From https://github.com/peachycloudsecurity/EKSi-lite
EKSi-lite is a lightweight CLI tool for white-box testing, focused on enumerating, listing, and auditing Kubernetes resources in Amazon EKS. It offers features such as node listing, RBAC auditing, image reporting, and advanced security checks, including AWS IAM Role permissions, volume mounts, secrets, and storage configurations, helping identify misconfigurations and enumeration in the EKS environment.
Key Features:
- Node & Service Listing β Enumerate nodes, services, persistent volumes, and storage classes
- RBAC Auditing β Audit RBAC roles and analyze risky permissions attached to ServiceAccounts
- Image Security β Scan Docker images for secrets, generate image reports
- AWS Integration β Extract AWS IAM role details, list service account role ARNs
- Security Checks β High and low-level EKS security checks including security context, sensitive mounts, and best practices