2. Added a --remote flag to specify remote clusters/machines for hunting.
3. Improved a bit of the architecture, (Services)
Note:
The reporter module, will gather vulnerabilities before their active hunting will start.
This is not an issue, as we can access all of the attributes of the event directly from the active hunter (event.previous), which we will proccess on the end in the report
2. started working on results table.
3. *added convention* from now on, every vulnerability/service event, should have a __doc__ that describes them. notice the new get_name(), component, and explain() attributes that needs to be implemented as well.
2. Added service account token and certificate handling, when running as a pod, to try and access resources that are "secured"
3. Added anonymous auth vulnerability detection
4. Changed requirements.txt for compatibility
2. Changed method of hidden stacking of event, to send self as an argument, by inheriting from "Hunter" class. where the publish acts as a proxy to the handler.
3. Added new way of categorizing events, while added an option to subscribe to a father event. if en event gets publish, if its father event is hooked, the hook will be triggered
4. Added a reporter in log/ which listens to parent events, meanwhile Vulnerability and OpenService were added. all logging will be made from reporter from now on
2. Started adding kubelet scanning.
3. Changed events architecture. All events are inheriting from "Event" class. when instantiating and defining a new event class, attributes other than what is important for that perticular event are not needed. the event handler will be stacking the events, so that each event will have all the attributes of its successors.
This proccess is invisible to the developer, but needs to be acknowledged.
*note: from now on, all executors needs to set self.event to given arg on init*
Example (pseudo):
@subscribe(NewHostEvent)
def PortScan(event):
publish(OpenPortEvent(port="8080"))
@subscribe(OpenPortEvent)
def print(event):
print(event.host)
publish(NewHostEvent(host="0.0.0.0"))
>> output: 0.0.0.0
the print function recieves an open port event. even though when publishing the OpenPortEvent we did not specify a host, the print function can access the "host" attribute, as the OpenPortEvent successor was NewHostEvent. if "host" was not defined on the succesors, it is "None"
Added dynamic imports for all modules inside: 'events/', 'discovery/', 'hunting/' (you can now add new files with new implementations, and not worry about imports.)
Changed port timeout to be 1.5 seconds, more reliable results.
Changed default log level to INFO
Added new subscription method for events, using a "subscribe" decorator.
Added an optional predicate function to events, for optional filtering on triggered time. used mainly for OpenPortEvent.
Added proper logging and argparse
Added cleanup of threads when exiting/finishing
The idea is discovering sub paths of resources in the api and sending them for hunting.
Added Dashboard detection from Proxy.
Also improved architecture of discovery/hunting from a "secure" perspective
