github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-05-19 15:49:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into access-secrets-hunter

Browse Source
This commit is contained in:
Liz Rice
2018-11-06 09:08:14 +00:00
committed by GitHub
parent fc0960d3bb df5d0bc3f6
commit 1171c8ae20
7 changed files with 65 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/modules/discovery/hosts.py
View File

@@ -53,7 +53,7 @@ class HostDiscovery(Hunter):
def __init__(self, event):
self.event = event
def execute(self):
def execute(self):
if config.cidr:
try:
ip, sn = config.cidr.split('/')

13
src/modules/report/collector.py
View File

@@ -5,7 +5,13 @@ from src.core.events import handler
from src.core.events.types import Event, Service, Vulnerability, HuntFinished, HuntStarted
import threading
global services_lock
services_lock = threading.Lock()
services = list()
global vulnerabilities_lock
vulnerabilities_lock = threading.Lock()
vulnerabilities = list()
@@ -38,10 +44,13 @@ class Collector(object):
def execute(self):
"""function is called only when collecting data"""
global services, vulnerabilities
global services
global vulnerabilities
bases = self.event.__class__.__mro__
if Service in bases:
services_lock.acquire()
services.append(self.event)
services_lock.release()
import datetime
logging.info("|\n| {name}:\n| type: open service\n| service: {name}\n|_ host: {host}:{port}".format(
host=self.event.host,
@@ -51,7 +60,9 @@ class Collector(object):
))
elif Vulnerability in bases:
vulnerabilities_lock.acquire()
vulnerabilities.append(self.event)
vulnerabilities_lock.release()
logging.info(
"|\n| {name}:\n| type: vulnerability\n| host: {host}:{port}\n| description: \n{desc}".format(
name=self.event.get_name(),

29
src/modules/report/plain.py
View File

@@ -3,8 +3,7 @@ from __future__ import print_function
from prettytable import ALL, PrettyTable
from __main__ import config
from collector import services, vulnerabilities
import threading
from collector import services, vulnerabilities, services_lock, vulnerabilities_lock
EVIDENCE_PREVIEW = 40
MAX_TABLE_WIDTH = 20
@@ -15,11 +14,20 @@ class PlainReporter(object):
def get_report(self):
"""generates report tables"""
output = ""
if len(services):
vulnerabilities_lock.acquire()
vulnerabilities_len = len(services)
vulnerabilities_lock.release()
services_lock.acquire()
services_len = len(vulnerabilities)
services_lock.release()
if services_len:
output += self.nodes_table()
if not config.mapping:
output += self.services_table()
if len(vulnerabilities):
if vulnerabilities_len:
output += self.vulns_table()
else:
output += "\nNo vulnerabilities were found"
@@ -38,11 +46,14 @@ class PlainReporter(object):
nodes_table.header_style = "upper"
# TODO: replace with sets
id_memory = list()
services_lock.acquire()
for service in services:
if service.event_id not in id_memory:
nodes_table.add_row(["Node/Master", service.host])
id_memory.append(service.event_id)
return "\nNodes\n{}\n".format(nodes_table)
nodes_ret = "\nNodes\n{}\n".format(nodes_table)
services_lock.release()
return nodes_ret
def services_table(self):
services_table = PrettyTable(["Service", "Location", "Description"], hrules=ALL)
@@ -52,9 +63,12 @@ class PlainReporter(object):
services_table.sortby = "Service"
services_table.reversesort = True
services_table.header_style = "upper"
services_lock.acquire()
for service in services:
services_table.add_row([service.get_name(), "{}:{}{}".format(service.host, service.port, service.get_path()), service.explain()])
return "\nDetected Services\n{}\n".format(services_table)
detected_services_ret = "\nDetected Services\n{}\n".format(services_table)
services_lock.release()
return detected_services_ret
def vulns_table(self):
column_names = ["Location", "Category", "Vulnerability", "Description", "Evidence"]
@@ -65,9 +79,12 @@ class PlainReporter(object):
vuln_table.reversesort = True
vuln_table.padding_width = 1
vuln_table.header_style = "upper"
vulnerabilities_lock.acquire()
for vuln in vulnerabilities:
row = ["{}:{}".format(vuln.host, vuln.port) if vuln.host else "", vuln.category.name, vuln.get_name(), vuln.explain()]
evidence = str(vuln.evidence)[:EVIDENCE_PREVIEW] + "..." if len(str(vuln.evidence)) > EVIDENCE_PREVIEW else str(vuln.evidence)
row.append(evidence)
vuln_table.add_row(row)
vulnerabilities_lock.release()
return "\nVulnerabilities\n{}\n".format(vuln_table)

9
src/modules/report/yaml.py
View File

@@ -2,8 +2,7 @@ import StringIO
from ruamel.yaml import YAML
from collector import services, vulnerabilities
import threading
from collector import services, vulnerabilities, services_lock, vulnerabilities_lock
class YAMLReporter(object):
def get_report(self):
@@ -20,25 +19,31 @@ class YAMLReporter(object):
def get_nodes(self):
nodes = list()
node_locations = set()
services_lock.acquire()
for service in services:
node_location = str(service.host)
if node_location not in node_locations:
nodes.append({"type": "Node/Master", "location": str(service.host)})
node_locations.add(node_location)
services_lock.release()
return nodes
def get_services(self):
services_lock.acquire()
services_data = [{"service": service.get_name(),
"location": "{}:{}{}".format(service.host, service.port, service.get_path()),
"description": service.explain()}
for service in services]
services_lock.release()
return services_data
def get_vulenrabilities(self):
vulnerabilities_lock.acquire()
vulnerabilities_data = [{"location": "{}:{}".format(vuln.host, vuln.port) if vuln.host else "",
"category": vuln.category.name,
"vulnerability": vuln.get_name(),
"description": vuln.explain(),
"evidence": str(vuln.evidence)}
for vuln in vulnerabilities]
vulnerabilities_lock.release()
return vulnerabilities_data