From 693d668d0a39f878526c1eb29fb378392b241e17 Mon Sep 17 00:00:00 2001 From: RDxR10 Date: Sat, 28 Nov 2020 23:11:06 +0530 Subject: [PATCH 1/2] Update apiserver.py (#397) * Update apiserver.py Added description of KHV007 * fixed linting issues Co-authored-by: danielsagi --- kube_hunter/modules/hunting/apiserver.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/kube_hunter/modules/hunting/apiserver.py b/kube_hunter/modules/hunting/apiserver.py index 4dfcc19..f019680 100644 --- a/kube_hunter/modules/hunting/apiserver.py +++ b/kube_hunter/modules/hunting/apiserver.py @@ -56,16 +56,19 @@ class ServerApiHTTPAccess(Vulnerability, Event): class ApiInfoDisclosure(Vulnerability, Event): + """Information Disclosure depending upon RBAC permissions and Kube-Cluster Setup""" + def __init__(self, evidence, using_token, name): + category = InformationDisclosure if using_token: - name += " using service account token" + name += " using default service account token" else: name += " as anonymous user" Vulnerability.__init__( self, KubernetesCluster, name=name, - category=InformationDisclosure, + category=category, vid="KHV007", ) self.evidence = evidence From b9e0ef30e8470d9e95a9469eed22121fb8daa90d Mon Sep 17 00:00:00 2001 From: danielsagi Date: Thu, 3 Dec 2020 17:11:18 +0200 Subject: [PATCH 2/2] Removed Old Dependency For CAP_NET_RAW (#416) * removed old dependency for cap_net_raw, by stop usage of tracerouting when running as a pod * removed unused imports --- kube_hunter/modules/discovery/hosts.py | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/kube_hunter/modules/discovery/hosts.py b/kube_hunter/modules/discovery/hosts.py index afc1594..5302aa6 100644 --- a/kube_hunter/modules/discovery/hosts.py +++ b/kube_hunter/modules/discovery/hosts.py @@ -5,8 +5,7 @@ import requests from enum import Enum from netaddr import IPNetwork, IPAddress, AddrFormatError -from netifaces import AF_INET, ifaddresses, interfaces -from scapy.all import ICMP, IP, Ether, srp1 +from netifaces import AF_INET, ifaddresses, interfaces, gateways from kube_hunter.conf import get_config from kube_hunter.core.events import handler @@ -109,7 +108,7 @@ class FromPodHostDiscovery(Discovery): if self.is_azure_pod(): subnets, cloud = self.azure_metadata_discovery() else: - subnets = self.traceroute_discovery() + subnets = self.gateway_discovery() should_scan_apiserver = False if self.event.kubeservicehost: @@ -141,14 +140,9 @@ class FromPodHostDiscovery(Discovery): return False # for pod scanning - def traceroute_discovery(self): - config = get_config() - node_internal_ip = srp1( - Ether() / IP(dst="1.1.1.1", ttl=1) / ICMP(), - verbose=0, - timeout=config.network_timeout, - )[IP].src - return [[node_internal_ip, "24"]] + def gateway_discovery(self): + """ Retrieving default gateway of pod, which is usually also a contact point with the host """ + return [[gateways()["default"][AF_INET][0], "24"]] # querying azure's interface metadata api | works only from a pod def azure_metadata_discovery(self):