kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster that you don't own! Run kube-hunter: kube-hunter is available as a container (aquasec/kube-hunter), and we also offer a web site at kube-hunter.aquasec.com where you can register online to receive a token allowing you to see and share the results online. You can also run the Python code yourself as described below. Explore vulnerabilities: The kube-hunter knowledge base includes articles about discoverable vulnerabilities and issues. When kube-hunter reports an issue, it will show its VID (Vulnerability ID) so you can look it up in the KB at https://aquasecurity.github.io/kube-hunter/
FEATURES
SIMILAR TOOLS
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
All-in-one vulnerability intelligence platform for prioritizing remediation efforts and driving security strategies.
Simple script to check a domain's email protections and identify vulnerabilities.
A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
Nmap is an essential network scanning tool used for network security auditing and status monitoring.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.