From 12c416e643f3134160f6f69aea4da0bdc77b9199 Mon Sep 17 00:00:00 2001 From: "ori.agmon" Date: Sun, 30 Sep 2018 14:39:37 +0300 Subject: [PATCH] Added more logging to most of the hunters. --- src/modules/discovery/apiserver.py | 2 ++ src/modules/discovery/dashboard.py | 1 + src/modules/discovery/kubelet.py | 3 +++ src/modules/discovery/ports.py | 3 ++- src/modules/discovery/proxy.py | 1 + src/modules/hunting/certificates.py | 3 ++- src/modules/hunting/dashboard.py | 1 + src/modules/hunting/kubelet.py | 2 ++ 8 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/modules/discovery/apiserver.py b/src/modules/discovery/apiserver.py index ffb7bc6..2b6e8d0 100644 --- a/src/modules/discovery/apiserver.py +++ b/src/modules/discovery/apiserver.py @@ -1,4 +1,5 @@ import requests +import logging from ...core.types import Hunter from ...core.events import handler @@ -24,6 +25,7 @@ class ApiServerDiscovery(Hunter): self.event = event def execute(self): + logging.debug("Passive hunter is attempting to find an Api server") main_request = requests.get("https://{}:{}".format(self.event.host, self.event.port), verify=False).text if "code" in main_request: self.event.role = "Master" diff --git a/src/modules/discovery/dashboard.py b/src/modules/discovery/dashboard.py index c142b9b..947d81d 100644 --- a/src/modules/discovery/dashboard.py +++ b/src/modules/discovery/dashboard.py @@ -23,6 +23,7 @@ class KubeDashboard(Hunter): @property def secure(self): + logging.debug("Passive hunter is attempting to find an Api server to access dashboard") r = requests.get("http://{}:{}/api/v1/service/default".format(self.event.host, self.event.port)) if "listMeta" in r.text and len(json.loads(r.text)["errors"]) == 0: return False diff --git a/src/modules/discovery/kubelet.py b/src/modules/discovery/kubelet.py index b79427e..572eb0c 100644 --- a/src/modules/discovery/kubelet.py +++ b/src/modules/discovery/kubelet.py @@ -39,11 +39,13 @@ class KubeletDiscovery(Hunter): def get_read_only_access(self): logging.debug(self.event.host) + logging.debug("Passive hunter is attempting to get kubelet read access") r = requests.get("http://{host}:{port}/pods".format(host=self.event.host, port=self.event.port)) if r.status_code == 200: self.publish_event(ReadOnlyKubeletEvent()) def get_secure_access(self): + logging.debug("Attempting to get kubelet secure access") ping_status = self.ping_kubelet() if ping_status == 200: self.publish_event(SecureKubeletEvent(secure=False)) @@ -53,6 +55,7 @@ class KubeletDiscovery(Hunter): self.publish_event(SecureKubeletEvent(secure=True, anonymous_auth=False)) def ping_kubelet(self): + logging.debug("Attempting to ping kubelet") try: return requests.get("https://{host}:{port}/pods".format(host=self.event.host, port=self.event.port), verify=False).status_code except Exception as ex: diff --git a/src/modules/discovery/ports.py b/src/modules/discovery/ports.py index d0fb619..d4e6aaf 100644 --- a/src/modules/discovery/ports.py +++ b/src/modules/discovery/ports.py @@ -20,9 +20,10 @@ class PortDiscovery(Hunter): self.port = event.port def execute(self): - logging.debug("host {0} try ports {1}".format(self.host, default_ports)) + logging.debug("host {0} try reach ports: {1}".format(self.host, default_ports)) for single_port in default_ports: if self.test_connection(self.host, single_port): + logging.debug("Reachable port found: {0}".format(single_port)) self.publish_event(OpenPortEvent(port=single_port)) @staticmethod diff --git a/src/modules/discovery/proxy.py b/src/modules/discovery/proxy.py index 039213d..5b57ec8 100644 --- a/src/modules/discovery/proxy.py +++ b/src/modules/discovery/proxy.py @@ -25,6 +25,7 @@ class KubeProxy(Hunter): @property def accesible(self): + logging.debug("Passive hunter is attempting to access a proxy service") r = requests.get("http://{host}:{port}/api/v1".format(host=self.host, port=self.port)) if r.status_code == 200 and "APIResourceList" in r.text: return True diff --git a/src/modules/hunting/certificates.py b/src/modules/hunting/certificates.py index eab96fc..caf2ef4 100644 --- a/src/modules/hunting/certificates.py +++ b/src/modules/hunting/certificates.py @@ -21,13 +21,14 @@ class CertificateEmail(Vulnerability, Event): @handler.subscribe(Service) class CertificateDiscovery(Hunter): """Certificate Email Hunting - Checks for email addresses in kuberntes ssl certificates + Checks for email addresses in kubernetes ssl certificates """ def __init__(self, event): self.event = event def execute(self): try: + logging.debug("Active hunter is attempting to get server certificate") addr = (str(self.event.host), self.event.port) cert = ssl.get_server_certificate(addr) except ssl.SSLError as e: diff --git a/src/modules/hunting/dashboard.py b/src/modules/hunting/dashboard.py index e1bd517..fa2e6fb 100644 --- a/src/modules/hunting/dashboard.py +++ b/src/modules/hunting/dashboard.py @@ -23,6 +23,7 @@ class KubeDashboard(Hunter): self.event = event def get_nodes(self): + logging.debug("Active hunter is attempting to get nodes types of the cluster") r = requests.get("http://{}:{}/api/v1/node".format(self.event.host, self.event.port)) if r.status_code == 200 and "nodes" in r.text: return list(map(lambda node: node["objectMeta"]["name"], json.loads(r.text)["nodes"])) diff --git a/src/modules/hunting/kubelet.py b/src/modules/hunting/kubelet.py index 1270219..330448b 100644 --- a/src/modules/hunting/kubelet.py +++ b/src/modules/hunting/kubelet.py @@ -91,6 +91,7 @@ class ReadOnlyKubeletPortHunter(Hunter): self.pods_endpoint_data = "" def get_k8s_version(self): + logging.debug("Active hunter is attempting to find kubernetes version") metrics = requests.get(self.path + "metrics").text for line in metrics.split("\n"): if line.startswith("kubernetes_build_info"): @@ -101,6 +102,7 @@ class ReadOnlyKubeletPortHunter(Hunter): # returns list of tuples of Privileged container and their pod. def find_privileged_containers(self): + logging.debug("Active hunter is attempting to find privileged containers and their pods") privileged_containers = list() if self.pods_endpoint_data: for pod in self.pods_endpoint_data["items"]: