	decode_jwt.go	removed external dependency for JWT decoding	Jul 5, 2024
enumerate_dns.go	enumerate_dns.go	Revert "Revert "detect which cloud provider we are using (#38 )" (#45 )"	Jul 8, 2023
enumerate_simple_objects.go	enumerate_simple_objects.go	nicer menu	May 14, 2024
exec_in_pods.go	exec_in_pods.go	renaming files to follow golang conventions	May 22, 2024
exec_via_kubelet_api.go	exec_via_kubelet_api.go	added error handling to GetRequest - fixed panic	Oct 15, 2024
filesystem_manipulation.go	filesystem_manipulation.go	v1.1.23 - added simple filesystem operations	Jun 24, 2024
gcp.go	gcp.go	added error handling to GetRequest - fixed panic	Oct 15, 2024
go.mod	go.mod	switched readline to ergochat/readline	May 1, 2024
http_utils.go	http_utils.go	added error handling to GetRequest - fixed panic	Oct 15, 2024
inject-into-pod-alpha.go	inject-into-pod-alpha.go	further cleanup on peirates.go	Apr 30, 2024
json_structs.go	json_structs.go	clean-up of peirates.go	Apr 30, 2024
kubeapi.go	kubeapi.go	removed unused functions	May 16, 2024
kubectl_interactive.go	kubectl_interactive.go	removed comments - feature request fulfilled	May 16, 2024
kubectl_wrappers.go	kubectl_wrappers.go	added feature to write kubectl, curl and shell output to a file	May 14, 2024
list_secrets.go	list_secrets.go	renaming files to follow golang conventions	May 22, 2024
menu.go	menu.go	fixed alignment on menu items	Jul 8, 2024
menu_cert_auth.go	menu_cert_auth.go	renaming files to follow golang conventions	May 22, 2024
menu_namespaces.go	menu_namespaces.go	renaming files to follow golang conventions	May 22, 2024
menu_serviceaccounts.go	menu_serviceaccounts.go	removed external dependency for JWT decoding	Jul 5, 2024
menu_tcp_portscan.go	menu_tcp_portscan.go	renaming files to follow golang conventions	May 22, 2024
menu_use_auth_cani.go	menu_use_auth_cani.go	renaming files to follow golang conventions	May 22, 2024
misc_utils.go	misc_utils.go	clean-up of peirates.go	Apr 30, 2024
node_secrets.go	node_secrets.go	more cleanup this is so boring lol wat	Jan 15, 2023
output_to_user.go	output_to_user.go	added verbose debugging to kubelet param search	May 30, 2024
peirates.go	peirates.go	v1.1.26 - handle case where kubelet config does not contain client key	Mar 17, 2025
peirates_logo.jpeg	peirates_logo.jpeg	Added logo	Mar 6, 2019
peirates_logo.png	peirates_logo.png	Add files via upload	Mar 6, 2019
portscan.go	portscan.go	stop the bleeding	Jan 15, 2023
service_account_utils.go	service_account_utils.go	beginning to remove dependency on external JWT library	May 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Peirates

What is Peirates?

Where do I run Peirates?

Does Peirates attack a Kubernetes cluster?

Who creates Peirates?

Do you welcome contributions?

What license is this released under?

Running Peirates

Peirates as a Container Image

Building Peirates

About

Releases 57

Packages

Contributors 9

Languages

License

inguardians/peirates

Folders and files

Latest commit

History

Repository files navigation

Peirates

What is Peirates?

Where do I run Peirates?

Does Peirates attack a Kubernetes cluster?

Who creates Peirates?

Do you welcome contributions?

What license is this released under?

Running Peirates

Peirates as a Container Image

Building Peirates

About

Resources

License

Security policy

Stars

Watchers

Forks

Releases 57

Packages 0

Contributors 9

Languages

Packages