github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-05-13 04:36:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added evidence to the no auth event & tested it on a vulnerable remote cluster (and it worked!)

Browse Source
This commit is contained in:
ori.agmon
2018-10-07 16:59:49 +03:00
committed by oriagmon
parent 5d6eea72f7
commit a67e6a57c3
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/modules/discovery/etcd.py
View File

@@ -14,7 +14,7 @@ from ...core.types import Hunter
class etcdAccessEvent(Service, Event):
"""Etcd is a DB that stores cluster's data, it contains configuration and current state information, and might contain secrets"""
def __init__(self):
Service.__init__(self, name="Etcd Access")
Service.__init__(self, name="Etcd")

9
src/modules/hunting/etcd.py
View File

@@ -62,8 +62,9 @@ class etcdRemoteVersionDisclosureEvent(Vulnerability, Event):
class etcdAccessEnabledWithoutAuthEvent(Vulnerability, Event):
"""Etcd is accessible without authorization, it would allow a potential attacker to gain access to the etcd"""
def __init__(self):
def __init__(self, version):
Vulnerability.__init__(self, KubernetesCluster, name="Etcd is accessible without authorization", category=UnauthenticatedAccess)
self.evidence = version
@handler.subscribe(OpenPortEvent, predicate= lambda p: p.port == 2379)
@@ -89,14 +90,13 @@ class etcdRemoteAccessActive(ActiveHunter):
return False
def execute(self):
self.db_keys_write_access()
self.db_keys_write_access()
@handler.subscribe(OpenPortEvent, predicate=lambda p: p.port == 2379)
class etcdRemoteAccess(Hunter):
"""Etcd Remote Access
Checks for remote availability of etcd, version, read access, write access
"""
# TODO:
# Check the etcd hunter on a remote cluster! (currently everything was checked only at 127.0.0.1:2379)
def __init__(self, event):
@@ -120,12 +120,13 @@ class etcdRemoteAccess(Hunter):
r_not_secure = "http://{host}:{port}/version".format(host=self.event.host, port=2379)
res = helperFuncDo2Requests(r_secure, r_not_secure)
if res:
self.no_auth_evidence = res.content
self.publish_event(etcdRemoteVersionDisclosureEvent(res.content))
return True
return False
def execute(self):
if (self.version_disclosure()):
self.publish_event(etcdAccessEnabledWithoutAuthEvent()) # if version is accessible we can publish "no auth event".
self.publish_event(etcdAccessEnabledWithoutAuthEvent(self.no_auth_evidence)) # if version is accessible we can publish "no auth event".
self.db_keys_disclosure()
self.db_keys_write_access()