Mass scan for Kubernetes:
masscan -p 6443,443,10250,10255 10.0.0.0/24
Scan a subnet for port 6443, 10255, 10250 or 443, once you have a list of IPs make a request to /version URI to check if they return any information on the Kubernetes API. Example:
curl -k <https://10.0.0.1:6443/version>
{
"major": "1",
"minor": "18+",
"gitVersion": "v1.18.8",
"gitCommit": "27f24d2",
"gitTreeState": "",
"buildDate": "2021-08-19T10.0.0.0Z",
"goVersion": "go1.13.15",
"compiler": "gc",
"platform": "linux/amd64"
}
kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments.
Link: https://github.com/aquasecurity/kube-hunter
./kube-hunter --cidr 10.0.0.1/24
Or single host:
./kube-hunter --remote 10.0.0.1
Description: minikube quickly sets up a local Kubernetes cluster on macOS, Linux, and Windows. We proudly focus on helping application developers and new Kubernetes users.
Enumerate API Server:
Get Pods:
kubectl --server <https://10.10.11.133:8443> get pod
Get namespaces
kubectl --server <https://10.10.11.133:8443> get namespaces
Cluster info
kubectl --server <https://10.10.11.133:8443> cluster-info