github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-05-19 23:59:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
534 Commits 55 Branches 19 Tags
5185f28ffffbdb1ae0cafa64ab49e80bdf041336
Commit Graph

347 Commits

Author SHA1 Message Date
danielsagi
5185f28fff Added event filtering mechanism (#134) 
* added event filtering mechanism, as well as a detailed explanation in src/README

* changed filter search to run only once for each event, also now returning None to indicate keeping of event

* expanded explanation of filtering in readme

* Tiny typo

* made changes for better readability, also filter should now return  None to indicate throwing of event

* changed apply filters loop to be simple and running on each publish.

* changed README

* added reassuring of parent event after filters

* moved event filtering to another function, now supporting trhoeing of event mid loop

* added note in README about event.previous

* Tiny text corrections

* More accurate comment

"Throwing an event" can actually mean triggering it (which is different from "throwing it _away_"). But I went for "discarded" here to be completely clear

* Remove superflous space that had crept in
 2019-07-03 11:52:42 +01:00
danielsagi
049453ee15 changed run handler check to include all 4xx status codes (#142) 2019-06-27 09:55:56 +01:00
danielsagi
b2d2f5a01a New kubectl CVE hunter, detecting CVE-2019-11246 and CVE_2019_1002101 (#141) 
* added a new hunter for CVE-2019-11246

* added KubectlClient component

* overriden location function on event to display a 'local machine' location

* added clarification about kubectl version --client operation

* Fix tiny typo

It reads better without the comma

* removed unnecessary debug message

* added CVE hunter for kubectl to allow more CVE checking.
 2019-06-27 09:51:18 +01:00
danielsagi
f360c541ff Minor improve of task counting of queue (#139) 
* changed way of task handler to be more safe. also added info about cases when one task is hanging

* removed queue_lock
 2019-06-27 09:36:31 +01:00
Daniel Sagi
b7bcdd09cf better way of treating the printing, concatenating output 2019-06-24 22:42:03 +03:00
Daniel Sagi
1baca77754 Up until now if services were not discovered, vulnerabilities will not have shown. we want to show the, in any case. 2019-06-24 20:00:28 +03:00
Daniel Sagi
50ea9a2405 added more detailed explanation about exceptions in debug 2019-06-12 17:43:16 +03:00
danielsagi
30121b5010 Merge branch 'master' into fix_get_random_pod 2019-06-11 17:53:13 +03:00
danielsagi
ec3aca9547 Merge branch 'master' into insecure_port 2019-06-11 17:43:14 +03:00
Daniel Sagi
faf1db3d16 cleaned files to match master branch updates, also removed change of ExposedRunHandler evidence handling 2019-06-11 17:40:44 +03:00
Daniel Sagi
2168180ffb fixed issue with get_random_pod method, .next attribute on generator is deprecated in python3 2019-06-11 11:29:39 +03:00
nshauli
ac77c67ddd Add evidence counter to privileged container vulnerability 2019-06-05 11:48:25 +03:00
nshauli
f5c54428f8 Add hunter name to each event and to each vulnrability in json and yaml report 2019-06-03 16:17:33 +03:00
Liz Rice
1143b89332 Merge branch 'master' into insecure_port 2019-05-30 23:26:16 +01:00
Jan Kunzmann
0f3670dff5 Access cloud IP detection service via HTTPS 2019-05-23 13:03:18 +02:00
nshauli
ac7027dab6 1. Change hunter statistics to count vulnerabilities only. 
2. Add --statistics flag support.
3. Show hunter statistics only if --statistics was set.
4. Few infrastructure improvements.
 2019-05-20 21:32:52 +03:00
Liz Rice
229ff40a01 Fix bad merge 
And a typo while I'm here
 2019-05-14 14:07:33 +01:00
Liz Rice
7d038f50dc Merge branch 'master' into insecure_port 2019-05-14 12:00:51 +01:00
nshauli
b4df6b5298 Add support for hunters list as part of the reports. 
Each reported hunter includes name, description and number of events.
Add severity field to each vulnerability report.
 2019-05-14 12:44:30 +03:00
Liz Rice
1db39fd966 Include evidence on exposed run handler 2019-05-13 12:24:28 +01:00
Liz Rice
bfb14e229a Combine two debug messages, for clarity 2019-05-13 12:23:53 +01:00
Liz Rice
da832df36d Test for insecure port being open on port 8080 2019-05-13 12:23:23 +01:00
Liz Rice
4051fa708d Remove unused class 2019-03-20 11:57:46 +00:00
Liz Rice
fa99b4edd1 Remove unused class 2019-03-20 11:51:24 +00:00
Liz Rice
f10632f47e Merge branch 'master' into api-server-hunt-improvements 2019-03-18 17:58:12 +00:00
Liz Rice
71903ba942 Merge branch 'master' into fix-issue-99 2019-03-18 17:50:06 +00:00
Michael Cherny
c59b199a24 Removed unused variable 2019-03-11 00:56:24 +05:30
Liz Rice
1b849947fa Use a predicate and avoid a whole extra event 2019-03-08 16:27:52 +00:00
Michael Cherny
0c0a68883d Fix #98 - cvehunter now using service token discovered in hosts.py 
We use the token if available.
 2019-03-07 20:44:56 +02:00
Michael Cherny
1cd44832e6 Fixes #99 - pod local vulnerabilities are now reported as "Local to Pod" ( <pod name> ) 
Event  can now implement 'location()' method that return string representing  events logical location.
In events chain, the 'newest' event available location method will be used. This is because we compose (chain) events.
Core changed to support it.
Added 'location()' method to relevant event classes.
Reports are now using vulnerability.location() to retrieve location.
 2019-03-07 14:45:26 +02:00
Liz Rice
991214f8db Remove temp debugging 2019-03-05 10:05:01 +00:00
Weston Steimel
45d32be212 support for python3 
Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
 2019-03-04 21:37:59 +00:00
Idan Revivo
b7222d26e7 cve info change 2019-03-04 17:05:17 +02:00
Liz Rice
0f3eac9a12 Didn’t end up basing the Active Hunter on the passive one 2019-03-04 14:07:53 +00:00
Liz Rice
7296805d58 Only create per-namespace objects if we have found namespaces 2019-03-04 13:47:49 +00:00
Liz Rice
93ab052e23 Tidy up a bit more 2019-03-04 13:06:23 +00:00
Liz Rice
e77f5fdcc8 Show in the report whether access was via service token or not 2019-03-04 12:35:57 +00:00
Idan Revivo
931e76f64d changed cve details 2019-03-04 13:48:20 +02:00
Liz Rice
dd1ed76dc1 Better names, descriptions and tests 
When you query for resources, you get the ones you’re entitled to see - it’s misleading to suggest you’re getting all of them
 2019-03-04 11:43:37 +00:00
Liz Rice
5c22ecdf3c Remove superfluous tests 
There is no need to check for pods or roles under a specific namespace (even the default one) because if we’re allowed to see them we’ll have found them through the wider check for viewing all items
 2019-03-04 11:27:14 +00:00
Liz Rice
5e69d3b307 Better tests for API discovery 2019-03-04 11:23:00 +00:00
Idan Revivo
5935e0ba96 changed checking all cves 2019-03-04 11:33:39 +02:00
Idan Revivo
1d258f7447 added support for new Vulnerability CVE-2019-1002100 2019-03-03 18:57:12 +02:00
Idan Revivo
c06b94f558 moved CVE_2018_1002105 to generic cvehunter 2019-03-03 18:53:35 +02:00
Liz Rice
50078c518e Slightly better names 2019-02-26 19:56:09 +08:00
Liz Rice
a3bd1b9ef2 Improvements to the API Server hunters 2019-02-26 19:51:50 +08:00
Liz Rice
1581355a93 Read all the service account secrets 2019-02-26 08:38:35 +00:00
Liz Rice
9e0456bb66 Function is no longer getting service account token 2019-02-26 00:50:26 +00:00
Liz Rice
ffc5508819 Use token as previously obtained 2019-02-26 00:50:26 +00:00
Liz Rice
ef7f856cac Move tests so they don’t get picked up by the regular executable 2019-02-26 00:36:53 +00:00