Kubnerable is an out-cluster vulnerability scanner tool for Kubernetes resources. It comes with a predefined vulnerability
database (vulnerabilities.yaml) with basic pod weaknesses checks.
For testing purposes, there is a Kind setup for bootstrapping a cluster with vulnerable predefined scenarios. For more info, check the following README.
This project was done as part of my Master's Thesis and as an excuse to learn Go from scratch 🐹
- Out-cluster resource vulnerabilities scanning
- Needs a valid Kubeconfig file with read access
- Correlates vulnerabilities with risk and CVSS score
- Allows custom vulnerabilities or checks
❯ ./kubnerable -h
Kubnerable scans all pods and containers of a Kubernetes cluster in search of exploitable vulnerabilities
Usage:
kubnerable [flags]
Examples:
kubnerable -f ../vulnerabilities.yaml
Flags:
-h, --help help for kubnerable
-f, --vuls-file string Vulnerabilities YAML file path, needed for scanning (default "../vulnerabilities.yaml")
- Resource denial of services and the associated scenario
- Network exposure and the associted scenario
- RBAC analysis
Kubnerable is inspired by today's state-of-the-art Kubernetes vulnerability scanners:
- Kubernetes vulnerability mapping inspired by Octarine's KCCSS
- YAML Vulnerability Database inspired by Aqua Security's Kube-Bench