5 open-source tools for pentesting Kubernetes you should check out
Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications.
Kubernetes has become a critical part of the infrastructure for many organizations. However, with its widespread adoption, Kubernetes environments have also become a target for cyber threats. So, in this article, we present powerful open-source tools designed for you to use for Kubernetes pentesting.
kubeaudit
kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various security concerns, such as:
- Run as non-root
- Use a read-only root filesystem
- Drop scary capabilities, don’t add new ones
- Don’t run privileged
kube-bench
kube-bench is a tool that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. Tests are configured with YAML files, making this tool easy to update as test specifications evolve.
KubiScan
KubiScan helps cluster administrators identify permissions that attackers could potentially exploit to compromise the clusters. This can be especially helpful on large environments where there are lots of permissions that can be challenging to track. KubiScan gathers information about risky roles\clusterroles, rolebindings\clusterrolebindings, users and pods, automating traditional manual processes and giving administrators the visibility they need to reduce risk.
Kubetap
Kubetap is a kubectl plugin that enables an operator to deploy intercepting proxies for Kubernetes Services quickly. Kubetap allows testers to select a target Service and intercept all traffic destined for that Service, regardless of where the requests originate.
The transparency and visibility afforded by Kubetap allow testers to better understand and exercise the Service without the prohibitively (expensive) time cost of configuring and deploying a proxy manually. Microservices deep in a technology stack that were once inaccessible to testers can now be proxied easily.
Peirates
Peirates is a Kubernetes penetration tool that enables an attacker to escalate privilege and pivot through a Kubernetes cluster. It automates known techniques to steal and collect service account tokens, secrets, obtain further code execution, and gain cluster control.