github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-05-10 19:26:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added timeout for each request.

Browse Source 
Finished with some of the TODOS tasks (added logs).
Added another TODO task for this branch.
This commit is contained in:
ori.agmon
2018-10-02 11:59:25 +03:00
parent a506ed5b9c
commit e2c04b2a7c
1 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/modules/discovery/etcd.py
View File

@@ -27,19 +27,19 @@ class etcdRemoteAccess(Hunter):
Checks for remote availability of etcd, version, read access, write access
"""
#TODO:
#If we've got a read access-> check if data is encrypted.
#Read Liz's book & etcd's rest api and check if I've missed important commands to check
#Do we need to add a auth check and remote connection?->>>
#->>>if we are able to get the version remotely it means there was no auth check and we were able to connect remotely but maybe we should display it?
#Add proper logs
#->>>if we are able to get the version remotely it means there was no auth check and we were able to connect remotely but maybe we should display the no auth event anyway?
#Check why the execute() isn't being called
#Decide if I should move db_keys_write_access to hunting/etcd.py as an active hunter
def __init__(self, event):
self.event = event
def db_keys_disclosure(self):
logging.debug(self.event.host)
r_secure = requests.get("https://{host}:{port}/v2/keys".format(host=self.event.host, port=2379))#decide which port to choose (maybe the host's port?)
r_not_secure = requests.get("http://{host}:{port}/v2/keys".format(host=self.event.host, port=2379))#decide which port to choose (maybe the host's port?)
logging.debug("Passive hunter is attempting to read etcd keys remotely")
r_secure = requests.get("https://{host}:{port}/v2/keys".format(host=self.event.host, port=2379), timeout=5)#decide which port to choose (maybe the host's port?)
r_not_secure = requests.get("http://{host}:{port}/v2/keys".format(host=self.event.host, port=2379), timeout=5)#decide which port to choose (maybe the host's port?)
has_remote_access_gained = (r_secure.status_code == 200 and r_secure.content != "") or (r_not_secure.status_code == 200 and r_not_secure.content != "")
if has_remote_access_gained:
self.publish_event(etcdRemoteReadAccessEvent(secure=False))
@@ -48,11 +48,12 @@ class etcdRemoteAccess(Hunter):
def db_keys_write_access(self):
logging.debug(self.event.host)
logging.debug("Active hunter* is attempting to write keys remotely")
data = {
'value': 'remote write access penetration'
}
r_secure = requests.put("https://{host}:{port}/v2/keys/message".format(host=self.event.host, port=2379), data=data)#decide which port to choose (maybe the host's port?)
r_not_secure = requests.put("https://{host}:{port}/v2/keys/message".format(host=self.event.host, port=2379), data=data)#decide which port to choose (maybe the host's port?)
r_secure = requests.put("https://{host}:{port}/v2/keys/message".format(host=self.event.host, port=2379), data=data, timeout=5)#decide which port to choose (maybe the host's port?)
r_not_secure = requests.put("https://{host}:{port}/v2/keys/message".format(host=self.event.host, port=2379), data=data, timeout=5)#decide which port to choose (maybe the host's port?)
has_remote_access_gained = (r_secure.status_code == 200 and r_secure.content != "") or (r_not_secure.status_code == 200 and r_not_secure.content != "")
if has_remote_access_gained:
@@ -62,8 +63,9 @@ class etcdRemoteAccess(Hunter):
def version_disclosure(self):
logging.debug(self.event.host)
r_secure = requests.get("https://{host}:{port}/version".format(host=self.event.host, port=2379)) # decide which port to choose (maybe the host's port?)
r_not_secure = requests.get("http://{host}:{port}/version".format(host=self.event.host, port=2379)) # decide which port to choose (maybe the host's port?)
logging.debug("Passive hunter is attempting to check etcd version remotely")
r_secure = requests.get("https://{host}:{port}/version".format(host=self.event.host, port=2379), timeout=5) # decide which port to choose (maybe the host's port?)
r_not_secure = requests.get("http://{host}:{port}/version".format(host=self.event.host, port=2379), timeout=5) # decide which port to choose (maybe the host's port?)
has_remote_access_gained = (r_secure.status_code == 200 and r_secure.content != "") or (r_not_secure.status_code == 200 and r_not_secure.content != "")
if has_remote_access_gained: