2024-10-29 10:12:08,335 INFO kube_hunter.modules.report.collector Started hunting 2024-10-29 10:12:08,336 INFO kube_hunter.modules.report.collector Discovering Open Kubernetes Services 2024-10-29 10:12:08,594 INFO kube_hunter.modules.report.collector Found open service "Etcd" at 10.32.240.126:2379 2024-10-29 10:12:08,701 INFO kube_hunter.modules.report.collector Found open service "Etcd" at 10.32.242.214:2379 2024-10-29 10:12:08,712 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.32.241.155:10250 2024-10-29 10:12:08,830 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.32.241.138:10250 2024-10-29 10:12:08,845 INFO kube_hunter.modules.report.collector Found open service "Etcd" at 10.32.240.45:2379 2024-10-29 10:12:08,852 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.32.240.209:10250 2024-10-29 10:12:08,858 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.32.242.150:10250 2024-10-29 10:12:08,911 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.32.240.126:10250 2024-10-29 10:12:08,987 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.32.240.106:10250 2024-10-29 10:12:09,055 INFO kube_hunter.modules.report.collector Found vulnerability "Certificate Includes Email Address" in 10.32.241.155:10250 2024-10-29 10:12:09,286 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.32.243.63:10250 2024-10-29 10:12:09,312 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.32.240.45:10250 2024-10-29 10:12:09,318 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.32.243.47:10250 2024-10-29 10:12:09,496 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.32.243.212:10250 2024-10-29 10:12:09,639 INFO kube_hunter.modules.report.collector Found open service "Kubelet API" at 10.32.242.214:10250 2024-10-29 10:12:09,839 INFO kube_hunter.modules.report.collector Found open service "API Server" at 10.32.240.126:6443 2024-10-29 10:12:09,926 INFO kube_hunter.modules.report.collector Found open service "API Server" at 10.32.242.214:6443 2024-10-29 10:12:09,941 INFO kube_hunter.modules.report.collector Found vulnerability "K8s Version Disclosure" in 10.32.240.126:6443 2024-10-29 10:12:10,026 INFO kube_hunter.modules.report.collector Found open service "API Server" at 10.32.240.45:6443 2024-10-29 10:12:10,081 INFO kube_hunter.modules.report.collector Found vulnerability "K8s Version Disclosure" in 10.32.242.214:6443 2024-10-29 10:12:10,172 INFO kube_hunter.modules.report.collector Found vulnerability "K8s Version Disclosure" in 10.32.240.45:6443 Nodes +-------------+---------------+ | TYPE | LOCATION | +-------------+---------------+ | Node/Master | 10.32.243.63 | +-------------+---------------+ | Node/Master | 10.32.243.47 | +-------------+---------------+ | Node/Master | 10.32.243.212 | +-------------+---------------+ | Node/Master | 10.32.242.214 | +-------------+---------------+ | Node/Master | 10.32.242.150 | +-------------+---------------+ | Node/Master | 10.32.241.155 | +-------------+---------------+ | Node/Master | 10.32.241.138 | +-------------+---------------+ | Node/Master | 10.32.240.45 | +-------------+---------------+ | Node/Master | 10.32.240.209 | +-------------+---------------+ | Node/Master | 10.32.240.126 | +-------------+---------------+ | Node/Master | 10.32.240.106 | +-------------+---------------+ Detected Services +-------------+---------------------+----------------------+ | SERVICE | LOCATION | DESCRIPTION | +-------------+---------------------+----------------------+ | Kubelet API | 10.32.243.63:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+---------------------+----------------------+ | Kubelet API | 10.32.243.47:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+---------------------+----------------------+ | Kubelet API | 10.32.243.212:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+---------------------+----------------------+ | Kubelet API | 10.32.242.214:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+---------------------+----------------------+ | Kubelet API | 10.32.242.150:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+---------------------+----------------------+ | Kubelet API | 10.32.241.155:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+---------------------+----------------------+ | Kubelet API | 10.32.241.138:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+---------------------+----------------------+ | Kubelet API | 10.32.240.45:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+---------------------+----------------------+ | Kubelet API | 10.32.240.209:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+---------------------+----------------------+ | Kubelet API | 10.32.240.126:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+---------------------+----------------------+ | Kubelet API | 10.32.240.106:10250 | The Kubelet is the | | | | main component in | | | | every Node, all pod | | | | operations goes | | | | through the kubelet | +-------------+---------------------+----------------------+ | Etcd | 10.32.242.214:2379 | Etcd is a DB that | | | | stores cluster's | | | | data, it contains | | | | configuration and | | | | current | | | | state | | | | information, and | | | | might contain | | | | secrets | +-------------+---------------------+----------------------+ | Etcd | 10.32.240.45:2379 | Etcd is a DB that | | | | stores cluster's | | | | data, it contains | | | | configuration and | | | | current | | | | state | | | | information, and | | | | might contain | | | | secrets | +-------------+---------------------+----------------------+ | Etcd | 10.32.240.126:2379 | Etcd is a DB that | | | | stores cluster's | | | | data, it contains | | | | configuration and | | | | current | | | | state | | | | information, and | | | | might contain | | | | secrets | +-------------+---------------------+----------------------+ | API Server | 10.32.242.214:6443 | The API server is in | | | | charge of all | | | | operations on the | | | | cluster. | +-------------+---------------------+----------------------+ | API Server | 10.32.240.45:6443 | The API server is in | | | | charge of all | | | | operations on the | | | | cluster. | +-------------+---------------------+----------------------+ | API Server | 10.32.240.126:6443 | The API server is in | | | | charge of all | | | | operations on the | | | | cluster. | +-------------+---------------------+----------------------+ Vulnerabilities For further information about a vulnerability, search its ID in: https://avd.aquasec.com/ +--------+---------------------+----------------------+----------------------+----------------------+------------------+ | ID | LOCATION | MITRE CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE | +--------+---------------------+----------------------+----------------------+----------------------+------------------+ | KHV021 | 10.32.241.155:10250 | Initial Access // | Certificate Includes | The Kubernetes API | email: b'N_@P.m' | | | | General Sensitive | Email Address | Server advertises a | | | | | Information | | public certificate | | | | | | | for TLS. | | | | | | | This certificate | | | | | | | includes an email | | | | | | | address, that may | | | | | | | provide additional | | | | | | | information for an | | | | | | | attacker on your | | | | | | | organization, or | | | | | | | be abused for | | | | | | | further email based | | | | | | | attacks. | | +--------+---------------------+----------------------+----------------------+----------------------+------------------+ | KHV002 | 10.32.242.214:6443 | Initial Access // | K8s Version | The kubernetes | v1.28.6 | | | | Exposed sensitive | Disclosure | version could be | | | | | interfaces | | obtained from the | | | | | | | /version endpoint | | +--------+---------------------+----------------------+----------------------+----------------------+------------------+ | KHV002 | 10.32.240.45:6443 | Initial Access // | K8s Version | The kubernetes | v1.28.6 | | | | Exposed sensitive | Disclosure | version could be | | | | | interfaces | | obtained from the | | | | | | | /version endpoint | | +--------+---------------------+----------------------+----------------------+----------------------+------------------+ | KHV002 | 10.32.240.126:6443 | Initial Access // | K8s Version | The kubernetes | v1.28.6 | | | | Exposed sensitive | Disclosure | version could be | | | | | interfaces | | obtained from the | | | | | | | /version endpoint | | +--------+---------------------+----------------------+----------------------+----------------------+------------------+