mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
52d02cea63
Add some related security tools.
43 lines
1.7 KiB
Markdown
43 lines
1.7 KiB
Markdown
> Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was originally designed by Google, and is now maintained by the Cloud Native Computing Foundation.
|
|
|
|
### API addresses that you should know *(External network visibility)*
|
|
---
|
|
#### - cAdvisor
|
|
```
|
|
curl -k https://<IP Address>:4194
|
|
```
|
|
#### - Insecure API server
|
|
```
|
|
curl -k https://<IP Address>:8080
|
|
```
|
|
#### - Secure API Server
|
|
```
|
|
curl -k https://<IP Address>:(8|6)443/swaggerapi
|
|
curl -k https://<IP Address>:(8|6)443/healthz
|
|
curl -k https://<IP Address>:(8|6)443/api/v1
|
|
```
|
|
#### - etcd API
|
|
```
|
|
curl -k https://<IP address>:2379
|
|
curl -k https://<IP address>:2379/version
|
|
```
|
|
#### - Kubelet API
|
|
```
|
|
curl -k https://<IP address>:10250
|
|
curl -k https://<IP address>:10250/metrics
|
|
curl -k https://<IP address>:10250/pods
|
|
```
|
|
#### - kubelet (Read only)
|
|
```
|
|
curl -k https://<IP Address>:10255
|
|
```
|
|
----
|
|
### Tools for detecting misconfigurations in Kubernetes:
|
|
---
|
|
|
|
* [kubeaudit](https://github.com/Shopify/kubeaudit). kubeaudit is a command line tool to audit Kubernetes clusters for various different security concerns: run the container as a non-root user, use a read only root filesystem, drop scary capabilities, don't add new ones, don't run privileged, ...
|
|
* [kubesec.io](https://kubesec.io/). Security risk analysis for Kubernetes resources.
|
|
* [kube-bench](https://github.com/aquasecurity/kube-bench). kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/).
|
|
|
|
* [katacoda](https://katacoda.com/courses/kubernetes). Learn Kubernetes using interactive broser-based scenarios.
|