Fixed status code bug & some intending.

2026-05-10 03:07:16 +00:00 · 2018-10-10 20:10:06 +03:00
parent e3d45d5d88
commit 46cbfbc5dc
1 changed files with 16 additions and 8 deletions
--- a/src/modules/hunting/etcd.py
+++ b/src/modules/hunting/etcd.py
@@ -50,20 +50,23 @@ class EtcdRemoteAccessActive(ActiveHunter):
        data = {
            'value': 'remotely written data'
        }
-        r = "{protocol}://{host}:{port}/v2/keys/message".format(host=self.event.host, port=2379, protocol=self.protocol, data=data)
-        self.write_evidence = r.content if r.status_code == '200' and r.content != '' else False
+        r = "{protocol}://{host}:{port}/v2/keys/message".format(host=self.event.host, port=2379, protocol=self.protocol,
+                                                                data=data)
+        self.write_evidence = r.content if r.status_code == 200 and r.content != '' else False
        return self.write_evidence

    def execute(self):
        if self.db_keys_write_access():
            self.publish_event(EtcdRemoteWriteAccessEvent(self.write_evidence))

+
 # Passive Hunter
@handler.subscribe(OpenPortEvent, predicate=lambda p: p.port == 2379)
 class EtcdRemoteAccess(Hunter):
    """Etcd Remote Access
    Checks for remote availability of etcd, version, read access, write access
    """
+
    def __init__(self, event):
        self.event = event
        self.version_evidence = ''
@@ -72,20 +75,24 @@ class EtcdRemoteAccess(Hunter):

    def db_keys_disclosure(self):
        logging.debug(self.event.host + " Passive hunter is attempting to read etcd keys remotely")
-        r = requests.get("{protocol}://{host}:{port}/v2/keys".format(protocol=self.protocol, host=self.event.host, port=2379), verify=False)
-        self.keys_evidence = r.content if r.status_code == '200' and r.content != '' else False
+        r = requests.get(
+            "{protocol}://{host}:{port}/v2/keys".format(protocol=self.protocol, host=self.event.host, port=2379),
+            verify=False)
+        self.keys_evidence = r.content if r.status_code == 200 and r.content != '' else False
        return self.version_evidence

-    def version_disclosure(self, protocol):
+    def version_disclosure(self):
        logging.debug(self.event.host + " Passive hunter is attempting to check etcd version remotely")
-        r = requests.get("{protocol}://{host}:{port}/version".format(protocol=self.protocol, host=self.event.host, port=2379), verify=False)
-        self.version_evidence = r.content if r.status_code == '200' and r.content != '' else False
+        r = requests.get(
+            "{protocol}://{host}:{port}/version".format(protocol=self.protocol, host=self.event.host, port=2379),
+            verify=False)
+        self.version_evidence = r.content if r.status_code == 200 and r.content != '' else False
        return self.version_evidence

    def unauthorized_access(self):
        logging.debug(self.event.host + " Passive hunter is attempting to access etcd without authorization")
        r = requests.get("http://{host}:{port}/version".format(host=self.event.host, port=2379), verify=False)
-        return r.content if r.status_code == '200' and r.content != '' else False
+        return r.content if r.status_code == 200 and r.content != '' else False

    def execute(self):
        if self.unauthorized_access():  # decide between http and https protocol
@@ -96,3 +103,4 @@ class EtcdRemoteAccess(Hunter):
                self.publish_event(EtcdAccessEnabledWithoutAuthEvent(self.version_evidence))
            if self.db_keys_disclosure():
                self.publish_event(EtcdRemoteReadAccessEvent(self.keys_evidence))
+