k8tls
k8tls copied to clipboard
k8tls (pronounced cattles), to assess server port security by detecting its TLS and certificates configuration.
Related to #26
Currently [k8tls](https://github.com/kubearmor/k8tls) can only scan/verify Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) so extend it to support following: - [ ] API Gateways - [ ] Load Balancers - [ ] Ingress & [Virtual Service](https://istio.io/latest/docs/reference/config/networking/virtual-service/)...
Currently k8tls reports mostly for east-west traffic based on k8s services. However, the external traffic is delivered through virtualservices, gateways, and ingress controllers. It should be possible to scan these...
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) Welcome to [Renovate](https://togithub.com/renovatebot/renovate)! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin. 🚦 To activate Renovate, merge this Pull Request....
- [ ] ignore list - [ ] namespaces/service-name regex - [ ] specific addresses - [ ] output file path (how to do this?)
- [x] CI action to update the docker image - [x] Keep the docker image in the kubearmor docker hub repo. - [x] add basic system tests and automate it...
* add support for ECS * ECS with both launch types {EC2, Fargate}
Created a json file `config/nist-sp-800-52.json` to keep NIST recommended and non recommended ciphersuites. And updated `tlsscan` to parse it using `jq` and invoke `openssl s_client` multiple times to scan each...
* The best way to keep the KubeTLS report is in a k8s CRD. * The job itself should be converted to CronJob. * The Resource should contain: * Report...
It will be important to explain the differentiation. - [ ] JA3 fingerprinting - [ ] [tls-scan](https://github.com/prbinu/tls-scan) - [ ] [Mitigating-Obsolete-TLS](https://github.com/nsacyber/Mitigating-Obsolete-TLS) - [ ] [Gauntletwizard KubeTLS](https://gitlab.com/gauntletwizard_net/kubetls) - [ ] [tls-inspector](https://github.com/tls-inspector/tls-inspector)...