All scans run against https://madhuakula.com/kubernetes-goat/
Trivy is a comprehensive security scanner. It is reliable, fast, extremely easy to use, and it works wherever you need it.
Trivy has different scanners that look for different security issues, and different targets where it can find those issues.
Link: https://github.com/aquasecurity/trivy
Example:
iron@ubuntu:/home/iron$ trivy k8s --report summary --output trivy_summary.txt
trivy k8s --report summary
183 / 183 [--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 9 p/s
Summary Report for kind-kubernetes-goat-cluster
┌────────────────────┬────────────────────────────────────────────┬─────────────────────────┬───────────────────┬───────────────────┐
│ Namespace │ Resource │ Vulnerabilities │ Misconfigurations │ Secrets │
│ │ ├────┬─────┬────┬─────┬───┼───┬───┬───┬───┬───┼───┬───┬───┬───┬───┤
│ │ │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │
├────────────────────┼────────────────────────────────────────────┼────┼─────┼────┼─────┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┤
│ secure-middleware │ Deployment/cache-store-deployment │ │ │ │ │ │ │ │ 3 │ 8 │ │ │ │ │ │ │
│ local-path-storage │ Deployment/local-path-provisioner │ 2 │ 1 │ 2 │ 11 │ 1 │ │ │ 2 │ 8 │ │ │ │ │ │ │
│ kube-system │ DaemonSet/kube-proxy │ 4 │ 8 │ 2 │ 56 │ │ │ 2 │ 4 │ 8 │ │ │ │ │ │ │
│ kube-system │ Service/kube-dns │ │ │ │ │ │ │ │ 1 │ │ │ │ │ │ │ │
│ kube-system │ DaemonSet/kindnet │ 4 │ 8 │ 2 │ 56 │ │ │ 1 │ 5 │ 4 │ │ │ │ │ │ │
│ kube-system │ Deployment/coredns │ │ │ │ │ 1 │ │ │ 3 │ 3 │ │ │ │ │ │ │
│ default │ Deployment/build-code-deployment │ │ 1 │ │ │ │ │ │ 3 │ 6 │ │ │ │ │ │ │
│ default │ Job/hidden-in-layers │ │ │ │ │ │ │ │ 3 │ 8 │ │ │ │ │ │ │
│ default │ Job/kube-bench-master │ │ │ │ │ │ │ 1 │ 4 │ 8 │ │ │ │ │ │ │
│ default │ Job/batch-check-job │ │ │ │ │ │ │ │ 3 │ 8 │ │ │ │ │ │ │
│ default │ Deployment/system-monitor-deployment │ │ │ 28 │ 46 │ │ │ 5 │ 4 │ 6 │ │ │ │ │ │ │
│ default │ Deployment/internal-proxy-deployment │ │ │ 1 │ │ │ │ │ 6 │ 8 │ │ │ │ │ │ │
│ default │ Deployment/kubernetes-goat-home-deployment │ │ 2 │ │ │ │ │ │ 3 │ 6 │ │ │ │ │ │ │
│ default │ Deployment/health-check-deployment │ 31 │ 113 │ 91 │ 498 │ 3 │ │ 4 │ 6 │ 6 │ │ │ │ │ │ │
│ default │ Job/kube-bench-node │ │ │ │ │ │ │ 1 │ 4 │ 8 │ │ │ │ │ │ │
│ default │ Deployment/poor-registry-deployment │ │ │ │ │ │ │ │ 3 │ 6 │ │ │ │ │ │ │
│ big-monolith │ Deployment/hunger-check-deployment │ │ │ 29 │ 46 │ │ │ │ 3 │ 8 │ │ │ │ │ │ │
└────────────────────┴────────────────────────────────────────────┴────┴─────┴────┴─────┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┘
kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments.
Link: https://github.com/aquasecurity/kube-hunter
./kube-hunter --cidr 10.0.0.1/24
Or single host:
./kube-hunter --remote 10.0.0.1
The official tool to manage kubernetes
Link: https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/