pvesh is the Proxmox VE API shell tool that provides command-line access to the entire Proxmox API. It can manage VMs, containers, storage, users, permissions, and all cluster resources. Adversaries with administrative access can use pvesh to enumerate the entire infrastructure, modify configurations, and execute privileged operations.
/usr/bin/pveshLists all nodes in the Proxmox cluster with CPU, memory, and disk usage statistics.
pvesh get /nodes --output-format=json-prettypvesh get /nodespvesh get /nodes --output-format=jsonLists all virtual machines across all cluster nodes with their status, memory, and disk allocation.
pvesh get /cluster/resources --type vm --output-format=json-prettypvesh get /cluster/resources --type vmpvesh get /cluster/resourcesList storage content including VM images, backups, and ISO files.
pvesh get /nodes/{node}/storage/{storage}/content --output-format=json-prettyLists all users configured in Proxmox VE with their realm, enabled status, and expiration.
pvesh get /access/users --output-format=json-prettypvesh get /access/userspvesh get /access/users --fullLists all access control list entries showing user/group permissions on resources.
pvesh get /access/acl --output-format=json-prettyExecute arbitrary commands on a VM through the QEMU guest agent.
pvesh get /nodes/{node}/qemu/{vmid}/agent/exec --command "whoami"Read files from a VM through the QEMU guest agent.
pvesh get /nodes/{node}/qemu/{vmid}/agent/file-read --file /etc/passwdCreate a snapshot of a VM that can be used to restore or analyze later.
pvesh create /nodes/{node}/qemu/{vmid}/snapshot --snapname backdoorCreate a new local user account in Proxmox VE.
pvesh create /access/users --userid attacker@pve --password secret123Grant full administrative privileges to a user on all resources.
pvesh create /access/acl --path / --roles Administrator --users attacker@pve