From 46cbfbc5dc07a8ae7f69c14f25d1fcff252c8a70 Mon Sep 17 00:00:00 2001 From: "ori.agmon" Date: Wed, 10 Oct 2018 20:10:06 +0300 Subject: [PATCH] Fixed status code bug & some intending. --- src/modules/hunting/etcd.py | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/src/modules/hunting/etcd.py b/src/modules/hunting/etcd.py index bd0ccb6..149970d 100644 --- a/src/modules/hunting/etcd.py +++ b/src/modules/hunting/etcd.py @@ -50,20 +50,23 @@ class EtcdRemoteAccessActive(ActiveHunter): data = { 'value': 'remotely written data' } - r = "{protocol}://{host}:{port}/v2/keys/message".format(host=self.event.host, port=2379, protocol=self.protocol, data=data) - self.write_evidence = r.content if r.status_code == '200' and r.content != '' else False + r = "{protocol}://{host}:{port}/v2/keys/message".format(host=self.event.host, port=2379, protocol=self.protocol, + data=data) + self.write_evidence = r.content if r.status_code == 200 and r.content != '' else False return self.write_evidence def execute(self): if self.db_keys_write_access(): self.publish_event(EtcdRemoteWriteAccessEvent(self.write_evidence)) + # Passive Hunter @handler.subscribe(OpenPortEvent, predicate=lambda p: p.port == 2379) class EtcdRemoteAccess(Hunter): """Etcd Remote Access Checks for remote availability of etcd, version, read access, write access """ + def __init__(self, event): self.event = event self.version_evidence = '' @@ -72,20 +75,24 @@ class EtcdRemoteAccess(Hunter): def db_keys_disclosure(self): logging.debug(self.event.host + " Passive hunter is attempting to read etcd keys remotely") - r = requests.get("{protocol}://{host}:{port}/v2/keys".format(protocol=self.protocol, host=self.event.host, port=2379), verify=False) - self.keys_evidence = r.content if r.status_code == '200' and r.content != '' else False + r = requests.get( + "{protocol}://{host}:{port}/v2/keys".format(protocol=self.protocol, host=self.event.host, port=2379), + verify=False) + self.keys_evidence = r.content if r.status_code == 200 and r.content != '' else False return self.version_evidence - def version_disclosure(self, protocol): + def version_disclosure(self): logging.debug(self.event.host + " Passive hunter is attempting to check etcd version remotely") - r = requests.get("{protocol}://{host}:{port}/version".format(protocol=self.protocol, host=self.event.host, port=2379), verify=False) - self.version_evidence = r.content if r.status_code == '200' and r.content != '' else False + r = requests.get( + "{protocol}://{host}:{port}/version".format(protocol=self.protocol, host=self.event.host, port=2379), + verify=False) + self.version_evidence = r.content if r.status_code == 200 and r.content != '' else False return self.version_evidence def unauthorized_access(self): logging.debug(self.event.host + " Passive hunter is attempting to access etcd without authorization") r = requests.get("http://{host}:{port}/version".format(host=self.event.host, port=2379), verify=False) - return r.content if r.status_code == '200' and r.content != '' else False + return r.content if r.status_code == 200 and r.content != '' else False def execute(self): if self.unauthorized_access(): # decide between http and https protocol @@ -96,3 +103,4 @@ class EtcdRemoteAccess(Hunter): self.publish_event(EtcdAccessEnabledWithoutAuthEvent(self.version_evidence)) if self.db_keys_disclosure(): self.publish_event(EtcdRemoteReadAccessEvent(self.keys_evidence)) +