kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster that you don't own!
The kube-hunter ScanType can be deployed via helm:
helm upgrade --install kube-hunter ./scanners/kube-hunter/
The following security scan configuration example are based on the kube-hunter Documentation, please take a look at the original documentation for more configuration examples.
- To specify remote machines for hunting, select option 1 or use the --remote option. Example:
kube-hunter --remote some.node.com
- To specify interface scanning, you can use the --interface option (this will scan all of the machine's network interfaces). Example:
- To specify a specific CIDR to scan, use the --cidr option. Example:
kube-hunter --cidr 192.168.0.0/24