* Ignore downstream version flag
This commit adds `--ignore-downstream` flag to kube-hunter.
Enabling the flag will make kube-hunter considering patched versions
as not vulnerable.
Resolves#179
* Add test cases and refine argument description
* added arp passive hunter
* seperated arp and dns hunters, made them active and fixed some coe on arp
* added description for hunters, and refactored description for vulnerabilities
* minor typo
* replaced google.com with 1.1.1.1
* fixed comments
* fixed scapy
* validated output of get_kube_dns_ip_mac
* minor addition to description
* added documantation in readme
* minor changes to logging levels and formatting
* changed example in readme
* fixed merge
* added info logging to http dispatch method
* changed description from environ to environment variables
* changed version hunting to be on a a new version disclosure vulnerability
* fixed version publish
* added logging and fixed typo
* changed whole way of comparing versions in cve hunter
* changed K8sVersionDisclosure vulnerability to one core vulnerability, that takes an endpoint. changed all usage
* added tests
* merged kubectl cve hunting with apiserver hunting. and simplified the code of apiserver cve hunting
* fixed tests to new names
* changed name of module to cves.py
* drastically improved the cve vulnerble detection utility function. now works with all types of versioning methods
* added packaging in requirementes.txt
* added another test, and improved logic on cve comparison for more complicated versions
* changed CveHunter to subscribe_once, to prevent duplicates duplicates
* fixed tests for new improvements
* removed unnecessary ternary on doc
* removed unnecessary join split
* improved compare function, made it util
* improved cve checking to use mapping
* added detection for CVE-2019-9512 and CVE-2019-9514
* added detection for CVE-2019-11247 and added minor comments
* changed python version to 3.8.rc and removed wireshark from build. also added a plugin to supress scapy's warnings about the manuf
* changed to alpine 3.10, on docker file and removed unnecessary logging suppression
* changed to python 3.7
* changed base image on builder as well
* added basic metrics server discovery
* improved discovery, and added KNOWN PORTS usage
* improved apiserver decision
* fixed bug with comparison of IP addresses in kubeservicehost
* improved description of api server discovery
* added checks with auth_token on discovery
* fixed bug in version requests and added to tests
* added an abstract 'unrecognized API' event, and a filter for it for classification
* changed filtering to be done on the same event
* fixed verify on session and removed unnecessary enum
* minor changes to comments
* added detailed explanation
* changed version hunting to be on a a new version disclosure vulnerability
* fixed version publish
* added logging and fixed typo
* changed whole way of comparing versions in cve hunter
* changed K8sVersionDisclosure vulnerability to one core vulnerability, that takes an endpoint. changed all usage
* added tests
* merged kubectl cve hunting with apiserver hunting. and simplified the code of apiserver cve hunting
* fixed tests to new names
* changed name of module to cves.py
* drastically improved the cve vulnerble detection utility function. now works with all types of versioning methods
* added packaging in requirementes.txt
* added another test, and improved logic on cve comparison for more complicated versions
* changed CveHunter to subscribe_once, to prevent duplicates duplicates
* fixed tests for new improvements
* removed unnecessary ternary on doc
* removed unnecessary join split
* improved compare function, made it util
* improved cve checking to use mapping
* moved report output into dispatchers, stdout by default with config option of http(s)
* notes in arg config on how to configure http dispatcher
* removed some debug log visibility indicators
* missing import
* env vars more descriptive: KUBEHUNTER_HTTP_DISPATCH_METHOD and KUBEHUNTER_HTTP_DISPATCH_URL
* optimisation: delayed instantiation of the dispatcher until after selection to avoid instantiating unnecessarily
* refactor: config selection as per reporter selection
* bugfix: fall-back to default required if unknown reporter or dispatcher specified
* swapping urllib3 for requests
* corrected visibility levels for logging
* moving dispatchers into a file in reporters rather than it's own place to fit with theme and support dynamic module loading
* added an implementation for scanning api server from env variable, without duplications, when running as pod
* fixed issue with convertion of ip address
* added pods data on ExposedPodsHandler event, for later use
* added /var/log write mount hunter. in 'mounts' module. also an active hunter which exploits run handler as well
* removed unnecesary variables
* changed active hunter description
* minor changes to vulnerability descriptions
* 1. added /logs Active hunter and tester.
2. changed kubelet handlers enum to be accessible as KubeletHandlers
3. added kubelet requests session to the event chain, for active hunters to use.
* added usage of event.session in the run active hunter
* changed kubelet run handler test to be not state-changing
* changed fake_container name to be more random
* changed run handler to GET and check for method not allowed
* removed python2 from readme and travis
* changed except on caps hunter to except PermissionError, supports only from python3
* removed python2 support in main file
* changed cvehunter to use res.text in place of res.content (python3 returnes a bytes object for content)
* added hunter for Capabilities, and a check for NET_RAW
* changed to Hunter from Discovery
* added description for hunter
* changed from PermissionError on net_raw check. for python2 support
* Clarify vulnerability description
Stating that this vulnerability only becomes a problem if a pod gets compromised
* added event filtering mechanism, as well as a detailed explanation in src/README
* changed filter search to run only once for each event, also now returning None to indicate keeping of event
* expanded explanation of filtering in readme
* Tiny typo
* made changes for better readability, also filter should now return None to indicate throwing of event
* changed apply filters loop to be simple and running on each publish.
* changed README
* added reassuring of parent event after filters
* moved event filtering to another function, now supporting trhoeing of event mid loop
* added note in README about event.previous
* Tiny text corrections
* More accurate comment
"Throwing an event" can actually mean triggering it (which is different from "throwing it _away_"). But I went for "discarded" here to be completely clear
* Remove superflous space that had crept in
* added a new hunter for CVE-2019-11246
* added KubectlClient component
* overriden location function on event to display a 'local machine' location
* added clarification about kubectl version --client operation
* Fix tiny typo
It reads better without the comma
* removed unnecessary debug message
* added CVE hunter for kubectl to allow more CVE checking.
Event can now implement 'location()' method that return string representing events logical location.
In events chain, the 'newest' event available location method will be used. This is because we compose (chain) events.
Core changed to support it.
Added 'location()' method to relevant event classes.
Reports are now using vulnerability.location() to retrieve location.
