Running Active Mode as Pod - How to?

magnologan commented 3 years ago

Hi there,

I'm running kube-hunter as a pod inside my cluster, but I've wanted to test the active mode (--active) as well, is that possible? https://github.com/aquasecurity/kube-hunter#active-hunting

I've tried to tweak the job.yaml file to add the --active flag in the args there, as such: args: ["--pod", "--active"], but I've got the same results. How do I know if kube-hunter at least executed the active mode but didn't find anything? Thanks!

What are you trying to achieve

Run kube-hunter as Pod in active mode (--active)

Minimal example (if applicable)

apiVersion: batch/v1 kind: Job metadata: name: kube-hunter spec: template: spec: containers:

name: kube-hunter image: aquasec/kube-hunter command: ["kube-hunter"] args: ["--pod","--active"] restartPolicy: Never backoffLimit: 4

danielsagi commented 3 years ago

Hi @magnologan , Currently we don't have an indicator in the report for the type of scan that occurred, If you want to debug this and find whether an active scan was running, you can add the flag: --log debug and see whether active hunters were registered. this will be visible at the start of the log.

danielsagi commented 3 years ago

@magnologan Sorry for not being clear, it looks like you passed --active right, so an active scan probably did run. You're right though, we should think about adding an indicator in the scan itself about the type of scan that was running

magnologan commented 3 years ago

Yes, that's correct. Ok, it makes sense now. Thanks a lot @danielsagi!

aquasecurity / kube-hunter

Running Active Mode as Pod - How to? #374

What are you trying to achieve

Minimal example (if applicable)