Listen to this Post
The following Git repositories are essential for testing security weaknesses in Kubernetes clusters:
Kube Who Can</h2>
🔗 kubectl-who-can – <a href="https://github.com/aquasecurity/kubectl-who-can">GitHub</a>
A tool to check which users or service accounts have permissions to perform specific actions in a Kubernetes cluster.
<h2 style="color: yellow;">[bash] Kube Hunter</h2>
🔗 kube-hunter – <a href="https://github.com/aquasecurity/kube-hunter">GitHub</a>
A penetration testing tool that discovers security weaknesses in Kubernetes clusters.
<h2 style="color: yellow;">[bash] Trivy</h2>
🔗 Trivy – <a href="https://github.com/aquasecurity/trivy">GitHub</a>
<h2 style="color: yellow;">A vulnerability scanner for containers and Kubernetes configurations.</h2>
<h2 style="color: yellow;">[bash] Rakkess</h2>
🔗 Rakkess – <a href="https://github.com/corneliusweig/rakkess">GitHub</a>
A tool to review RBAC (Role-Based Access Control) permissions in Kubernetes.
<h2 style="color: yellow;">[bash] Kubelet Exploit</h2>
🔗 kubelet-exploit – <a href="https://github.com/kayrus/kubelet-exploit">GitHub</a>
<h2 style="color: yellow;">Exploits misconfigured kubelets in Kubernetes clusters.</h2>
<h2 style="color: yellow;">[bash] Kubelet Client Attacks</h2>
🔗 <a href="https://lnkd.in/ewfwp7jU">Kubelet Exploitation Guide</a>
A guide on attacking Kubernetes clusters via the kubelet API.
<h2 style="color: yellow;">[bash] Kubesec</h2>
🔗 kubesec – <a href="https://github.com/controlplaneio/kubesec">GitHub</a>
<h2 style="color: yellow;">A security risk analysis tool for Kubernetes manifests.</h2>
<h2 style="color: yellow;">[bash] Kubeletctl API Map</h2>
🔗 <a href="https://github.com/cyberark/kubeletctl/blob/master/API_TABLE.md">Kubelet API Table</a>
<h2 style="color: yellow;">Comprehensive documentation on kubelet API endpoints.</h2>
<h2 style="color: yellow;">You Should Know:</h2>
<h2 style="color: yellow;">1. Checking Kubernetes Permissions</h2>
[bash]
kubectl auth can-i --list
kubectl-who-can create pods
2. Running Kube-Hunter
kube-hunter --remote <TARGET_IP>
kube-hunter --cidr 10.0.0.0/24
3. Scanning with Trivy
trivy k8s --report summary cluster
trivy image <DOCKER_IMAGE>
4. RBAC Permission Review
rakkess --namespace default
5. Exploiting Kubelet
curl -k https://<KUBELET_IP>:10250/pods
kubelet-exploit --url https://<KUBELET_IP> --cmd "id"
6. Linux Privilege Escalation Checks
./linpeas.sh
find / -perm -4000 2>/dev/null
What Undercode Say:
Kubernetes security is critical, and misconfigurations can lead to full cluster compromise. Tools like `kube-hunter` and `Trivy` help identify vulnerabilities, while `kubectl-who-can` and `Rakkess` audit permissions. Always restrict kubelet access and regularly audit RBAC policies.
Additional Linux Security Commands:
Check for world-writable files find / -perm -o+w -type f 2>/dev/null Check running processes ps aux | grep -i "kubelet|docker" Inspect network connections netstat -tulnp ss -tuln
Windows Security Checks:
Check open ports netstat -ano List scheduled tasks schtasks /query /fo LIST /v Check installed software wmic product get name,version
Expected Output:
A hardened Kubernetes cluster with minimal exposed APIs, restricted RBAC, and regular vulnerability scans.
🔗 Further Reading:
References:
Reported By: Activity 7319944637526278144 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
