Kubernetes Enumeration
The Hatiyar Kubernetes enumeration suite provides comprehensive visibility into your Kubernetes clusters. Each module focuses on specific K8s resources, providing detailed discovery, configuration analysis, and security assessments.
Available Modules
Section titled “Available Modules”| Module | Description |
|---|---|
| Enum | Comprehensive cluster enumeration orchestrator (runs all specialized modules) |
| K8s Pods | Pod-specific enumeration: containers, volumes, security contexts, resources |
| Secrets | Secrets enumeration and extraction |
| Volumes | Storage enumeration: PVs, PVCs, StorageClasses |
| Namespaces | Namespace enumeration with resource quotas and limits |
Getting Started
Section titled “Getting Started”# Start hatiyar shellhatiyar shell
# List available Kubernetes moduleshatiyar> ls platforms.k8s
# Use a specific modulehatiyar> use platforms.k8s.enumGeneral Kubernetes Setup
Section titled “General Kubernetes Setup”This setup applies to all Kubernetes enumeration modules.
1. Configure Kubernetes Access
Section titled “1. Configure Kubernetes Access”Choose one of these authentication methods:
Option A: Kubeconfig File (Recommended)
Section titled “Option A: Kubeconfig File (Recommended)”The most common method using your existing kubeconfig:
# No additional setup needed if you can already use kubectlset KUBECONFIG ~/.kube/configset CONTEXT <name-of-context>Verify access:
kubectl cluster-infokubectl get nodesOption B: In-Cluster Authentication
Section titled “Option B: In-Cluster Authentication”If running hatiyar inside a Kubernetes pod:
# Use service account token automatically# Set AUTH_METHOD to "in-cluster" in hatiyarOption C: Token Authentication
Section titled “Option C: Token Authentication”Using a service account token:
# Get token from service accountkubectl -n kube-system get secret $(kubectl -n kube-system get sa default -o jsonpath='{.secrets[0].name}') -o jsonpath='{.data.token}' | base64 -d
# Set in hatiyar:set API_SERVER https://your-cluster:6443set TOKEN your-token-hereset AUTH_METHOD tokenOption D: Client Certificates
Section titled “Option D: Client Certificates”Using certificate-based authentication:
set API_SERVER https://your-cluster:6443set CLIENT_CERT_PATH /path/to/client.crtset CLIENT_KEY_PATH /path/to/client.keyset CA_CERT_PATH /path/to/ca.crtset AUTH_METHOD cert2. Testing with Kind (Kubernetes in Docker)
Section titled “2. Testing with Kind (Kubernetes in Docker)”Another lightweight option for local testing:
# Install Kind# https://kind.sigs.k8s.io/docs/user/quick-start/
# Create clusterkind create cluster --name hatiyar-test
# Verifykubectl cluster-info --context kind-hatiyar-test
# Cleanupkind delete cluster --name hatiyar-testBasic Usage
Section titled “Basic Usage”hatiyar> use platforms.k8s.podshatiyar> set namespace defaulthatiyar> runConfiguration Options
Section titled “Configuration Options”hatiyar> use platforms.k8s.podshatiyar> show options
# Target specific namespacehatiyar> set namespace kube-system
# Or enumerate all namespaceshatiyar> set all_namespaces true
# Configure output filehatiyar> set OUTPUT_FILE k8s_pods_results.json
# Run enumerationhatiyar> runContributing New K8s Modules
Section titled “Contributing New K8s Modules”Want to add support for additional K8s resources? See our Contributing Guide