diff --git a/.travis.yml b/.travis.yml index 1499316..5e94f15 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,7 +3,6 @@ language: python cache: pip matrix: include: - - python: 2.7 #- python: 3.4 #- python: 3.5 - python: 3.6 diff --git a/README.md b/README.md index 07c41f8..04f4245 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ You can run the kube-hunter python code directly on your machine. #### Prerequisites You will need the following installed: -* python 2.7 or python 3.x +* python 3.x * pip Clone the repository: diff --git a/kube-hunter.py b/kube-hunter.py index 570484c..9ccd040 100755 --- a/kube-hunter.py +++ b/kube-hunter.py @@ -1,14 +1,8 @@ #!/usr/bin/env python -from __future__ import print_function - import argparse import logging import threading -try: - raw_input # Python 2 -except NameError: - raw_input = input # Python 3 parser = argparse.ArgumentParser(description='Kube-Hunter - hunts for security weaknesses in Kubernetes clusters') parser.add_argument('--list', action="store_true", help="displays all tests in kubehunter (add --active flag to see active tests)") @@ -75,13 +69,13 @@ def interactive_set_config(): print("Choose one of the options below:") for i, (option, explanation) in enumerate(options): print("{}. {} ({})".format(i+1, option.ljust(20), explanation)) - choice = raw_input("Your choice: ") + choice = input("Your choice: ") if choice == '1': - config.remote = raw_input("Remotes (separated by a ','): ").replace(' ', '').split(',') + config.remote = input("Remotes (separated by a ','): ").replace(' ', '').split(',') elif choice == '2': config.internal = True elif choice == '3': - config.cidr = raw_input("CIDR (example - 192.168.1.0/24): ").replace(' ', '') + config.cidr = input("CIDR (example - 192.168.1.0/24): ").replace(' ', '') else: return False return True diff --git a/src/modules/hunting/capabilities.py b/src/modules/hunting/capabilities.py index e5910e9..a9f5f8b 100644 --- a/src/modules/hunting/capabilities.py +++ b/src/modules/hunting/capabilities.py @@ -30,10 +30,7 @@ class PodCapabilitiesHunter(Hunter): s.close() logging.debug("Passive hunter's closing RAW socket") return True - # python2 does not support PermissionError, should be sufficiant to say that - # NET_RAW is disabled by catching all exception. after we stop support for - # python2, should replace to except PermissionError explicitly - except: + except PermissionError: logging.debug("CAP_NET_RAW not enabled") def execute(self): diff --git a/src/modules/hunting/cvehunter.py b/src/modules/hunting/cvehunter.py index a11f57a..3b61876 100644 --- a/src/modules/hunting/cvehunter.py +++ b/src/modules/hunting/cvehunter.py @@ -1,8 +1,6 @@ import logging import json import requests -import uuid -import ast from ...core.events import handler from ...core.events.types import Vulnerability, Event @@ -55,11 +53,11 @@ class IsVulnerableToCVEAttack(Hunter): try: res = requests.get("{path}/version".format(path=self.path), headers=self.headers, verify=False) - self.api_server_evidence = res.content - resDict = ast.literal_eval(res.content) + self.api_server_evidence = res.text + resDict = json.loads(res.text) version = resDict["gitVersion"].split('.') - first_two_minor_digits = eval(version[1]) - last_two_minor_digits = eval(version[2]) + first_two_minor_digits = int(version[1]) + last_two_minor_digits = int(version[2]) logging.debug('Passive Hunter got version from the API server version end point: %d.%d', first_two_minor_digits, last_two_minor_digits) return [first_two_minor_digits, last_two_minor_digits]