added prove of running pods

2026-05-11 03:37:52 +00:00 · 2018-06-12 12:57:29 +03:00
parent ca5c168bef
commit e4c9beb653
1 changed files with 15 additions and 2 deletions
--- a/src/modules/hunting/kubelet.py
+++ b/src/modules/hunting/kubelet.py
@@ -278,7 +278,20 @@ class ProvePodsHandler(ActiveHunter):
            port=self.event.port), 
            verify=False)
            .text)['items']
-        self.event.evidence = "pods: {}".format(len(pods_data))
+        self.event.evidence = "bound pods: {}".format(len(pods_data))
+
+@handler.subscribe(ExposedRunningPodsHandler)
+class ProveRunningPodsHandler(ActiveHunter):
+    def __init__(self, event):
+        self.event = event
+    
+    def execute(self):
+        pods_data = json.loads(requests.get("https://{host}:{port}/runningpods".format(
+            host=self.event.host, 
+            port=self.event.port), 
+            verify=False)
+            .text)['items']
+        self.event.evidence = "running pods: {}".format(len(pods_data))

@handler.subscribe(ExposedContainerLogsHandler)
 class ProveContainerLogsHandler(ActiveHunter):
@@ -302,4 +315,4 @@ class ProveContainerLogsHandler(ActiveHunter):
                        container_data["name"],
                        str(output.text)
                    )
-                    break
+                    break