k8spider
OfficialMap Kubernetes services from DNS-only access.
Authorwgpsec
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Provides a practical method to discover Kubernetes Services and cluster resources when API credentials are unavailable by using DNS queries and network-based enumeration techniques. It removes the need for API Server tokens and allows low-privilege enumeration from within a pod or any host with DNS access to the cluster.
Core Features & Use Cases
- DNS-based Service Discovery: Enumerate services and namespaces by performing PTR, SRV, and wildcard DNS queries against the cluster DNS.
- Multiple Enumeration Modes: Supports full "all" scans, CIDR-based PTR sweeps, SRV probing, wildcard resolution, AXFR zone transfer attempts, neighbor/subnet scanning, and kube-state-metrics parsing for additional metadata.
- Operational Scenarios: Use inside a compromised pod to map internal services, run remotely with explicit DNS and CIDR parameters for external reconnaissance, or attempt AXFR for a quick snapshot when allowed.
Quick Start
Run k8spider all from a shell inside the target environment to enumerate Services via the cluster DNS using the system resolv.conf defaults.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: k8spider Download link: https://github.com/wgpsec/AboutSecurity/archive/main.zip#k8spider Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.