github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-05-17 06:37:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
260 Commits 55 Branches 19 Tags
00941fc5a9c273b21934b95f7f1093ce8a4e9538
Commit Graph

51 Commits

Author SHA1 Message Date
ori.agmon
369e70ad6e Fixed the PR comments :-) 2018-11-07 22:32:17 +02:00
ori.agmon
72dfbdc34d Fixed the PR comments :-) 2018-11-07 22:32:17 +02:00
ori.agmon
a67e6a57c3 Added evidence to the no auth event & tested it on a vulnerable remote cluster (and it worked!) 2018-11-07 22:32:17 +02:00
ori.agmon
40213db654 I've Split the etcd hunters to hunting & discovery dirs 2018-11-07 22:32:17 +02:00
ori.agmon
0a4c80cb09 Solved some exception bugs & did some refactoring to code & Added event & splited active & passive hunter 2018-11-07 22:32:17 +02:00
ori.agmon
e764d5f21b Solved some exception bugs & did some refactoring to code & Added event 2018-11-07 22:32:17 +02:00
ori.agmon
09c076c6a5 Solved some exception bugs & did some refactoring to code 2018-11-07 22:32:17 +02:00
ori.agmon
10e9a63e50 Added timeout for each request. 
Finished with some of the TODOS tasks (added logs).
Added another TODO task for this branch.
 2018-11-07 22:32:17 +02:00
ori.agmon
bca2f3614c Edited some of the etcd checking & added 2379 port checking 2018-11-07 22:32:17 +02:00
ori.agmon
242260b03e Added some remote access to etcd checks. 2018-11-07 22:32:17 +02:00
oriagmon
568e96c2f4 merged with multi-threaded-bug 2018-10-16 17:18:36 +03:00
oriagmon
1b18825b5e Merge branch 'solve-multi-threading-bug' into access-secrets-hunter 2018-10-16 17:16:42 +03:00
ori.agmon
1f01076cf6 Created RunningAsPodEvent 
Throw it from hosts.py when running form pod
I was able to subscribe to the RunningAsPodEvent thanks to a Rebased with the branch that fix the circular dependencies bug (moveAzureComponentToTypes branch)
 2018-10-16 17:12:42 +03:00
ori.agmon
08f38c623f Had to remove the Azure component form the hunting/aks since it made a circular dependency bug! 2018-10-16 17:12:36 +03:00
ori.agmon
4b466f61c3 Created RunningAsPodEvent 
Throw it from hosts.py when running form pod
I was able to subscribe to the RunningAsPodEvent thanks to a Rebased with the branch that fix the circular dependencies bug (moveAzureComponentToTypes branch)
 2018-10-14 15:10:14 +03:00
ori.agmon
bff5ce7558 Had to remove the Azure component form the hunting/aks since it made a circular dependency bug! 2018-10-14 15:10:14 +03:00
ori.agmon
30435f2348 Fixed some english mistakes & :-) 2018-10-08 15:45:23 +03:00
ori.agmon
042e57e39f Made some Distinctions between passive hunter and discovery (some discoveries were logged as passive hunters ) 2018-10-07 10:43:24 +03:00
ori.agmon
48f0b8d829 Added more logging to most of the hunters. 
Hosts.py, hunting/proxy.py, hunting/kubelet.py logging isn't finished yet.
 2018-10-02 11:49:16 +03:00
ori.agmon
12c416e643 Added more logging to most of the hunters. 2018-09-30 14:39:37 +03:00
Lee Briggs
4e72112339 Add kubeadm API port to API Server discovery 2018-08-17 08:17:23 -07:00
Liz Rice
94822d1178 Look on port 6443 as well 2018-08-17 15:42:28 +01:00
daniel_sagi
a4dbaaf446 added an API Server event, also added port 443 to ports discovery 2018-08-15 16:46:21 +03:00
danielsagi
25b226e849 Merge pull request #8 from aquasecurity/list-tests-option 
Added List tests
 2018-08-08 17:21:15 +03:00
daniel_sagi
71c14fbdf8 added list option, as well as added description for all hunters 2018-08-08 15:57:43 +03:00
danielsagi
fcf983ece5 Updated services description 
On kubelet services to be more neutral
 2018-08-06 14:17:10 +03:00
daniel_sagi
83d571b078 added status codes Unathorized and Forbidden handling of kubelet reponses 2018-07-24 18:51:38 +03:00
daniel_sagi
4e988dca38 moved all start status logging to the default module 2018-07-23 17:39:24 +03:00
daniel_sagi
174d93804c added minimal dashboard hunting 2018-07-19 14:42:50 +03:00
daniel_sagi
0668079b30 Merge branch 'master' of bitbucket.org:scalock/kube-hunter 2018-07-18 11:37:53 +03:00
daniel_sagi
3d1c659233 fixed bug in discovery of secured kubelet api 2018-07-18 11:28:37 +03:00
Shir
7c772e0f3b Nice ascii view instead of the not-that-pretty table 2018-07-17 20:54:57 +03:00
daniel_sagi
5cb8889d16 Merge remote-tracking branch 'origin/liz' 2018-07-15 13:23:08 +03:00
daniel_sagi
0619eb06e2 changed existing vulnerabilities to specify categories, and changed a bit of their description 2018-07-15 13:17:42 +03:00
daniel_sagi
d0a7163221 advanced discovery of proxy 2018-07-15 13:15:59 +03:00
Liz Rice
b0b8ba9a5e Description tweaks 2018-07-13 13:22:55 -04:00
Liz Rice
6c103847a2 Error handling so that we can run locally without needing a network connection 
Allows user to test with a kubernetes cluster on a local VM on their laptop, for example when on a plane :-)
 2018-07-13 10:44:05 -04:00
Liz Rice
e3b21d1d64 Don't stack trace if we can't access the internet 2018-07-13 10:10:29 -04:00
daniel_sagi
e16bc40fb7 minor services description improvements 2018-07-04 15:08:51 +03:00
daniel_sagi
23c03afc02 added interactive choosing of scanning options 2018-07-02 16:20:14 +03:00
daniel_sagi
464e7aad1f Added exception handling and improved help 2018-06-21 13:45:19 +03:00
daniel_sagi
8c6712f378 1. Changed report methods and renamed "log" module to "", added another report generation in a new json format 
2. started to add the --token option to send the finished report.
3. changed a bit of kubelet vulnerability output architecture to match out conventions.
4. added healthz check on kubelets
 2018-06-20 12:09:40 +03:00
daniel_sagi
2b690056b0 Fixed type in privileged, also moved Components to core.types 2018-06-19 11:07:18 +03:00
daniel_sagi
fac667552e added cidr option, also added a while true when running on a pod, to halt for seeing results before restart 2018-06-17 19:01:23 +03:00
daniel_sagi
f3b9b5200f added requirements.txt 2018-06-12 16:55:22 +03:00
daniel_sagi
73a4e83781 Added checks on api responses before json.loads, added a quick scanning option, to scan part of the subnet 2018-06-12 14:30:28 +03:00
daniel_sagi
3f174364f7 Added cloud identifiering for each type of host scan, using azurespeed. Now AzuerSpn hunting will be triggered only if the host is an azure cluster. using predicate, and the new 'cloud' attribute 2018-06-12 12:10:59 +03:00
daniel_sagi
973c2a25a0 changed output results table format, added AzureMetadata vulnerability on discovery 2018-06-11 20:02:25 +03:00
daniel_sagi
75393da91a simplified kubelet open handlers hunting and types 2018-06-11 14:26:09 +03:00
daniel_sagi
01c4aac105 Active hunting is now available by inheriting from ActiveHunter. the hunter wil subscribe only if the --active flag was set. 
1. Removed scanning configuration from events, from now on, scanning config is accessed from the main module
2. Moved core types to a "toplevel" file
 2018-06-11 12:39:11 +03:00