Running kube-hunter

Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don't own!

How to run kube-hunter

  • IP addresses can be obtained by running the following command
kubectl cluster-info
kubectl get nodes -o wide

  • Let's run kube-hunter from outside the cluster as a black box. Select the option 1 to perform "Remote Scanning".
cd /data/kube-hunter
./kube-hunter.py

  • We can also run the kube-hunter as a active scan within the cluster as well
cd /data/kube-hunter
kubectl apply -f job.yaml
  • Get the results by looking at stdout logs of the pod
kubectl get pods --selector job-name=kube-hunter
kubectl logs <PODNAME>

References