{"id":49032738,"url":"https://aquasecurity.github.io/kube-hunter/","last_synced_at":"2026-05-22T03:02:41.986Z","repository":{"id":38454905,"uuid":"141447532","full_name":"aquasecurity/kube-hunter","owner":"aquasecurity","description":"Hunt for security weaknesses in Kubernetes clusters","archived":false,"fork":false,"pushed_at":"2024-03-19T12:30:55.000Z","size":1807,"stargazers_count":5042,"open_issues_count":82,"forks_count":606,"subscribers_count":94,"default_branch":"main","last_synced_at":"2026-05-04T20:05:02.266Z","etag":null,"topics":["hacktoberfest","kubernetes-clusters","vulnerabilities"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aquasecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-07-18T14:39:06.000Z","updated_at":"2026-05-04T03:25:11.000Z","dependencies_parsed_at":"2024-03-19T13:42:57.837Z","dependency_job_id":"fe658be4-b6f9-4202-a20b-c2b0baa2b4e4","html_url":"https://github.com/aquasecurity/kube-hunter","commit_stats":{"total_commits":597,"total_committers":80,"mean_commits":7.4625,"dds":0.8241206030150754,"last_synced_commit":"ff9f2c536f60224f951b452b90a0c416cfeb0b2b"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/aquasecurity/kube-hunter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Fkube-hunter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Fkube-hunter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Fkube-hunter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Fkube-hunter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aquasecurity","download_url":"https://codeload.github.com/aquasecurity/kube-hunter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aquasecurity%2Fkube-hunter/sbom","scorecard":{"id":204673,"data":{"date":"2025-08-11","repo":{"name":"github.com/aquasecurity/kube-hunter","commit":"bc47f08e88ea2a5fb059bf3b8a8edb1aefb4c6cc"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.3,"checks":[{"name":"Code-Review","score":2,"reason":"Found 8/28 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: no topLevel permission defined: .github/workflows/publish.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/kube-hunter/test.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:19: pin your Docker image by updating python:3.8-alpine to python:3.8-alpine@sha256:3d93b1f77efce339aa77db726656872517b0d67837989aa7c4b35bd5ae7e81ba","Warn: pipCommand not pinned by hash: Dockerfile:30","Warn: pipCommand not pinned by hash: .github/workflows/publish.yml:82","Warn: pipCommand not pinned by hash: .github/workflows/publish.yml:88","Warn: pipCommand not pinned by hash: .github/workflows/release.yml:26","Warn: pipCommand not pinned by hash: .github/workflows/release.yml:27","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:43","Info:   0 out of  13 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  10 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.6.8 not signed: https://api.github.com/repos/aquasecurity/kube-hunter/releases/66737578","Warn: release artifact v0.6.6 not signed: https://api.github.com/repos/aquasecurity/kube-hunter/releases/66284335","Warn: release artifact v0.6.5 not signed: https://api.github.com/repos/aquasecurity/kube-hunter/releases/58212956","Warn: release artifact v0.6.4 not signed: https://api.github.com/repos/aquasecurity/kube-hunter/releases/57748699","Warn: release artifact v0.6.3 not signed: https://api.github.com/repos/aquasecurity/kube-hunter/releases/51476296","Warn: release artifact v0.6.8 does not have provenance: https://api.github.com/repos/aquasecurity/kube-hunter/releases/66737578","Warn: release artifact v0.6.6 does not have provenance: https://api.github.com/repos/aquasecurity/kube-hunter/releases/66284335","Warn: release artifact v0.6.5 does not have provenance: https://api.github.com/repos/aquasecurity/kube-hunter/releases/58212956","Warn: release artifact v0.6.4 does not have provenance: https://api.github.com/repos/aquasecurity/kube-hunter/releases/57748699","Warn: release artifact v0.6.3 does not have provenance: https://api.github.com/repos/aquasecurity/kube-hunter/releases/51476296"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"24 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-cr5q-6q9f-rq6q","Warn: Project is vulnerable to: GHSA-j6gc-792m-qgm2","Warn: Project is vulnerable to: GHSA-pj73-v5mw-pm9j","Warn: Project is vulnerable to: GHSA-jxhc-q857-3j6g","Warn: Project is vulnerable to: GHSA-48wp-p9qv-4j64","Warn: Project is vulnerable to: GHSA-4qw4-jpp4-8gvp","Warn: Project is vulnerable to: GHSA-636f-xm5j-pj9m","Warn: Project is vulnerable to: GHSA-7vh7-fw88-wj87","Warn: Project is vulnerable to: GHSA-fmx4-26r3-wxpf","Warn: Project is vulnerable to: GHSA-52p9-v744-mwjj","Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m","Warn: Project is vulnerable to: GHSA-4xqq-m2hx-25v8","Warn: Project is vulnerable to: GHSA-5866-49gr-22v4","Warn: Project is vulnerable to: GHSA-8cr8-4vfw-mr7h","Warn: Project is vulnerable to: GHSA-r55c-59qm-vjw6","Warn: Project is vulnerable to: GHSA-vg3r-rm7w-2xgh","Warn: Project is vulnerable to: GHSA-vmwr-mc7x-5vc3","Warn: Project is vulnerable to: GHSA-5cm2-9h8c-rvfx","Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: PYSEC-2020-175 / GHSA-7fcj-pq9j-wh2r","Warn: Project is vulnerable to: PYSEC-2023-292 / GHSA-9w2p-rh8c-v9g5","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-cx63-2mw6-8hw5","Warn: Project is vulnerable to: PYSEC-2022-43012 / GHSA-r9hx-vwmv-q579"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T23:27:43.786Z","repository_id":38454905,"created_at":"2025-08-16T23:27:43.786Z","updated_at":"2025-08-16T23:27:43.786Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33326656,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-21T12:23:38.849Z","status":"online","status_checked_at":"2026-05-22T02:00:06.671Z","response_time":265,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","kubernetes-clusters","vulnerabilities"],"created_at":"2026-04-19T10:00:36.335Z","updated_at":"2026-05-22T03:02:41.971Z","avatar_url":"https://github.com/aquasecurity.png","language":"Python","funding_links":[],"categories":["Other"],"sub_categories":[],"readme":"## Notice\nkube-hunter is not under active development anymore. If you're interested in scanning Kubernetes clusters for known vulnerabilities, we recommend using [Trivy](https://github.com/aquasecurity/trivy). Specifically, Trivy's Kubernetes [misconfiguration scanning](https://blog.aquasec.com/trivy-kubernetes-cis-benchmark-scanning) and [KBOM vulnerability scanning](https://blog.aquasec.com/scanning-kbom-for-vulnerabilities-with-trivy). Learn more in the [Trivy Docs](https://aquasecurity.github.io/trivy/).\n\n---\n\nkube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. **You should NOT run kube-hunter on a Kubernetes cluster that you don't own!**\n\n**Run kube-hunter**: kube-hunter is available as a container (aquasec/kube-hunter), and we also offer a web site at [kube-hunter.aquasec.com](https://kube-hunter.aquasec.com) where you can register online to receive a token allowing you to see and share the results online. You can also run the Python code yourself as described below.\n\n**Explore vulnerabilities**: The kube-hunter knowledge base includes articles about discoverable vulnerabilities and issues. When kube-hunter reports an issue, it will show its VID (Vulnerability ID) so you can look it up in the KB at https://aquasecurity.github.io/kube-hunter/  \n_If you're interested in kube-hunter's integration with the Kubernetes ATT\u0026CK Matrix [Continue Reading](#kuberentes-attck-matrix)_\n\n[kube-hunter demo video](https://youtu.be/s2-6rTkH8a8?t=57s)\n\n## Table of Contents\n\n- [Table of Contents](#table-of-contents)\n  - [Kubernetes ATT\u0026CK Matrix](#kubernetes-attck-matrix)\n  - [Hunting](#hunting)\n    - [Where should I run kube-hunter?](#where-should-i-run-kube-hunter)\n    - [Scanning options](#scanning-options)\n    - [Authentication](#authentication)\n    - [Active Hunting](#active-hunting)\n    - [List of tests](#list-of-tests)\n    - [Nodes Mapping](#nodes-mapping)\n    - [Output](#output)\n    - [Dispatching](#dispatching)\n  - [Advanced Usage](#advanced-usage)\n    - [Azure Quick Scanning](#azure-quick-scanning)\n    - [Custom Hunting](#custom-hunting)\n  - [Deployment](#deployment)\n    - [On Machine](#on-machine)\n      - [Prerequisites](#prerequisites)\n        - [Install with pip](#install-with-pip)\n        - [Run from source](#run-from-source)\n    - [Container](#container)\n    - [Pod](#pod)\n  - [Contribution](#contribution)\n  - [License](#license)\n\n## Kubernetes ATT\u0026CK Matrix\n\nkube-hunter now supports the new format of the Kubernetes ATT\u0026CK matrix.\nWhile kube-hunter's vulnerabilities are a collection of creative techniques designed to mimic an attacker in the cluster (or outside it)\nThe Mitre's ATT\u0026CK defines a more general standardised categories of techniques to do so.\n\nYou can think of kube-hunter vulnerabilities as small steps for an attacker, which follows the track of a more general technique he would aim for.\nMost of kube-hunter's hunters and vulnerabilities can closly fall under those techniques, That's why we moved to follow the Matrix standard.  \n \n_Some kube-hunter vulnerabities which we could not map to Mitre technique, are prefixed with the `General` keyword_ \n![kube-hunter](./MITRE.png)\n\n## Hunting\n### Where should I run kube-hunter?\n\nThere are three different ways to run kube-hunter, each providing a different approach to detecting weaknesses in your cluster:\n\nRun kube-hunter on any machine (including your laptop), select Remote scanning and give the IP address or domain name of your Kubernetes cluster. This will give you an attackers-eye-view of your Kubernetes setup.\n\nYou can run kube-hunter directly on a machine in the cluster, and select the option to probe all the local network interfaces.\n\nYou can also run kube-hunter in a pod within the cluster. This indicates how exposed your cluster would be if one of your application pods is compromised (through a software vulnerability, for example). (_`--pod` flag_)\n\n\n### Scanning options\n\nFirst check for these **[pre-requisites](#prerequisites)**.\n\nBy default, kube-hunter will open an interactive session, in which you will be able to select one of the following scan options. You can also specify the scan option manually from the command line. These are your options:\n\n1. **Remote scanning**\n\nTo specify remote machines for hunting, select option 1 or use the `--remote` option. Example:\n`kube-hunter --remote some.node.com`\n\n2. **Interface scanning**\n\nTo specify interface scanning, you can use the `--interface` option (this will scan all of the machine's network interfaces). Example:\n`kube-hunter --interface`\n\n3. **Network scanning**\n\nTo specify a specific CIDR to scan, use the `--cidr` option. Example:\n`kube-hunter --cidr 192.168.0.0/24`\n\n4. **Kubernetes node auto-discovery**\n\nSet `--k8s-auto-discover-nodes` flag to query Kubernetes for all nodes in the cluster, and then attempt to scan them all. By default, it will use [in-cluster config](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) to connect to the Kubernetes API. If you'd like to use an explicit kubeconfig file, set `--kubeconfig /location/of/kubeconfig/file`.\n\nAlso note, that this is always done when using `--pod` mode.\n\n### Authentication\nIn order to mimic an attacker in it's early stages, kube-hunter requires no authentication for the hunt. \n\n* **Impersonate** - You can provide kube-hunter with a specific service account token to use when hunting by manually passing the JWT Bearer token of the service-account secret with the `--service-account-token` flag. \n\n   Example:\n   ```bash\n   $ kube-hunter --active --service-account-token eyJhbGciOiJSUzI1Ni...\n   ```\n\n* When runing with `--pod` flag, kube-hunter uses the service account token [mounted inside the pod](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/) to authenticate to services it finds during the hunt.\n  * if specified, `--service-account-token` flag takes priority when running as a pod\n\n\n### Active Hunting\n\nActive hunting is an option in which kube-hunter will exploit vulnerabilities it finds, to explore for further vulnerabilities.\nThe main difference between normal and active hunting is that a normal hunt will never change the state of the cluster, while active hunting can potentially do state-changing operations on the cluster, **which could be harmful**.\n\nBy default, kube-hunter does not do active hunting. To active hunt a cluster, use the `--active` flag. Example:\n`kube-hunter --remote some.domain.com --active`\n\n### List of tests\nYou can see the list of tests with the `--list` option: Example:\n`kube-hunter --list`\n\nTo see active hunting tests as well as passive:\n`kube-hunter --list --active`\n\n### Nodes Mapping \nTo see only a mapping of your nodes network, run with `--mapping` option. Example:\n`kube-hunter --cidr 192.168.0.0/24 --mapping`\nThis will output all the Kubernetes nodes kube-hunter has found.\n\n### Output\nTo control logging, you can specify a log level, using the `--log` option. Example:\n`kube-hunter --active --log WARNING`\nAvailable log levels are:\n\n* DEBUG\n* INFO (default)\n* WARNING\n\n### Dispatching\nBy default, the report will be dispatched to `stdout`, but you can specify different methods by using the `--dispatch` option. Example:\n`kube-hunter --report json --dispatch http`\nAvailable dispatch methods are:\n\n* stdout (default)\n* http (to configure, set the following environment variables:) \n    * KUBEHUNTER_HTTP_DISPATCH_URL (defaults to: https://localhost)\n    * KUBEHUNTER_HTTP_DISPATCH_METHOD (defaults to: POST)\n\n\n## Advanced Usage\n### Azure Quick Scanning \nWhen running **as a Pod in an Azure or AWS environment**, kube-hunter will fetch subnets from the Instance Metadata Service. Naturally this makes the discovery process take longer.\nTo hardlimit subnet scanning to a `/24` CIDR, use the `--quick` option. \n\n### Custom Hunting\nCustom hunting enables advanced users to have control over what hunters gets registered at the start of a hunt. \n**If you know what you are doing**, this can help if you want to adjust kube-hunter's hunting and discovery process for your needs.\n\nExample: \n```\nkube-hunter --custom \u003cHunterName1\u003e \u003cHunterName2\u003e\n``` \nEnabling Custom hunting removes all hunters from the hunting process, except the given whitelisted hunters.\n\nThe `--custom` flag reads a list of hunters class names, in order to view all of kube-hunter's class names, you can combine the flag `--raw-hunter-names` with the `--list` flag.  \n\nExample: \n```\nkube-hunter --active --list --raw-hunter-names\n```\n\n**Notice**: Due to kube-huner's architectural design, the following \"Core Hunters/Classes\" will always register (even when using custom hunting):\n* HostDiscovery \n  * _Generates ip addresses for the hunt by given configurations_\n  * _Automatically discovers subnets using cloud Metadata APIs_\n* FromPodHostDiscovery\n  * _Auto discover attack surface ip addresses for the hunt by using Pod based environment techniques_\n  * _Automatically discovers subnets using cloud Metadata APIs_\n* PortDiscovery\n  * _Port scanning given ip addresses for known kubernetes services ports_\n* Collector\n  * _Collects discovered vulnerabilities and open services for future report_\n* StartedInfo \n  * _Prints the start message_\n* SendFullReport \n  * _Dispatching the report based on given configurations_\n\n\n\n\n\n## Deployment\nThere are three methods for deploying kube-hunter:\n\n### On Machine\n\nYou can run kube-hunter directly on your machine.\n\n#### Prerequisites\n\nYou will need the following installed:\n* python 3.x\n* pip\n\n##### Install with pip\n\nInstall:\n~~~\npip install kube-hunter\n~~~\n\nRun:\n~~~\nkube-hunter\n~~~\n\n##### Run from source\nClone the repository:\n~~~\ngit clone https://github.com/aquasecurity/kube-hunter.git\n~~~\n\nInstall module dependencies. (You may prefer to do this within a [Virtual Environment](https://packaging.python.org/guides/installing-using-pip-and-virtual-environments/))\n~~~\ncd ./kube-hunter\npip install -r requirements.txt\n~~~\n\nRun:\n~~~\npython3 kube_hunter\n~~~\n\n_If you want to use pyinstaller/py2exe you need to first run the install_imports.py script._\n\n### Container\nAqua Security maintains a containerized version of kube-hunter at `aquasec/kube-hunter:aqua`. This container includes this source code, plus an additional (closed source) reporting plugin for uploading results into a report that can be viewed at [kube-hunter.aquasec.com](https://kube-hunter.aquasec.com). Please note, that running the `aquasec/kube-hunter` container and uploading reports data are subject to additional [terms and conditions](https://kube-hunter.aquasec.com/eula.html).\n\nThe Dockerfile in this repository allows you to build a containerized version without the reporting plugin.\n\nIf you run kube-hunter container with the host network, it will be able to probe all the interfaces on the host:\n\n`docker run -it --rm --network host aquasec/kube-hunter`\n\n_Note for Docker for Mac/Windows:_ Be aware that the \"host\" for Docker for Mac or Windows is the VM that Docker runs containers within. Therefore specifying `--network host` allows kube-hunter access to the network interfaces of that VM, rather than those of your machine.\nBy default, kube-hunter runs in interactive mode. You can also specify the scanning option with the parameters described above e.g.\n\n`docker run --rm aquasec/kube-hunter --cidr 192.168.0.0/24`\n\n### Pod\nThis option lets you discover what running a malicious container can do/discover on your cluster. This gives a perspective on what an attacker could do if they were able to compromise a pod, perhaps through a software vulnerability. This may reveal significantly more vulnerabilities.\n\nThe example `job.yaml` file defines a Job that will run kube-hunter in a pod, using default Kubernetes pod access settings. (You may wish to modify this definition, for example to run as a non-root user, or to run in a different namespace.)\n\n* Run the job with `kubectl create -f ./job.yaml`\n* Find the pod name with `kubectl describe job kube-hunter`\n* View the test results with `kubectl logs \u003cpod name\u003e`\n\n## Contribution \nTo read the contribution guidelines, \u003ca href=\"https://github.com/aquasecurity/kube-hunter/blob/main/CONTRIBUTING.md\"\u003e Click here \u003c/a\u003e\n\n## License\nThis repository is available under the [Apache License 2.0](https://github.com/aquasecurity/kube-hunter/blob/main/LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/aquasecurity.github.io%2Fkube-hunter%2F","html_url":"https://awesome.ecosyste.ms/projects/aquasecurity.github.io%2Fkube-hunter%2F","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/aquasecurity.github.io%2Fkube-hunter%2F/lists"}