* Ignore downstream version flag
This commit adds `--ignore-downstream` flag to kube-hunter.
Enabling the flag will make kube-hunter considering patched versions
as not vulnerable.
Resolves#179
* Add test cases and refine argument description
* added arp passive hunter
* seperated arp and dns hunters, made them active and fixed some coe on arp
* added description for hunters, and refactored description for vulnerabilities
* minor typo
* replaced google.com with 1.1.1.1
* fixed comments
* fixed scapy
* validated output of get_kube_dns_ip_mac
* minor addition to description
* added documantation in readme
* minor changes to logging levels and formatting
* changed example in readme
* fixed merge
* added info logging to http dispatch method
* changed description from environ to environment variables
* changed version hunting to be on a a new version disclosure vulnerability
* fixed version publish
* added logging and fixed typo
* changed whole way of comparing versions in cve hunter
* changed K8sVersionDisclosure vulnerability to one core vulnerability, that takes an endpoint. changed all usage
* added tests
* merged kubectl cve hunting with apiserver hunting. and simplified the code of apiserver cve hunting
* fixed tests to new names
* changed name of module to cves.py
* drastically improved the cve vulnerble detection utility function. now works with all types of versioning methods
* added packaging in requirementes.txt
* added another test, and improved logic on cve comparison for more complicated versions
* changed CveHunter to subscribe_once, to prevent duplicates duplicates
* fixed tests for new improvements
* removed unnecessary ternary on doc
* removed unnecessary join split
* improved compare function, made it util
* improved cve checking to use mapping
* added detection for CVE-2019-9512 and CVE-2019-9514
* added detection for CVE-2019-11247 and added minor comments
* changed python version to 3.8.rc and removed wireshark from build. also added a plugin to supress scapy's warnings about the manuf
* changed to alpine 3.10, on docker file and removed unnecessary logging suppression
* changed to python 3.7
* changed base image on builder as well
* added basic metrics server discovery
* improved discovery, and added KNOWN PORTS usage
* improved apiserver decision
* fixed bug with comparison of IP addresses in kubeservicehost
* improved description of api server discovery
* added checks with auth_token on discovery
* fixed bug in version requests and added to tests
* added an abstract 'unrecognized API' event, and a filter for it for classification
* changed filtering to be done on the same event
* fixed verify on session and removed unnecessary enum
* minor changes to comments
* added detailed explanation
* changed version hunting to be on a a new version disclosure vulnerability
* fixed version publish
* added logging and fixed typo
* changed whole way of comparing versions in cve hunter
* changed K8sVersionDisclosure vulnerability to one core vulnerability, that takes an endpoint. changed all usage
* added tests
* merged kubectl cve hunting with apiserver hunting. and simplified the code of apiserver cve hunting
* fixed tests to new names
* changed name of module to cves.py
* drastically improved the cve vulnerble detection utility function. now works with all types of versioning methods
* added packaging in requirementes.txt
* added another test, and improved logic on cve comparison for more complicated versions
* changed CveHunter to subscribe_once, to prevent duplicates duplicates
* fixed tests for new improvements
* removed unnecessary ternary on doc
* removed unnecessary join split
* improved compare function, made it util
* improved cve checking to use mapping
* moved report output into dispatchers, stdout by default with config option of http(s)
* notes in arg config on how to configure http dispatcher
* removed some debug log visibility indicators
* missing import
* env vars more descriptive: KUBEHUNTER_HTTP_DISPATCH_METHOD and KUBEHUNTER_HTTP_DISPATCH_URL
* optimisation: delayed instantiation of the dispatcher until after selection to avoid instantiating unnecessarily
* refactor: config selection as per reporter selection
* bugfix: fall-back to default required if unknown reporter or dispatcher specified
* swapping urllib3 for requests
* corrected visibility levels for logging
* moving dispatchers into a file in reporters rather than it's own place to fit with theme and support dynamic module loading
* added an implementation for scanning api server from env variable, without duplications, when running as pod
* fixed issue with convertion of ip address
* added pods data on ExposedPodsHandler event, for later use
* added /var/log write mount hunter. in 'mounts' module. also an active hunter which exploits run handler as well
* removed unnecesary variables
* changed active hunter description
* minor changes to vulnerability descriptions
* 1. added /logs Active hunter and tester.
2. changed kubelet handlers enum to be accessible as KubeletHandlers
3. added kubelet requests session to the event chain, for active hunters to use.
* added usage of event.session in the run active hunter
* changed kubelet run handler test to be not state-changing
* changed fake_container name to be more random
* changed run handler to GET and check for method not allowed
* removed python2 from readme and travis
* changed except on caps hunter to except PermissionError, supports only from python3
* removed python2 support in main file
* changed cvehunter to use res.text in place of res.content (python3 returnes a bytes object for content)
* added hunter for Capabilities, and a check for NET_RAW
* changed to Hunter from Discovery
* added description for hunter
* changed from PermissionError on net_raw check. for python2 support
* Clarify vulnerability description
Stating that this vulnerability only becomes a problem if a pod gets compromised
* added event filtering mechanism, as well as a detailed explanation in src/README
* changed filter search to run only once for each event, also now returning None to indicate keeping of event
* expanded explanation of filtering in readme
* Tiny typo
* made changes for better readability, also filter should now return None to indicate throwing of event
* changed apply filters loop to be simple and running on each publish.
* changed README
* added reassuring of parent event after filters
* moved event filtering to another function, now supporting trhoeing of event mid loop
* added note in README about event.previous
* Tiny text corrections
* More accurate comment
"Throwing an event" can actually mean triggering it (which is different from "throwing it _away_"). But I went for "discarded" here to be completely clear
* Remove superflous space that had crept in
* added a new hunter for CVE-2019-11246
* added KubectlClient component
* overriden location function on event to display a 'local machine' location
* added clarification about kubectl version --client operation
* Fix tiny typo
It reads better without the comma
* removed unnecessary debug message
* added CVE hunter for kubectl to allow more CVE checking.
