Kali
KubeStalk is a tool to discover Kubernetes and related infrastructure based attack surface from a black-box perspective. This tool is a community version of the tool used to probe for unsecured Kubernetes clusters around the internet during Project Resonance – Wave 9. Usage The GIF below demonstrates usage of the tool: Installation KubeStalk is written …
Continue reading “KubeStalk : Discovers Kubernetes Attack Surface From A Black-Box Perspective”
KubeEye is an inspection tool for Kubernetes. It discovers whether Kubernetes resources (by using OPA ), cluster components, cluster nodes (by using Node-Problem-Detector), and other configurations comply with best practices and makes modification suggestions accordingly. KubeEye supports custom inspection rules and plugin installation. With KubeEye Operator, you can intuitively view the inspection results and modification …
Continue reading “Kubeeye : Tool To Find Various Problems On Kubernetes”
KubeEye is an inspection tool for Kubernetes to discover Kubernetes resources (by OPA ), cluster components, cluster nodes (by Node-Problem-Detector) and other configurations are meeting with best practices, and giving suggestions for modification. KubeEye supports custom inspection rules and plugins installation. Through KubeEye Operator, you can view the inspection results and modification suggestions by the graphical display on the …
Kubeaudit no longer supports APIs deprecated as of Kubernetes v.1.16 release. So, it is now a requirement for clusters to run Kubernetes >=1.16 kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as: run as non-root use a read-only root filesystem drop scary capabilities, don’t add …
Peirates, a Kubernetes penetration tool, enables an attacker to escalate privilege and pivot through a Kubernetes cluster. It automates known techniques to steal and collect service accounts, obtain further code execution, and gain control of the cluster. Where Do I Run Peirates? You run Peirates from a container running on Kubernetes. Does Peirates Attack A …
Continue reading “Peirates : Kubernetes Penetration Testing Tool”
Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. Features RBAC Risk rules – Krane evaluates a set of built-in RBAC risk rules. These can be modified or extended with …
Continue reading “Krane : Kubernetes RBAC Static Analysis And Visualisation Tool”
Kubei is a vulnerabilities scanning tool that allows users to get an accurate and immediate risk assessment of their kubernetes clusters. Kubei scans all images that are being used in a Kubernetes cluster, including images of application pods and system pods. It doesn’t scan the entire image registries and doesn’t require preliminary integration with CI/CD …
Continue reading “Kubei : A Flexible Kubernetes Runtime Scanner”
Kubebox terminal and web console for kubernetes. Features ✓ Configuration from kubeconfig files (KUBECONFIG environment variable or $HOME/.kube) ✓ Switch contexts interactively ✓ Authentication support (bearer token, basic auth, private key / cert, OAuth, OpenID Connect, Amazon EKS, Google Kubernetes Engine, Digital Ocean) ✓ Namespace selection and pods list watching ✓ Container log scrolling / …
Continue reading “Kubebox : Terminal & Web Console For Kubernetes”
Permission Manager is an application developed by SIGHUP that enables a super-easy and user-friendly RBAC management for Kubernetes. If you are looking for a simple and intuitive way of managing your users within a Kubernetes cluster, this is the right place. With Permission Manager, you can create users, assign namespaces/permissions, and distribute Kubeconfig YAML files …
Continue reading “Permission Manager : Tool To Kubernetes RBAC And Users Management, Web UI FTW”
Kubolt is simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers. Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands inside the containers using getrun function from kubelet: // getRun handles requests to run a command inside a container. func (s *Server) getRun(request …
Continue reading “Kubolt : Utility For Scanning Public Kubernetes Clusters”
.png)
