Overview
kube-hunter, developed by Aqua Security, is an industry-standard open-source tool designed to proactively identify security weaknesses in Kubernetes clusters. Its architecture focuses on the 'attacker's perspective,' offering three distinct scanning modes: Remote (probing external IP/DNS), Interface (scanning network interfaces), and Network (scanning specific subnets). In the 2026 landscape, while many cloud-native security tools have consolidated into massive CNAPP suites, kube-hunter remains the go-to utility for deep, tactical hunting that goes beyond simple configuration checks. It probes for common misconfigurations and exploitable vulnerabilities in etcd, the Kubelet, and the Kubernetes API server. The tool is modular, allowing security researchers to write custom hunters in Python to keep pace with zero-day threats. Its ability to perform 'Active Hunting'—where it attempts to exploit found vulnerabilities to prove risk—sets it apart from passive scanners. This makes it a critical asset for Red Teams and DevSecOps engineers who need to validate the actual exploitability of their cluster's security posture before it is targeted by malicious actors.