Headlamp, Dozzle, Kafka UI: a live feed of your internals on the public internet

A password-reset link scrolls past in a log viewer. Nobody on your team is looking at it, because nobody on your team opened that URL. A stranger did, found it answering on logs.yoursite.com, and is now watching your application log every request in real time, reset tokens and all.

That's the shape of this whole class of tool. A control panel hands an attacker actions. These hand an attacker a feed. Headlamp streams the state of your Kubernetes cluster. Dozzle streams your container logs as they happen. Kafka UI and Redpanda Console stream the messages flowing through your queues. Each one takes your running system and turns it into something readable and searchable from a browser, which is great for you and even better for someone who shouldn't have it.

These are the close cousins of the Kubernetes Dashboard, Portainer, and MinIO consoles. Those are control planes you act through. This newer crop is the observability layer, the windows you watch your system through, and a window left open is recon at best and live secrets at worst.

What a stranger watches go by

A control-plane leak is a discrete event: someone deploys a pod, drops a queue. A feed leak is continuous. Open the page and it just keeps telling you things.

Dozzle is the sharpest example because logs are where everything ends up. Your app logs a request, and the request had a token in the query string. It logs an error, and the error included the row that errored. Reset links, one-time passwords, session IDs, internal API responses, the occasional stack trace with a connection string in it, all of it streams through Dozzle in real time, and an exposed Dozzle hands that stream to anyone who loads the page. They don't even have to know what they're looking for. They watch and wait.

Headlamp is the recon prize. It's the CNCF web UI for Kubernetes, and an open one is a guided tour of your cluster: every namespace, every pod, every deployment, the names of every secret and config map (and depending on the service account behind it, sometimes the contents), the ingress routes, the whole topology. An attacker doesn't have to map your infrastructure. Headlamp already did it for them.

Then the message brokers. Kafka UI and Redpanda Console exist to let you browse topics, read individual messages, and inspect consumer groups. The whole point is making the contents of your queues human-readable. So when one is public, a stranger browses your topics by name (which alone tells them what you process), opens recent messages, and reads the payloads. Those payloads are events: orders, signups, profile updates, the things that move between your services, and they carry exactly the customer PII you'd least like a stranger reading one record at a time.

Four feeds, four open windows

Same exposure, four different views into your running system.

• Headlamp is rated critical because it's the cluster laid bare. The state of everything you run, the names of your secrets, your routes and services, served to anyone who finds it. Even read-only it's the best reconnaissance an attacker could ask for, and it's where a cluster compromise starts.
• Dozzle is high because live logs are where secrets go to be accidentally printed. The danger isn't a one-time dump; it's that the stream never stops, so whatever your app logs, an attacker eventually sees.
• Kafka UI (the Kafbat project) is high because your topics carry your real event data. Browse the topics, open the messages, read the PII inside.
• Redpanda Console is high for the same reason against a Redpanda or Kafka cluster: topic and message exploration that turns your event stream into a readable feed.

Why these end up public

It's the familiar path, and the convenience is real, which is why it bites. You run Dozzle alongside your containers so you can tail logs from a browser instead of SSHing in, expose it on a subdomain to reach it from your phone, and that subdomain answers the whole internet, not just you. You stand up Headlamp following a quickstart that proxies it out, and the proxy outlives the afternoon you needed it. Kafka UI and Redpanda Console get wired up so the team can debug the pipeline, on a public host because that was the fast path, and the debugging ends but the panel doesn't. None of them announce that they're exposed. They sit there serving the feed, and the way you find out is a scan or a breach.

Reading it from outside, no login

Here's the part that should reassure you: this is checkable from where the attacker stands. You don't need a pentest or an agent inside the cluster to know one of these is open. You need to load the URL the way a stranger would.

That's the check SurfaceCheckr runs, from outside, with no credentials. Each tool gets fingerprinted on its own distinctive markup, never a bare 200: Headlamp on its headlampBaseUrl marker, Dozzle on its title plus the config JSON it injects, Kafka UI on window.__assetsPathBuilder, Redpanda Console on window.ENABLED_FEATURES. So a hit confirms the real tool rather than a page that merely mentions it, and you don't get a false alarm. The scan reads only what the panel serves anonymously and stops. It never opens a log line, browses a topic, or reads a message, because it stays passive, the same boundary that applies to the internal dashboards a team forgets to wall off. The finding is simply this: your system's live feed is answering the public internet. Run a scan and find out whether yours is, before the stranger watching the stream does it for you.