How to run active scan via kube-hunter kubernetes job?

aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters

Apache License 2.0

4.66k stars 579 forks source link

How to run active scan via kube-hunter kubernetes job? #432

Closed ragashreeshekar closed 3 years ago

ragashreeshekar commented 3 years ago

While there are 3 options to run kube-hunter on a remote cluster, In my case, the pip method says there are no vulnerabilities via remote, ip or interface scan method. However the kube-hunter job does provide a couple of results. Would like to understand if there is a means to run the kube-hunter job to execute active scans. Kindly advise. Thanks in advance

danielsagi commented 3 years ago

Hi @ragashreeshekar To run an active scan using the job method, add a --active flag as an argument in the yaml

---
apiVersion: batch/v1
kind: Job
metadata:
  name: kube-hunter
spec:
  template:
    spec:
      containers:
        - name: kube-hunter
          image: aquasec/kube-hunter
          command: ["kube-hunter"]
          args: ["--pod", "--active"]
      restartPolicy: Never
  backoffLimit: 4

ragashreeshekar commented 3 years ago

Hi @ragashreeshekar To run an active scan using the job method, add a --active flag as an argument in the yaml

---
apiVersion: batch/v1
kind: Job
metadata:
  name: kube-hunter
spec:
  template:
    spec:
      containers:
        - name: kube-hunter
          image: aquasec/kube-hunter
          command: ["kube-hunter"]
          args: ["--pod", "--active"]
      restartPolicy: Never
  backoffLimit: 4

Thanks! This helps.