From 3d263382e946ed9b1f833ea3a6d83d6d60ad4ca2 Mon Sep 17 00:00:00 2001
From: oriagmon <oriagmon1@gmail.com>
Date: Mon, 3 Dec 2018 20:15:36 +0200
Subject: [PATCH] etcd commenting

---
 src/modules/discovery/etcd.py | 3 +--
 src/modules/hunting/etcd.py   | 9 +++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/modules/discovery/etcd.py b/src/modules/discovery/etcd.py
index 3e92540..1024edd 100644
--- a/src/modules/discovery/etcd.py
+++ b/src/modules/discovery/etcd.py
@@ -18,8 +18,7 @@ class EtcdAccessEvent(Service, Event):
 
 @handler.subscribe(OpenPortEvent, predicate= lambda p: p.port == 2379)
 class EtcdRemoteAccess(Hunter):
-    """Etcd Remote Access
-    Checks for remote availability of etcd, version, read access, write access
+    """Etcd open service
     """
     def __init__(self, event):
         self.event = event
diff --git a/src/modules/hunting/etcd.py b/src/modules/hunting/etcd.py
index a9d8e1a..a92b4bc 100644
--- a/src/modules/hunting/etcd.py
+++ b/src/modules/hunting/etcd.py
@@ -7,6 +7,7 @@ from ...core.events.types import Vulnerability, Event, OpenPortEvent
 from ...core.types import ActiveHunter, Hunter, KubernetesCluster, InformationDisclosure, RemoteCodeExec, \
     UnauthenticatedAccess, AccessRisk
 
+
 """ Vulnerabilities """
 class EtcdRemoteWriteAccessEvent(Vulnerability, Event):
     """Remote write access might grant an attacker full control over the kubernetes cluster"""
@@ -15,6 +16,7 @@ class EtcdRemoteWriteAccessEvent(Vulnerability, Event):
         Vulnerability.__init__(self, KubernetesCluster, name="Etcd Remote Write Access Event", category=RemoteCodeExec)
         self.evidence = write_res
 
+
 class EtcdRemoteReadAccessEvent(Vulnerability, Event):
     """Remote read access might expose to an attacker cluster's possible exploits, secrets and more."""
 
@@ -22,6 +24,7 @@ class EtcdRemoteReadAccessEvent(Vulnerability, Event):
         Vulnerability.__init__(self, KubernetesCluster,  name="Etcd Remote Read Access Event", category=AccessRisk)
         self.evidence = keys
 
+
 class EtcdRemoteVersionDisclosureEvent(Vulnerability, Event):
     """Remote version disclosure might give an attacker a valuable data to attack a cluster"""
 
@@ -30,6 +33,7 @@ class EtcdRemoteVersionDisclosureEvent(Vulnerability, Event):
                                category=InformationDisclosure)
         self.evidence = version
 
+
 class EtcdAccessEnabledWithoutAuthEvent(Vulnerability, Event):
     """Etcd is accessible using HTTP (without authorization and authentication), it would allow a potential attacker to
      gain access to the etcd"""
@@ -39,11 +43,12 @@ class EtcdAccessEnabledWithoutAuthEvent(Vulnerability, Event):
                                category=UnauthenticatedAccess)
         self.evidence = version
 
+
 # Active Hunter
 @handler.subscribe(OpenPortEvent, predicate=lambda p: p.port == 2379)
 class EtcdRemoteAccessActive(ActiveHunter):
     """Etcd Remote Access
-    Checks for remote write access to etcd"""
+    Checks for remote write access to etcd- will attempt to add a new key to the etcd DB"""
 
     def __init__(self, event):
         self.event = event
@@ -71,7 +76,7 @@ class EtcdRemoteAccessActive(ActiveHunter):
 @handler.subscribe(OpenPortEvent, predicate=lambda p: p.port == 2379)
 class EtcdRemoteAccess(Hunter):
     """Etcd Remote Access
-    Checks for remote availability of etcd, version, read access, write access
+    Checks for remote availability of etcd, its version, and read access to the DB
     """
 
     def __init__(self, event):