github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-05-13 12:47:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
248 Commits 55 Branches 19 Tags
8a14de9454613f1e2d85daf27f453623286cc93a
Commit Graph

123 Commits

Author SHA1 Message Date
oriagmon
8a14de9454 Fixed some minor errors in passive hunter & used more of the active hunter methods 2018-11-07 22:32:18 +02:00
oriagmon
e60d44b5ae Finish Implemented hunters & moved some active hunters to passive hunter. 2018-11-07 22:32:18 +02:00
oriagmon
e8eb192b35 WIP, time to fix PR on another branch 2018-11-07 22:32:18 +02:00
oriagmon
d7e2ac9dc7 WIP, but have to go now: 
(1)Tested manually most of the methods! (2) Published most of events. (3) Added TODOs.
 2018-11-07 22:32:18 +02:00
oriagmon
830c42b76e Added corresponding events & descriptions for the new methods 2018-11-07 22:32:18 +02:00
oriagmon
889ea7316c Manually tested requests and changed some methods! 2018-11-07 22:32:18 +02:00
oriagmon
9ae772eeaa Improved todo, Added all api calls to API server, we have to test & modify them (when needed) 2018-11-07 22:32:18 +02:00
oriagmon
47aa4c40bb minor Typo 2018-11-07 22:32:18 +02:00
oriagmon
16a6590f5e Added all the rest of the api calls to the API server and specified algorithm in words 2018-11-07 22:32:18 +02:00
oriagmon
d1c59fb982 I didn't Finish that hunter yet ( a todo is detailed on my Trello). 2018-11-07 22:32:18 +02:00
oriagmon
1c324a3f2a Finish that hunter (detailed on my Trello). 2018-11-07 22:32:18 +02:00
oriagmon
b95feebcba Added a lot of active hunters, using different API Server methods to publish all relevant events from a compromised pod 2018-11-07 22:32:18 +02:00
oriagmon
eaa0d8e8e0 Added two hunters attempting to exploit authorized pod RBAC configurations 2018-11-07 22:32:17 +02:00
oriagmon
5a790b1ece Listen on port 443 as well now. 2018-11-07 22:32:17 +02:00
ori.agmon
359b766e17 Fixed PR comment: Added proper exception handling. 
Added logging for this hunter.
 2018-11-07 22:32:17 +02:00
ori.agmon
a3b80dc92d Improved vulnerability description for this hunter 2018-11-07 22:32:17 +02:00
ori.agmon
a3a7e33f9c Minor changes-> removed unused imports & small fixes 2018-11-07 22:32:17 +02:00
ori.agmon
2930167d78 Added apiserver hunter, would attempt to get the service account token and access the server api with it 2018-11-07 22:32:17 +02:00
ori.agmon
369e70ad6e Fixed the PR comments :-) 2018-11-07 22:32:17 +02:00
ori.agmon
72dfbdc34d Fixed the PR comments :-) 2018-11-07 22:32:17 +02:00
ori.agmon
c200fcc416 Improved unauthorized access false positive on edge case (where user is running using https & 127.0.0.1 & needed certificates) 2018-11-07 22:32:17 +02:00
ori.agmon
a67e6a57c3 Added evidence to the no auth event & tested it on a vulnerable remote cluster (and it worked!) 2018-11-07 22:32:17 +02:00
ori.agmon
5d6eea72f7 Updated the todos list 2018-11-07 22:32:17 +02:00
ori.agmon
5dbcdcedb7 Added categories to all vulnerabilities 2018-11-07 22:32:17 +02:00
ori.agmon
2da03d812d Fixed a small bug in the active hunter 2018-11-07 22:32:17 +02:00
ori.agmon
0299800cd2 Fixed a small bug in the active hunter 2018-11-07 22:32:17 +02:00
ori.agmon
730b19547b Fixed a small bug in the active hunter & passive hunter 2018-11-07 22:32:17 +02:00
ori.agmon
1d7120bfe1 Updated the TODOS list (Only 2 left!) 2018-11-07 22:32:17 +02:00
ori.agmon
5e42246773 Added some evidences to events & deleted unused code 2018-11-07 22:32:17 +02:00
ori.agmon
40213db654 I've Split the etcd hunters to hunting & discovery dirs 2018-11-07 22:32:17 +02:00
ori.agmon
9148d5273b Added init method to the etcd active hunter 2018-11-07 22:32:17 +02:00
ori.agmon
0a4c80cb09 Solved some exception bugs & did some refactoring to code & Added event & splited active & passive hunter 2018-11-07 22:32:17 +02:00
ori.agmon
e764d5f21b Solved some exception bugs & did some refactoring to code & Added event 2018-11-07 22:32:17 +02:00
ori.agmon
09c076c6a5 Solved some exception bugs & did some refactoring to code 2018-11-07 22:32:17 +02:00
ori.agmon
10e9a63e50 Added timeout for each request. 
Finished with some of the TODOS tasks (added logs).
Added another TODO task for this branch.
 2018-11-07 22:32:17 +02:00
ori.agmon
bca2f3614c Edited some of the etcd checking & added 2379 port checking 2018-11-07 22:32:17 +02:00
ori.agmon
242260b03e Added some remote access to etcd checks. 2018-11-07 22:32:17 +02:00
oriagmon
54da07a73e Cleaned this branch to contain only updated secrets branch without locking 2018-10-21 11:23:30 +03:00
oriagmon
b37ebf0fee Removed note & added parentheses to a return statement condition 2018-10-17 10:44:34 +03:00
oriagmon
568e96c2f4 merged with multi-threaded-bug 2018-10-16 17:18:36 +03:00
oriagmon
1b18825b5e Merge branch 'solve-multi-threading-bug' into access-secrets-hunter 2018-10-16 17:16:42 +03:00
ori.agmon
1e4ead93f4 Created RunningAsPodEvent 
Throw it from hosts.py when running form pod
I was able to subscribe to the RunningAsPodEvent thanks to a Rebased with the branch that fix the circular dependencies bug (moveAzureComponentToTypes branch)
 2018-10-16 17:12:42 +03:00
ori.agmon
1f01076cf6 Created RunningAsPodEvent 
Throw it from hosts.py when running form pod
I was able to subscribe to the RunningAsPodEvent thanks to a Rebased with the branch that fix the circular dependencies bug (moveAzureComponentToTypes branch)
 2018-10-16 17:12:42 +03:00
ori.agmon
08f38c623f Had to remove the Azure component form the hunting/aks since it made a circular dependency bug! 2018-10-16 17:12:36 +03:00
ori.agmon
1f9b611237 Fixed all PR comments, just have to change the subscription now.. 2018-10-16 17:12:24 +03:00
ori.agmon
eb5a0a6df2 Removed try & except & added logging 2018-10-16 17:12:24 +03:00
ori.agmon
8a8f2272ec changed subscription 2018-10-16 17:12:24 +03:00
ori.agmon
efd2563e2a Improved description for this hunter 2018-10-16 17:12:24 +03:00
ori.agmon
d3658f2d3d removed the traceback after tested successfully 2018-10-16 17:12:24 +03:00
ori.agmon
5de247b0f5 changed the way im checking how many secrets there are at the default secrets path 2018-10-16 17:12:24 +03:00