diff --git a/src/modules/hunting/apiserver.py b/src/modules/hunting/apiserver.py index e621915..c1b6f2c 100644 --- a/src/modules/hunting/apiserver.py +++ b/src/modules/hunting/apiserver.py @@ -328,56 +328,32 @@ class AccessApiServerViaServiceAccountToken(Hunter): if self.get_service_account_token(): self.publish_event(ServiceAccountTokenAccess(self.service_account_token_evidence)) - if self.access_api_server(): - self.publish_event(ServerApiAccess(self.api_server_evidence)) - if self.get_all_namespaces(): - self.publish_event(ListAllNamespaces(self.all_namespaces_names_evidence)) + if self.access_api_server(): + self.publish_event(ServerApiAccess(self.api_server_evidence)) - if self.get_pods_list_under_requested_scope(): - self.publish_event(ListPodUnderAllNamespaces(self.namespaces_and_their_pod_names)) - else: - if self.get_pods_list_under_requested_scope(scope='namespaces/default'): - self.publish_event(ListPodUnderDefaultNamespace(self.namespaces_and_their_pod_names)) + if self.get_all_namespaces(): + self.publish_event(ListAllNamespaces(self.all_namespaces_names_evidence)) - if self.get_all_roles(): - self.publish_event(ListAllRoles(self.all_roles_names_evidence)) - else: - if self.get_roles_under_default_namespace(): - self.publish_event(ListAllRolesUnderDefaultNamespace( - self.roles_names_under_default_namespace_evidence)) - if self.get_all_cluster_roles(): - self.publish_event(ListAllClusterRoles(self.all_cluster_roles_names_evidence)) - - # At this point we know we got the service_account_token, and we might got all of the namespaces - self.publish_event(ApiServerPassiveHunterFinished(self.all_namespaces_names_evidence, - self.service_account_token_evidence, - self.event.host, self.event.port)) + if self.get_pods_list_under_requested_scope(): + self.publish_event(ListPodUnderAllNamespaces(self.namespaces_and_their_pod_names)) else: - logging.debug('No service account token found, verifiying anonymous access.') - if self.get_all_namespaces(): - self.publish_event(ListAllNamespaces(self.all_namespaces_names_evidence)) + if self.get_pods_list_under_requested_scope(scope='namespaces/default'): + self.publish_event(ListPodUnderDefaultNamespace(self.namespaces_and_their_pod_names)) - if self.get_pods_list_under_requested_scope(): - self.publish_event(ListPodUnderAllNamespaces(self.namespaces_and_their_pod_names)) - else: - if self.get_pods_list_under_requested_scope(scope='namespaces/default'): - self.publish_event(ListPodUnderDefaultNamespace(self.namespaces_and_their_pod_names)) - - if self.get_all_roles(): - self.publish_event(ListAllRoles(self.all_roles_names_evidence)) - else: - if self.get_roles_under_default_namespace(): - self.publish_event(ListAllRolesUnderDefaultNamespace( + if self.get_all_roles(): + self.publish_event(ListAllRoles(self.all_roles_names_evidence)) + else: + if self.get_roles_under_default_namespace(): + self.publish_event(ListAllRolesUnderDefaultNamespace( self.roles_names_under_default_namespace_evidence)) - if self.get_all_cluster_roles(): - self.publish_event(ListAllClusterRoles(self.all_cluster_roles_names_evidence)) - - # At this point we know we got the service_account_token, and we might got all of the namespaces - self.publish_event(ApiServerPassiveHunterFinished(self.all_namespaces_names_evidence, - self.service_account_token_evidence, - self.event.host, self.event.port)) + if self.get_all_cluster_roles(): + self.publish_event(ListAllClusterRoles(self.all_cluster_roles_names_evidence)) + # At this point we know we got the service_account_token, and we might got all of the namespaces + self.publish_event(ApiServerPassiveHunterFinished(self.all_namespaces_names_evidence, + self.service_account_token_evidence, + self.event.host, self.event.port)) # Active Hunter