Containers

Introduction k8s_audit.py is a security auditing tool for Kubernetes clusters focused on misconfiguration enumeration and penetration testing in containerised environments. All operations are strictly read-only: the tool never modifies cluster state, making it safe to run against production environments without risk of disruption or unintended side effects. The tool is organised into twelve independent audit modules, each targeting a specific attack surface within a Kubernetes cluster. Modules can be run individually or in any combination, allowing the scope of the audit to be tailored to the specific needs of each environment. The available modules are: ...

Introduction When auditing a Kubernetes cluster for the first time, whether as part of an internal pentesting exercise, a configuration review, or simply to understand what is running in production, most of the real problems do not show up in fancy automated scanners but in patient reading of the cluster state. Excessive permissions, privileged containers nobody remembers deploying, secrets in environment variables, TLS certificates about to expire, and hostPath volumes mounting sensitive node paths are recurring findings that anyone can detect with kubectl and a bit of method. ...