Blog and Research

Offensive tools

  • Kubestriker - Kubestriker is a platform-agnostic tool designed to tackle Kuberenetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organisation.
  • kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments

Defensive Tools

  • aws-iam-authenticator - A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster
  • cert-manager - Automatically provision and manage TLS certificates in Kubernetes
  • guard - Kubernetes Authentication WebHook Server
  • kube2iam - kube2iam provides different AWS IAM roles for pods running on Kubernetes
  • kube-lego - Automatically request certificates for Kubernetes Ingress resources from Let’s Encrypt

Security Tools

  • kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  • kube-hunter - Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments.
  • KubiScan - A tool for scanning Kubernetes cluster for risky permissions in Kubernetes’s Role-based access control (RBAC) authorization model.
  • kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls
Edit me on Github