danielsagi
commented
3 years ago Hi, what youre suggesting here is actually already partially implemented. We have the Certificate Hunter which subscribes to all known Services. Checks for tls, and extracts email addresses from the returned ssl cerificate.
Do you have some more ideas on other ssl information that can be interesting to extract? Did i understand you right by your question?
dschveninger
expand Kuber-hunter
Would the following Use Case be something that kube-hunter can support.
Find the known ip and ports on the public and private networks in a cluster. Either by CICD scanning or k8s resource queries. Take a list of ip and ports to scan and provide the following data. 1) active listener 2) see if it support tls 3) collect tls data 4) either report or allow to assert about the data.
Why is this needed
A tool like this would allow you to test the k8s configuration with a single tool for active tls requirements versus configuration requirements.
If this is not the scope of Kube-hunter please let me know. If there is a tool to That exists please let me know.