kube-hunter
Penetration testing tool for Kubernetes clusters: active hunting modules for API exposure, services, and misconfigs.
Why it is included
Purple-team friendly open scanner for cluster attack paths you are authorized to test.
Best for
Internal purple team exercises and pre-prod cluster reviews.
Strengths
- Module packs
- Pod/in-cluster modes
- Report output
Limitations
- Use only with explicit cluster owner approval
Good alternatives
kube-bench · commercial K8s pentest
Related tools
Security & Privacy
kube-bench
CIS Kubernetes benchmark checker: run checks against nodes, control plane, etcd, and policies with readable reports.
Security & Privacy
Trivy
All-in-one scanner for container images, IaC, Kubernetes manifests, SBOMs, and VM OS packages with CI integrations.
Security & Privacy
BloodHound
Active Directory attack-path graphing: ingest collectors, map privilege chains, and plan remediations.
Security & Privacy
Metasploit Framework
Modular exploitation framework with payloads, encoders, auxiliaries, and integration points for exploit development.
Security & Privacy
OWASP ZAP
OWASP flagship web app scanner and proxy: automated checks, manual request tampering, scripting, and CI integrations.
Security & Privacy
sqlmap
Automatic SQL injection and database takeover helper with fingerprinting, data exfiltration, and OS-shell paths.