From f3b9b5200fe7b2db4dd8f6facb39c8adfbdab1b0 Mon Sep 17 00:00:00 2001 From: daniel_sagi Date: Tue, 12 Jun 2018 16:55:22 +0300 Subject: [PATCH] added requirements.txt --- log/reporter.py | 2 +- requirements.txt | 3 ++- src/core/events/handler.py | 11 +++++++++++ src/modules/discovery/hosts.py | 1 + src/modules/hunting/aks.py | 2 +- 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/log/reporter.py b/log/reporter.py index a6e9273..345507a 100644 --- a/log/reporter.py +++ b/log/reporter.py @@ -61,7 +61,7 @@ def print_results(): vuln_table.padding_width=1 vuln_table.header_style="upper" for vuln in vulnerabilities: - row = ["{}:{}".format(vuln.host, vuln.port), vuln.component.name, vuln.get_name(), vuln.explain()] + row = ["{}:{}".format(vuln.host, vuln.port) if vuln.host else "", vuln.component.name, vuln.get_name(), vuln.explain()] if config.active: evidence = str(vuln.evidence)[:EVIDENCE_PREVIEW] + "..." if len(str(vuln.evidence)) > EVIDENCE_PREVIEW else str(vuln.evidence) row.append(evidence) diff --git a/requirements.txt b/requirements.txt index d574476..f4d3299 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,4 +3,5 @@ netifaces enum34 scapy requests -PrettyTable \ No newline at end of file +PrettyTable +urllib3 \ No newline at end of file diff --git a/src/core/events/handler.py b/src/core/events/handler.py index e7a42d8..b12a0e2 100644 --- a/src/core/events/handler.py +++ b/src/core/events/handler.py @@ -4,6 +4,7 @@ from collections import defaultdict from Queue import Queue from threading import Lock, Thread +import time from __main__ import config from ..types import ActiveHunter @@ -23,6 +24,10 @@ class EventQueue(Queue, object): t.daemon = True t.start() self.workers.append(t) + t = Thread(target=self.notifier) + t.daemon = True + t.start() + # decorator wrapping for easy subscription def subscribe(self, event, hook=None, predicate=None): @@ -60,6 +65,12 @@ class EventQueue(Queue, object): self.task_done() logging.debug("closing thread...") + def notifier(self): + time.sleep(2) + while self.unfinished_tasks > 0: + logging.debug("{} tasks left".format(self.unfinished_tasks)) + time.sleep(3) + # stops execution of all daemons def free(self): self.running = False diff --git a/src/modules/discovery/hosts.py b/src/modules/discovery/hosts.py index 91dff44..f0fffce 100644 --- a/src/modules/discovery/hosts.py +++ b/src/modules/discovery/hosts.py @@ -18,6 +18,7 @@ from ..hunting.aks import Azure class AzureMetadataApi(Vulnerability, Event): + """Access to Azure Metadata API exposes sensitive information about the machines associated with the cluster""" def __init__(self, cidr): Vulnerability.__init__(self, Azure, "Azure Metadata Exposure") self.cidr = cidr diff --git a/src/modules/hunting/aks.py b/src/modules/hunting/aks.py index b6ed5c3..3336eb3 100644 --- a/src/modules/hunting/aks.py +++ b/src/modules/hunting/aks.py @@ -70,4 +70,4 @@ class ProveAzureSpnExposure(ActiveHunter): self.event.aadClientId = subscription["aadClientId"] self.event.aadClientSecret = subscription["aadClientSecret"] self.event.tenantId = subscription["tenantId"] - self.event.evidence = "id: {}".format(self.event.subscriptionId) + self.event.evidence = "subscription: {}".format(self.event.subscriptionId)