Merge branch 'master' into refresh_workflows

2026-05-06 09:18:36 +00:00 · 2020-12-03 17:23:32 +02:00
parent caf476e777 b9e0ef30e8
commit 14f7b51160
2 changed files with 10 additions and 13 deletions
--- a/kube_hunter/modules/discovery/hosts.py
+++ b/kube_hunter/modules/discovery/hosts.py
@@ -5,8 +5,7 @@ import requests

 from enum import Enum
 from netaddr import IPNetwork, IPAddress, AddrFormatError
-from netifaces import AF_INET, ifaddresses, interfaces
-from scapy.all import ICMP, IP, Ether, srp1
+from netifaces import AF_INET, ifaddresses, interfaces, gateways

 from kube_hunter.conf import get_config
 from kube_hunter.core.events import handler
@@ -109,7 +108,7 @@ class FromPodHostDiscovery(Discovery):
            if self.is_azure_pod():
                subnets, cloud = self.azure_metadata_discovery()
            else:
-                subnets = self.traceroute_discovery()
+                subnets = self.gateway_discovery()

            should_scan_apiserver = False
            if self.event.kubeservicehost:
@@ -141,14 +140,9 @@ class FromPodHostDiscovery(Discovery):
            return False

    # for pod scanning
-    def traceroute_discovery(self):
-        config = get_config()
-        node_internal_ip = srp1(
-            Ether() / IP(dst="1.1.1.1", ttl=1) / ICMP(),
-            verbose=0,
-            timeout=config.network_timeout,
-        )[IP].src
-        return [[node_internal_ip, "24"]]
+    def gateway_discovery(self):
+        """ Retrieving default gateway of pod, which is usually also a contact point with the host """
+        return [[gateways()["default"][AF_INET][0], "24"]]

    # querying azure's interface metadata api | works only from a pod
    def azure_metadata_discovery(self):
--- a/kube_hunter/modules/hunting/apiserver.py
+++ b/kube_hunter/modules/hunting/apiserver.py
@@ -56,16 +56,19 @@ class ServerApiHTTPAccess(Vulnerability, Event):


 class ApiInfoDisclosure(Vulnerability, Event):
+    """Information Disclosure depending upon RBAC permissions and Kube-Cluster Setup"""
+
    def __init__(self, evidence, using_token, name):
+        category = InformationDisclosure
        if using_token:
-            name += " using service account token"
+            name += " using default service account token"
        else:
            name += " as anonymous user"
        Vulnerability.__init__(
            self,
            KubernetesCluster,
            name=name,
-            category=InformationDisclosure,
+            category=category,
            vid="KHV007",
        )
        self.evidence = evidence