Added more logging to most of the hunters.

Hosts.py, hunting/proxy.py, hunting/kubelet.py logging isn't finished yet.
2026-05-10 19:26:49 +00:00 · 2018-10-02 11:49:16 +03:00
parent 12c416e643
commit 48f0b8d829
3 changed files with 7 additions and 1 deletions
--- a/src/modules/discovery/hosts.py
+++ b/src/modules/discovery/hosts.py
@@ -73,6 +73,7 @@ class HostDiscovery(Hunter):

    def get_cloud(self, host):
        try:
+            logging.debug("Passive hunter is attempting to access azure's cloud")
            metadata = requests.get("http://www.azurespeed.com/api/region?ipOrUrl={ip}".format(ip=host)).text
        except requests.ConnectionError as e:
            logging.info("- unable to check cloud: {0}".format(e))
@@ -82,6 +83,7 @@ class HostDiscovery(Hunter):

    def is_azure_pod(self):
        try:
+            logging.debug("Passive hunter is attempting to access azure's pod")
            if requests.get("http://169.254.169.254/metadata/instance?api-version=2017-08-01", headers={"Metadata":"true"}, timeout=5).status_code == 200:
                return True
        except requests.exceptions.ConnectionError:
@@ -100,6 +102,7 @@ class HostDiscovery(Hunter):

    # quering azure's interface metadata api | works only from a pod
    def azure_metadata_discovery(self):
+        logging.debug("Passive hunter is attempting to pull azure's metadata")
        machine_metadata = json.loads(requests.get("http://169.254.169.254/metadata/instance?api-version=2017-08-01", headers={"Metadata":"true"}).text)
        address, subnet= "", ""
        for interface in machine_metadata["network"]["interface"]:
@@ -110,7 +113,8 @@ class HostDiscovery(Hunter):

    # for normal scanning
    def scan_interfaces(self):
-        try: 
+        try:
+            logging.debug("Passive hunter is attempting to scan interfaces")
            external_ip = requests.get("http://canhazip.com").text # getting external ip, to determine if cloud cluster
        except requests.ConnectionError as e:
            logging.debug("unable to determine local IP address: {0}".format(e))
--- a/src/modules/hunting/aks.py
+++ b/src/modules/hunting/aks.py
@@ -30,6 +30,7 @@ class AzureSpnHunter(Hunter):
        
    # getting a container that has access to the azure.json file
    def get_key_container(self):
+        logging.debug("Attempting to find container with access to azure.json file")
        raw_pods = requests.get(self.base_url + "/pods", verify=False).text
        if "items" in raw_pods:
            pods_data = json.loads(raw_pods)["items"]
--- a/src/modules/hunting/kubelet.py
+++ b/src/modules/hunting/kubelet.py
@@ -112,6 +112,7 @@ class ReadOnlyKubeletPortHunter(Hunter):
        return privileged_containers if len(privileged_containers) > 0 else None
    
    def get_pods_endpoint(self):
+        logging.debug("Active hunter is attempting to find pods endpoints")
        response = requests.get(self.path + "pods")
        if "items" in response.text:
            return json.loads(response.text)