* Remove __main__ references and create a top-level config module
* Move conf module into separate standalone package
* Deprecate install_imports.py script
* Rename root package to kube_hunter
The previous src root package name was too generic and not unique,
so it can be used as external name.
Change `src` to `kube_hunter` so it can be referenced in a clear way.
Addtional changes made on the way:
* Make imports absolute
* Formatting
Relates to #185
* remove todos
Co-authored-by: Ryan Lahfa <masterancpp@gmail.com>
Co-authored-by: Itay Shakury <itay@itaysk.com>
* Consider patched versions as not vulnerable by default
Change `--ignore-downstream` to `--ignore-patched-versions` and
invert it's effect.
From now on, kube-hunter will not alert patched components as default
behavior.
Resolves#194
* Rename flag --ignore-patched-versions to --include-patched-versions
* Ignore downstream version flag
This commit adds `--ignore-downstream` flag to kube-hunter.
Enabling the flag will make kube-hunter considering patched versions
as not vulnerable.
Resolves#179
* Add test cases and refine argument description
* added basic metrics server discovery
* improved discovery, and added KNOWN PORTS usage
* improved apiserver decision
* fixed bug with comparison of IP addresses in kubeservicehost
* improved description of api server discovery
* added checks with auth_token on discovery
* fixed bug in version requests and added to tests
* added an abstract 'unrecognized API' event, and a filter for it for classification
* changed filtering to be done on the same event
* fixed verify on session and removed unnecessary enum
* minor changes to comments
* added detailed explanation
* changed version hunting to be on a a new version disclosure vulnerability
* fixed version publish
* added logging and fixed typo
* changed whole way of comparing versions in cve hunter
* changed K8sVersionDisclosure vulnerability to one core vulnerability, that takes an endpoint. changed all usage
* added tests
* merged kubectl cve hunting with apiserver hunting. and simplified the code of apiserver cve hunting
* fixed tests to new names
* changed name of module to cves.py
* drastically improved the cve vulnerble detection utility function. now works with all types of versioning methods
* added packaging in requirementes.txt
* added another test, and improved logic on cve comparison for more complicated versions
* changed CveHunter to subscribe_once, to prevent duplicates duplicates
* fixed tests for new improvements
* removed unnecessary ternary on doc
* removed unnecessary join split
* improved compare function, made it util
* improved cve checking to use mapping
