kube-hunter:is an open-source tool that hunts for security issues in your Kubernetes clusters. It’s designed to increase awareness and visibility of the security controls in Kubernetes environments.
kube-hunter is available as a container (aquasec/kube-hunter), and we also offer a web site at kube-hunter.aquasec.com where you can register online to receive a token allowing you see and share the results online. You can also run the Python code yourself as described below.
Contribute: We welcome contributions, especially new hunter modules that perform additional tests. If you would like to develop your own modules please read Guidelines For Developing Your First kube-hunter Module.
Ref link : https://kube-hunter.aquasec.com/
kube-bench:is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.
"An objective, consensus-driven security guideline for the Kubernetes Server Software."
Note that it is impossible to inspect the master nodes of managed clusters, e.g. GKE, EKS and AKS, using kube-bench as one does not have access to such nodes, although it is still possible to use kube-bench to check worker node configuration in these environments.
Tests are configured with YAML files, making this tool easy to update as test specifications evolve.
CIS Kubernetes Benchmark supportkube-bench supports the tests for Kubernetes as defined in the CIS Benchmarks 1.0.0 to 1.4.0 respectively.
|CIS Kubernetes Benchmark||kube-bench config||Kubernetes versions|
By default kube-bench will determine the test set to run based on the Kubernetes version running on the machine.
Ref Link :