* Refactored all categories to the new MITRE attack matrix format
* Changed format of vulnerabilities table to display the mitre technique related to the vulnerability
* added service account token flag to use in hunting
* added flag to main parsing config creation
* fixed linting issues
* added documentation on the service-account-token flag
* minor readme change
* removed redundant call for /pods again from /var/log mount hunter, by using multiple subscription
* fixed new linting
* fixed linting with exceptions
* Add a new dependency on Kubernetes package
* Add and store a new flag about automatic nodes discovery from a pod
* Implement the listing of nodes
* Add tests to cover the k8s node listing
* Fix the k8s listing test to ensure the load incluster function is actually called
* Add more help to the k8s node discovery flags, and cross-reference them.
* Add a note on the Kubernetes auto-discovery in the main README file
* Move the kubernetes discovery from conf to modules/discovery
* When running with --pods, run the Kubernetes auto discovery
* Also mention that the auto discovery is always on when using --pod
Co-authored-by: Mikolaj Pawlikowski <mpawlikowsk1@bloomberg.net>
* Add multiple subscription mechanism
* PR: address comments
* improved implementation, solved a couple of bugs, added documentation to almost the whole backend process
* added corresponding tests to the new method of the multiple subscription
* fixed linting issue
* fixed linting #2
Co-authored-by: Raito Bezarius <masterancpp@gmail.com>
* removed false negative in AzureSpnHunter when /run is disabled
* changed to use direct imported class
* fixed multiple bugs in azure spn hunting, and improved efficency
* fixed bug in cloud identification. TODO: remove the outsourcing for cloud provider
* removed unused config variable
* fixed tests to use already parsed pods as the given previous event has changed
* changed ubuntu to an older version, for compatibility reasons with glibc on pyinstaller steps and added a step to parse the release tag
* removed parsing of release tag
* changed flow name
* removed 'release' from the release name
* changed link to point to avd
* changed kb_links to be on base report module. and updated to point to avd. now json output returns the full avd url to the vulnerability
* switched to adding a new avd_reference instead of changed the VID
* added newline to fix linting
* added the link of contribution page
users can directly go to the contribution page from here after reading the readme file
* added it to the table of contents
* Done
sorry for my prev. mistake, now its fixed.
Co-authored-by: danielsagi <danielsagi2009@gmail.com>
Given that the Description tends to go over 100 characters as well, it
seems appropriate to loosen the restriction of the evidence field.
Fixes#111
Co-authored-by: danielsagi <danielsagi2009@gmail.com>
* fixed etcd version hunting typo
* changed self.protocol in other places on etcd hunting. this is a typo, protocol is a property of events, not hunters
Co-authored-by: Daniel Sagi <daniel@example.com>
Co-authored-by: Liz Rice <liz@lizrice.com>
Existing job.yml has wrong command for command ["python", "kube-hunter,py"]. But it should change to command ["kube-hunter"]
Co-authored-by: Liz Rice <liz@lizrice.com>
