etcd commenting

2026-05-11 03:37:52 +00:00 · 2018-12-03 20:15:36 +02:00
parent bb52711c41
commit 3d263382e9
2 changed files with 8 additions and 4 deletions
--- a/src/modules/discovery/etcd.py
+++ b/src/modules/discovery/etcd.py
@@ -18,8 +18,7 @@ class EtcdAccessEvent(Service, Event):

@handler.subscribe(OpenPortEvent, predicate= lambda p: p.port == 2379)
 class EtcdRemoteAccess(Hunter):
-    """Etcd Remote Access
-    Checks for remote availability of etcd, version, read access, write access
+    """Etcd open service
    """
    def __init__(self, event):
        self.event = event
--- a/src/modules/hunting/etcd.py
+++ b/src/modules/hunting/etcd.py
@@ -7,6 +7,7 @@ from ...core.events.types import Vulnerability, Event, OpenPortEvent
 from ...core.types import ActiveHunter, Hunter, KubernetesCluster, InformationDisclosure, RemoteCodeExec, \
    UnauthenticatedAccess, AccessRisk

+
 """ Vulnerabilities """
 class EtcdRemoteWriteAccessEvent(Vulnerability, Event):
    """Remote write access might grant an attacker full control over the kubernetes cluster"""
@@ -15,6 +16,7 @@ class EtcdRemoteWriteAccessEvent(Vulnerability, Event):
        Vulnerability.__init__(self, KubernetesCluster, name="Etcd Remote Write Access Event", category=RemoteCodeExec)
        self.evidence = write_res

+
 class EtcdRemoteReadAccessEvent(Vulnerability, Event):
    """Remote read access might expose to an attacker cluster's possible exploits, secrets and more."""

@@ -22,6 +24,7 @@ class EtcdRemoteReadAccessEvent(Vulnerability, Event):
        Vulnerability.__init__(self, KubernetesCluster,  name="Etcd Remote Read Access Event", category=AccessRisk)
        self.evidence = keys

+
 class EtcdRemoteVersionDisclosureEvent(Vulnerability, Event):
    """Remote version disclosure might give an attacker a valuable data to attack a cluster"""

@@ -30,6 +33,7 @@ class EtcdRemoteVersionDisclosureEvent(Vulnerability, Event):
                               category=InformationDisclosure)
        self.evidence = version

+
 class EtcdAccessEnabledWithoutAuthEvent(Vulnerability, Event):
    """Etcd is accessible using HTTP (without authorization and authentication), it would allow a potential attacker to
     gain access to the etcd"""
@@ -39,11 +43,12 @@ class EtcdAccessEnabledWithoutAuthEvent(Vulnerability, Event):
                               category=UnauthenticatedAccess)
        self.evidence = version

+
 # Active Hunter
@handler.subscribe(OpenPortEvent, predicate=lambda p: p.port == 2379)
 class EtcdRemoteAccessActive(ActiveHunter):
    """Etcd Remote Access
-    Checks for remote write access to etcd"""
+    Checks for remote write access to etcd- will attempt to add a new key to the etcd DB"""

    def __init__(self, event):
        self.event = event
@@ -71,7 +76,7 @@ class EtcdRemoteAccessActive(ActiveHunter):
@handler.subscribe(OpenPortEvent, predicate=lambda p: p.port == 2379)
 class EtcdRemoteAccess(Hunter):
    """Etcd Remote Access
-    Checks for remote availability of etcd, version, read access, write access
+    Checks for remote availability of etcd, its version, and read access to the DB
    """

    def __init__(self, event):