* moved report output into dispatchers, stdout by default with config option of http(s)
* notes in arg config on how to configure http dispatcher
* removed some debug log visibility indicators
* missing import
* env vars more descriptive: KUBEHUNTER_HTTP_DISPATCH_METHOD and KUBEHUNTER_HTTP_DISPATCH_URL
* optimisation: delayed instantiation of the dispatcher until after selection to avoid instantiating unnecessarily
* refactor: config selection as per reporter selection
* bugfix: fall-back to default required if unknown reporter or dispatcher specified
* swapping urllib3 for requests
* corrected visibility levels for logging
* moving dispatchers into a file in reporters rather than it's own place to fit with theme and support dynamic module loading
* added an implementation for scanning api server from env variable, without duplications, when running as pod
* fixed issue with convertion of ip address
* added pods data on ExposedPodsHandler event, for later use
* added /var/log write mount hunter. in 'mounts' module. also an active hunter which exploits run handler as well
* removed unnecesary variables
* changed active hunter description
* minor changes to vulnerability descriptions
* removed unnecessary imports from main file
* added a script that generates static __init__ files based on existing modules
* added documentation
* added installing of plugins imports to script
* 1. added /logs Active hunter and tester.
2. changed kubelet handlers enum to be accessible as KubeletHandlers
3. added kubelet requests session to the event chain, for active hunters to use.
* added usage of event.session in the run active hunter
* changed kubelet run handler test to be not state-changing
* changed fake_container name to be more random
* changed run handler to GET and check for method not allowed
* removed python2 from readme and travis
* changed except on caps hunter to except PermissionError, supports only from python3
* removed python2 support in main file
* changed cvehunter to use res.text in place of res.content (python3 returnes a bytes object for content)
* added hunter for Capabilities, and a check for NET_RAW
* changed to Hunter from Discovery
* added description for hunter
* changed from PermissionError on net_raw check. for python2 support
* Clarify vulnerability description
Stating that this vulnerability only becomes a problem if a pod gets compromised
* added event filtering mechanism, as well as a detailed explanation in src/README
* changed filter search to run only once for each event, also now returning None to indicate keeping of event
* expanded explanation of filtering in readme
* Tiny typo
* made changes for better readability, also filter should now return None to indicate throwing of event
* changed apply filters loop to be simple and running on each publish.
* changed README
* added reassuring of parent event after filters
* moved event filtering to another function, now supporting trhoeing of event mid loop
* added note in README about event.previous
* Tiny text corrections
* More accurate comment
"Throwing an event" can actually mean triggering it (which is different from "throwing it _away_"). But I went for "discarded" here to be completely clear
* Remove superflous space that had crept in
* optimised docker image
* use multi-stage image to remove build dependencies from final layer
* updated to python 3.7.3
Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
* add /etc/ethertypes in final layer
Added ebtables and copy /etc/ethertypes to disable warning in verions of
scapy with EtherCat functionality. This also fixes misspelling of
tcpdump package in build layer.
Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
* added a new hunter for CVE-2019-11246
* added KubectlClient component
* overriden location function on event to display a 'local machine' location
* added clarification about kubectl version --client operation
* Fix tiny typo
It reads better without the comma
* removed unnecessary debug message
* added CVE hunter for kubectl to allow more CVE checking.
