GitBook: [master] one page modified

pentesting/pentesting-kubernetes/pentesting-kubernetes-from-the-outside.md

@@ -25,6 +25,49 @@ The following ports might be open in a Kubernetes cluster:
 | 9099/TCP | calico-felix | Health check server for Calico |
 | 6782-4/TCP | weave | Metrics and endpoints |
 
+#### cAdvisor
+
+```text
+curl -k https://<IP Address>:4194
+```
+
+#### Insecure API server
+
+```text
+curl -k https://<IP Address>:8080
+```
+
+#### Secure API Server
+
+```text
+curl -k https://<IP Address>:(8|6)443/swaggerapi
+curl -k https://<IP Address>:(8|6)443/healthz
+curl -k https://<IP Address>:(8|6)443/api/v1
+```
+
+#### etcd API
+
+```text
+curl -k https://<IP address>:2379
+curl -k https://<IP address>:2379/version
+etcdctl --endpoints=http://<MASTER-IP>:2379 get / --prefix --keys-only
+```
+
+#### Kubelet API
+
+```text
+curl -k https://<IP address>:10250
+curl -k https://<IP address>:10250/metrics
+curl -k https://<IP address>:10250/pods
+```
+
+#### kubelet \(Read only\)
+
+```text
+curl -k https://<IP Address>:10255
+http://<external-IP>:10255/pods
+```
+
 ### Remote Cluster Misconfigurations
 
 By **default**, API endpoints are **forbidden** to **anonymous** access. But it’s always a good idea to check if there are any **insecure endpoints that expose sensitive information**: