Documentation
Overview¶
The Kubernetes Security Scanning Tool (kube-scan
) helps you identify security vulnerabilities in Kubernetes clusters. This tool supports external scanning and provides a detailed HTML report for further analysis.
Installation¶
To use the tool, first pull the Docker image from the private repository:
Private Repo Access
Please note that this is a private repo, and unless you've been explicitly granted access, you will be unable to pull this image.
Usage¶
To run the tool, use the following docker run
command format:
Arguments:
--target
(required): Specify the IP or hostname of the Kubernetes API server to target.--mode
(required): Choose the scanning mode:external
: Simulates attacks from outside the cluster.internal
: Simulates attacks from within the cluster (under active development).
-p 8000:8000
: Maps the internal HTTP server to your local machine's port 8000.
Feature Development
Launching scans via the user interface is under active development and not included in the latest release.
Accessing the Report¶
Once the scan completes, the tool automatically generates an HTML report and serves it via a simple HTTP server.
-
Open your browser and navigate to the following URL to view the report at http://localhost:8000/report.html.
-
To stop the server, press
CTRL+C
in the terminal running the tool.
Example Commands¶
Example 1: External Scan of a Kubernetes Cluster
Run an external scan targeting the API server at 10.254.18.39
:
After the scan is complete:
- Open the report in your browser at http://localhost:8000/report.html.
- Stop the server with
CTRL+C
when you're done.
Example 2: Specifying a Custom Port for the Report Server
By default, the report server runs on port 8000. If port 8000 is already in use, you can specify a custom port with the --port
argument:
docker run --rm -p 8080:8000 braundo30/kube-scan:latest --target 10.254.18.39 --mode external --port 8080
- Access the report at http://localhost:8080/report.html.
- Stop the server with
CTRL+C
when you're done.
Tips and Best Practices¶
Ensure Access to the Target API Server
- The
--target
argument must specify an API server endpoint accessible from the machine running the Docker container.
Output Directory
- By default, the report is served directly via the internal web server. You don't need to manage any files manually.
Keeping the Tool Updated
- Periodically pull the latest version of the Docker image to ensure you have the most recent security checks:
Customizing Docker Commands
- Use volume mounts (
-v
) if you want to persist logs or files generated by future updates of the tool.
Troubleshooting¶
Error: python: can't open file '/app/main.py': [Errno 2] No such file or directory
- Ensure you are using the correct
docker run
command and targeting the appropriate API server.
Can't Access the Report in Browser
- Verify that the port mapping (
-p
) in thedocker run
command matches the URL you are using to access the report. - Confirm that the Docker container is running and has not been stopped.
Scanner taking a long time to complete.
- Some tests (e.g., DNS spoofing) may take longer depending on the target's configuration. Be patient, and allow the tool to complete all tests.
Feedback and Support¶
If you encounter any issues or have feature requests, please contact me at [email protected].
Enjoy using the Kubernetes Security Scanning Tool to secure your clusters!