Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


kube-hunter is a security app created by Aqua Security in order to increase awareness and visibility for security issues in Kubernetes environments.

Getting started

To run the plugin, just grab the plugin defintion (kube-hunter-plugin.yaml) and run:

sonobuoy run -f kube-hunter-plugin.yaml --wait

The plugin creates a JSON document which lists all the known issues. This can be found in the resulting Sonobuoy tarball.

To download the tarball, run:

outfile=$(sonobuoy retrieve)

The tarball can be manually inspected or you can use the command below to dump the JSON data generated by the plugin:

sonobuoy results $outfile --plugin kube-hunter --mode=detailed --skip-prefix


Our image

The plugin definition provided here (kube-hunter-plugin.yaml) utilizes a manually built Docker image from the kube-hunter source. Using this image is the default.

Upstream image

Alternatively, Aqua Security provides a pre-built image (aquasec/kube-hunter) which includes additional code (closed source) for uploading results into a report that can be viewed via their site.

See the README for more details.

If you'd like to use this image, just change the name of the image in kube-hunter-plugin.yaml

Your own image

Lastly, similar to the sonobuoy/kube-hunter image, you can manually build your own image from the upstream kube-hunter code.

If you'd like to use your own image you'll need to:

  • clone their repo
  • use docker build to build your own image
  • push the image to a registry
  • update the kube-hunter-plugin.yaml to reference your image
You can’t perform that action at this time.