* removed false negative in AzureSpnHunter when /run is disabled
* changed to use direct imported class
* fixed multiple bugs in azure spn hunting, and improved efficency
* fixed bug in cloud identification. TODO: remove the outsourcing for cloud provider
* removed unused config variable
* fixed tests to use already parsed pods as the given previous event has changed
* changed ubuntu to an older version, for compatibility reasons with glibc on pyinstaller steps and added a step to parse the release tag
* removed parsing of release tag
* changed flow name
* removed 'release' from the release name
* changed link to point to avd
* changed kb_links to be on base report module. and updated to point to avd. now json output returns the full avd url to the vulnerability
* switched to adding a new avd_reference instead of changed the VID
* added newline to fix linting
* added the link of contribution page
users can directly go to the contribution page from here after reading the readme file
* added it to the table of contents
* Done
sorry for my prev. mistake, now its fixed.
Co-authored-by: danielsagi <danielsagi2009@gmail.com>
Given that the Description tends to go over 100 characters as well, it
seems appropriate to loosen the restriction of the evidence field.
Fixes#111
Co-authored-by: danielsagi <danielsagi2009@gmail.com>
* fixed etcd version hunting typo
* changed self.protocol in other places on etcd hunting. this is a typo, protocol is a property of events, not hunters
Co-authored-by: Daniel Sagi <daniel@example.com>
Co-authored-by: Liz Rice <liz@lizrice.com>
Existing job.yml has wrong command for command ["python", "kube-hunter,py"]. But it should change to command ["kube-hunter"]
Co-authored-by: Liz Rice <liz@lizrice.com>
* striping was incorrect due to multiple newlines in certificate returned from ssl.get_server_certificate
* changed ' to " for linting
Co-authored-by: Daniel Sagi <daniel@example.com>
* removed unnecessary files from final image, using multistaged build
* added ebtables and tcpdump packages to multistage
Co-authored-by: Daniel Sagi <daniel@example.com>
* Introducing active hunters:
- FootholdViaSecureKubeletPort
- MaliciousIntentViaSecureKubeletPort
* Format
Updating code according to expected linting format.
* Format
Updating code according to expected linting format.
* Format
Updating code according to expected linting format.
* Format
Updating code according to expected linting format.
* Testing
Update code according to expected testing standards and implementation.
* Update documentation.
- Added some more mitigations and updated the references list.
* f-string is missing placeholders.
- flake8 is marking this line as an issue as it lacks a placeholder when indicating the use of f-string; corrected.
* Update kubelet.py
- Add network_timeout parameter into requests.post and requests.get execution.
* Update kubelet.py
- Modified name of variable.
* Update kubelet.py and test_kubelet.py
- Remove certificate authority.
* Update kubelet.py and test_kubelet.py.
- Introducing default number of rm attempts.
* Update kubelet.py and test_kubelet.py.
- Introduced number of rmdir and umount attempts.
* Update kubelet.py
- Modified filename to match kube-hunter description.
* Update several files.
- Instated the use of self.event.session for GET and POST requests.
- Testing modified accordingly to complete coverage of changes and introduced methods.
- Requirements changed such that the required version that supports sessions mocking is obtained.
* Update kubelet.py
- Introduced warnings for the following commands in case of failure: rm, rmdir, and umount.
* Update kubelet.py
- Remove "self.__class__.__name___" from self.event.evidence.
* Update kubelet.py
- Remove unnecessary message section.
* Update files.
- Address class change.
- Fix testing failure after removing message section.
* Update kubelet.py
- Provide POD and CONTAINER as part of the warning messages in the log.
Co-authored-by: Abdullah Garcia <abdullah.garcia@jpmorgan.com>
Co-authored-by: Yehuda Chikvashvili <yehudaac1@gmail.com>
Co-authored-by: danielsagi <danielsagi2009@gmail.com>
* fixed f string
* fixed wrong iteration on list when getting random pod
* added '/' suffix to path on kubelet debug handlers tests
* also fixed minor bug in etcd, protocol was refrenced on the hunter and not on the event
* ran black format
* moved protocol to be https
* ran black again
* fixed PR comments
* ran black again, formatting
* added plugins submodule, created two hookspecs, one for adding arguments, one for running code after the argument parsing
* implemented plugins application on main file, changed mechanism for argument parsing
* changed previous parsing function to not create the ArgumentParser, and implemented it as a hook for the parsing mechanism
* added pluggy to required deps
* removed unecessary add_config import
* fixed formatting using black
* restored main link file from master
* moved import of parser to right before the register call, to avoid circular imports
* added tests for the plugins hooks
* removed blank line space
* black reformat
* Remove plugins
Current usage of plugins is not pluggable and includes logging
stuff.
Move this to conf/logging.
* Removed dynamic imports
* Add tests for hunters registration
* Fix "none" logging
Test for different logging levels, existing and none existing
Co-authored-by: yoavrotems <yoavrotems97@gmail.com>
Co-authored-by: Yehuda Chikvashvili <yehudaac1@gmail.com>
