...
Project Name | Scan Tool (vuls, lynis, kube-hunter) | Log Data | |
---|---|---|---|
1 | KNI Industrial Edge | kube-hunter pod.log | / # kube-hunter --remote 10.0.0.3 --pod 2021-08-11 09:15:54,691 INFO kube_hunter.modules.report.collector Started hunting 2021-08-11 09:15:54,691 INFO kube_hunter.modules.report.collector Discovering Open Kubernetes Services 2021-08-11 09:15:54,697 INFO kube_hunter.modules.report.collector Found vulnerability "CAP_NET_RAW Enabled" in Local to Pod (85813518b3cf) 2021-08-11 09:15:54,725 INFO kube_hunter.modules.report.collector Found open service "Etcd" at 10.0.0.3:2379 2021-08-11 09:15:54,751 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.0.0.3:10250 2021-08-11 09:15:54,797 INFO kube_hunter.modules.report.collector Found open service "Unrecognized K8s API" at 10.0.0.3:6443 Nodes +-------------+----------+ | TYPE | LOCATION | +-------------+----------+ | Node/Master | 10.0.0.3 | +-------------+----------+ Detected Services +----------------------+----------------+----------------------+ | SERVICE | LOCATION | DESCRIPTION | +----------------------+----------------+----------------------+ | Unrecognized K8s API | 10.0.0.3:6443 | A Kubernetes API | | | | service | +----------------------+----------------+----------------------+ | Kubelet API | 10.0.0.3:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +----------------------+----------------+----------------------+ | Etcd | 10.0.0.3:2379 | Etcd is a DB that | | | | stores cluster's | | | | data, it contains | | | | configuration and | | | | current | | | | state | | | | information, and | | | | might contain | | | | secrets | +----------------------+----------------+----------------------+ Vulnerabilities For further information about a vulnerability, search its ID in: https://github.com/aquasecurity/kube-hunter/tree/master/docs/_kb +------+----------------------+-------------+---------------------+----------------------+----------+ | ID | LOCATION | CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE | +------+----------------------+-------------+---------------------+----------------------+----------+ | None | Local to Pod | Access Risk | CAP_NET_RAW Enabled | CAP_NET_RAW is | | | | (85813518b3cf) | | | enabled by default | | | | | | | for pods. | | | | | | | If an attacker | | | | | | | manages to | | | | | | | compromise a pod, | | | | | | | they could | | | | | | | potentially take | | | | | | | advantage of this | | | | | | | capability to | | | | | | | perform network | | | | | | | attacks on other | | | | | | | pods running on the | | | | | | | same node | | +------+----------------------+-------------+---------------------+----------------------+----------+ |
2 | KNI Industrial Edge | kube-hunter cluster.log | / # kube-hunter --remote 10.0.0.3 2021-08-11 09:16:02,362 INFO kube_hunter.modules.report.collector Started hunting 2021-08-11 09:16:02,363 INFO kube_hunter.modules.report.collector Discovering Open Kubernetes Services 2021-08-11 09:16:02,394 INFO kube_hunter.modules.report.collector Found open service "Etcd" at 10.0.0.3:2379 2021-08-11 09:16:02,433 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.0.0.3:10250 2021-08-11 09:16:02,468 INFO kube_hunter.modules.report.collector Found open service "Unrecognized K8s API" at 10.0.0.3:6443 Nodes +-------------+----------+ | TYPE | LOCATION | +-------------+----------+ | Node/Master | 10.0.0.3 | +-------------+----------+ Detected Services +----------------------+----------------+----------------------+ | SERVICE | LOCATION | DESCRIPTION | +----------------------+----------------+----------------------+ | Unrecognized K8s API | 10.0.0.3:6443 | A Kubernetes API | | | | service | +----------------------+----------------+----------------------+ | Kubelet API | 10.0.0.3:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +----------------------+----------------+----------------------+ | Etcd | 10.0.0.3:2379 | Etcd is a DB that | | | | stores cluster's | | | | data, it contains | | | | configuration and | | | | current | | | | state | | | | information, and | | | | might contain | | | | secrets | +----------------------+----------------+----------------------+ No vulnerabilities were found |
3 | KNI Provider Access Edge | kube-hunter pod.log | / # kube-hunter --remote 10.0.0.3 --pod 2021-08-11 09:15:54,691 INFO kube_hunter.modules.report.collector Started hunting 2021-08-11 09:15:54,691 INFO kube_hunter.modules.report.collector Discovering Open Kubernetes Services 2021-08-11 09:15:54,697 INFO kube_hunter.modules.report.collector Found vulnerability "CAP_NET_RAW Enabled" in Local to Pod (85813518b3cf) 2021-08-11 09:15:54,725 INFO kube_hunter.modules.report.collector Found open service "Etcd" at 10.0.0.3:2379 2021-08-11 09:15:54,751 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.0.0.3:10250 2021-08-11 09:15:54,797 INFO kube_hunter.modules.report.collector Found open service "Unrecognized K8s API" at 10.0.0.3:6443 Nodes +-------------+----------+ | TYPE | LOCATION | +-------------+----------+ | Node/Master | 10.0.0.3 | +-------------+----------+ Detected Services +----------------------+----------------+----------------------+ | SERVICE | LOCATION | DESCRIPTION | +----------------------+----------------+----------------------+ | Unrecognized K8s API | 10.0.0.3:6443 | A Kubernetes API | | | | service | +----------------------+----------------+----------------------+ | Kubelet API | 10.0.0.3:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +----------------------+----------------+----------------------+ | Etcd | 10.0.0.3:2379 | Etcd is a DB that | | | | stores cluster's | | | | data, it contains | | | | configuration and | | | | current | | | | state | | | | information, and | | | | might contain | | | | secrets | +----------------------+----------------+----------------------+ Vulnerabilities For further information about a vulnerability, search its ID in: https://github.com/aquasecurity/kube-hunter/tree/master/docs/_kb +------+----------------------+-------------+---------------------+----------------------+----------+ | ID | LOCATION | CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE | +------+----------------------+-------------+---------------------+----------------------+----------+ | None | Local to Pod | Access Risk | CAP_NET_RAW Enabled | CAP_NET_RAW is | | | | (85813518b3cf) | | | enabled by default | | | | | | | for pods. | | | | | | | If an attacker | | | | | | | manages to | | | | | | | compromise a pod, | | | | | | | they could | | | | | | | potentially take | | | | | | | advantage of this | | | | | | | capability to | | | | | | | perform network | | | | | | | attacks on other | | | | | | | pods running on the | | | | | | | same node | | +------+----------------------+-------------+---------------------+----------------------+----------+ |
4 | KNI Provider Access Edge | kube-hunter cluster.log | / # kube-hunter --remote 10.0.0.3 2021-08-11 09:16:02,362 INFO kube_hunter.modules.report.collector Started hunting 2021-08-11 09:16:02,363 INFO kube_hunter.modules.report.collector Discovering Open Kubernetes Services 2021-08-11 09:16:02,394 INFO kube_hunter.modules.report.collector Found open service "Etcd" at 10.0.0.3:2379 2021-08-11 09:16:02,433 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.0.0.3:10250 2021-08-11 09:16:02,468 INFO kube_hunter.modules.report.collector Found open service "Unrecognized K8s API" at 10.0.0.3:6443 Nodes +-------------+----------+ | TYPE | LOCATION | +-------------+----------+ | Node/Master | 10.0.0.3 | +-------------+----------+ Detected Services +----------------------+----------------+----------------------+ | SERVICE | LOCATION | DESCRIPTION | +----------------------+----------------+----------------------+ | Unrecognized K8s API | 10.0.0.3:6443 | A Kubernetes API | | | | service | +----------------------+----------------+----------------------+ | Kubelet API | 10.0.0.3:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +----------------------+----------------+----------------------+ | Etcd | 10.0.0.3:2379 | Etcd is a DB that | | | | stores cluster's | | | | data, it contains | | | | configuration and | | | | current | | | | state | | | | information, and | | | | might contain | | | | secrets | +----------------------+----------------+----------------------+ No vulnerabilities were found |
5 | |||
6 | |||
7 | |||
8 | |||
9 | |||
10 | |||
11 | |||
12 | |||
13 | |||
14 | |||
15 | |||
16 | |||
17 | |||
18 | |||
19 | |||
20 | |||
21 | |||
22 | |||
23 | |||
24 | |||
25 | |||
26 | |||
27 | |||
28 | |||
29 | |||
30 | |||
31 | |||
32 |
...