removed cache and changed to only use ubuntu-latest

removed unsupported ubuntu16 machines
2026-02-16 02:49:58 +00:00 · 2021-09-30 16:32:04 +03:00 · 2021-09-30 16:07:22 +03:00
53 changed files with 44 additions and 238 deletions
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -77,10 +77,9 @@ jobs:
          python-version: '3.9'

      - name: Install dependencies
-        shell: bash
        run: |
-          pip install -U pip
-          make deps
+          python -m pip install -U pip
+          python -m pip install -r requirements-dev.txt

      - name: Build project
        shell: bash
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,7 +10,7 @@ name: Release
 jobs:
  build:
    name: Upload Release Asset
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
@@ -18,14 +18,12 @@ jobs:
      - name: Set up Python
        uses: actions/setup-python@v2
        with:
-          python-version: '3.8'
+          python-version: '3.9'

      - name: Install dependencies
-        shell: bash
        run: |
-          pip install -U pip
-          pip install pyinstaller
-          make deps
+          python -m pip install -U pip
+          python -m pip install -r requirements-dev.txt

      - name: Build project
        shell: bash
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -13,7 +13,7 @@ jobs:
      fail-fast: false
      matrix:
        python-version: ["3.6", "3.7", "3.8", "3.9"]
-        os: [ubuntu-20.04, ubuntu-18.04]
+        os: [ubuntu-latest]

    steps:
      - uses: actions/checkout@v2
@@ -23,26 +23,10 @@ jobs:
        with:
          python-version: ${{ matrix.python-version }}

-      - name: Get pip cache dir
-        id: pip-cache
-        run: |
-          echo "::set-output name=dir::$(pip cache dir)"
-
-      - name: Cache
-        uses: actions/cache@v2
-        with:
-          path: ${{ steps.pip-cache.outputs.dir }}
-          key:
-            ${{ matrix.os }}-${{ matrix.python-version }}-${{ hashFiles('requirements-dev.txt') }}
-          restore-keys: |
-            ${{ matrix.os }}-${{ matrix.python-version }}-
-
      - name: Install dependencies
-        shell: bash
        run: |
-          pip install -U pip
-          make dev-deps
-          make install
+          python -m pip install -U pip
+          python -m pip install -e .

      - name: Test
        shell: bash
--- a/MITRE.png
+++ b/MITRE.png
--- a/2
+++ b/2
@@ -31,7 +31,7 @@ lint-check:

 .PHONY: test
 test:
-	python -m pytest
+	pytest

 .PHONY: build
 build:
--- a/README.md
+++ b/README.md
@@ -18,8 +18,7 @@ kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was d

 **Run kube-hunter**: kube-hunter is available as a container (aquasec/kube-hunter), and we also offer a web site at [kube-hunter.aquasec.com](https://kube-hunter.aquasec.com) where you can register online to receive a token allowing you to see and share the results online. You can also run the Python code yourself as described below.

-**Explore vulnerabilities**: The kube-hunter knowledge base includes articles about discoverable vulnerabilities and issues. When kube-hunter reports an issue, it will show its VID (Vulnerability ID) so you can look it up in the KB at https://aquasecurity.github.io/kube-hunter/  
-_If you're interested in kube-hunter's integration with the Kubernetes ATT&CK Matrix [Continue Reading](#kuberentes-attck-matrix)_
+**Explore vulnerabilities**: The kube-hunter knowledge base includes articles about discoverable vulnerabilities and issues. When kube-hunter reports an issue, it will show its VID (Vulnerability ID) so you can look it up in the KB at https://aquasecurity.github.io/kube-hunter/

 **Contribute**: We welcome contributions, especially new hunter modules that perform additional tests. If you would like to develop your modules please read [Guidelines For Developing Your First kube-hunter Module](https://github.com/aquasecurity/kube-hunter/blob/main/CONTRIBUTING.md).

@@ -29,7 +28,6 @@ Table of Contents
 =================

 - [Table of Contents](#table-of-contents)
-  - [Kubernetes ATT&CK Matrix](#kubernetes-attck-matrix)
  - [Hunting](#hunting)
    - [Where should I run kube-hunter?](#where-should-i-run-kube-hunter)
    - [Scanning options](#scanning-options)
@@ -39,9 +37,8 @@ Table of Contents
    - [Nodes Mapping](#nodes-mapping)
    - [Output](#output)
    - [Dispatching](#dispatching)
-  - [Advanced Usage](#advanced-usage)
-    - [Azure Quick Scanning](#azure-quick-scanning)
-    - [Custom Hunting](#custom-hunting)
+    - [Advanced Usage](#advanced-usage)
+      - [Azure Quick Scanning](#azure-quick-scanning)
  - [Deployment](#deployment)
    - [On Machine](#on-machine)
      - [Prerequisites](#prerequisites)
@@ -51,21 +48,9 @@ Table of Contents
    - [Pod](#pod)
  - [Contribution](#contribution)
  - [License](#license)
-
---
-## Kubernetes ATT&CK Matrix
-
-kube-hunter now supports the new format of the Kubernetes ATT&CK matrix.
-While kube-hunter's vulnerabilities are a collection of creative techniques designed to mimic an attacker in the cluster (or outside it)
-The Mitre's ATT&CK defines a more general standardised categories of techniques to do so.
-
-You can think of kube-hunter vulnerabilities as small steps for an attacker, which follows the track of a more general technique he would aim for.
-Most of kube-hunter's hunters and vulnerabilities can closly fall under those techniques, That's why we moved to follow the Matrix standard.  
- 
-_Some kube-hunter vulnerabities which we could not map to Mitre technique, are prefixed with the `General` keyword_ 
-![kube-hunter](./MITRE.png)
-
+         
 ## Hunting
+
 ### Where should I run kube-hunter?

 There are three different ways to run kube-hunter, each providing a different approach to detecting weaknesses in your cluster:
@@ -76,7 +61,6 @@ You can run kube-hunter directly on a machine in the cluster, and select the opt

 You can also run kube-hunter in a pod within the cluster. This indicates how exposed your cluster would be if one of your application pods is compromised (through a software vulnerability, for example). (_`--pod` flag_)

-
 ### Scanning options

 First check for these **[pre-requisites](#prerequisites)**.
@@ -157,49 +141,11 @@ Available dispatch methods are:
    * KUBEHUNTER_HTTP_DISPATCH_URL (defaults to: https://localhost)
    * KUBEHUNTER_HTTP_DISPATCH_METHOD (defaults to: POST)

-
-## Advanced Usage
-### Azure Quick Scanning 
+### Advanced Usage  
+#### Azure Quick Scanning 
 When running **as a Pod in an Azure or AWS environment**, kube-hunter will fetch subnets from the Instance Metadata Service. Naturally this makes the discovery process take longer.
 To hardlimit subnet scanning to a `/24` CIDR, use the `--quick` option. 

-### Custom Hunting
-Custom hunting enables advanced users to have control over what hunters gets registered at the start of a hunt. 
-**If you know what you are doing**, this can help if you want to adjust kube-hunter's hunting and discovery process for your needs.
-
-Example: 
-```
-kube-hunter --custom <HunterName1> <HunterName2>
-``` 
-Enabling Custom hunting removes all hunters from the hunting process, except the given whitelisted hunters.
-
-The `--custom` flag reads a list of hunters class names, in order to view all of kube-hunter's class names, you can combine the flag `--raw-hunter-names` with the `--list` flag.  
-
-Example: 
-```
-kube-hunter --active --list --raw-hunter-names
-```
-
-**Notice**: Due to kube-huner's architectural design, the following "Core Hunters/Classes" will always register (even when using custom hunting):
-* HostDiscovery 
-  * _Generates ip addresses for the hunt by given configurations_
-  * _Automatically discovers subnets using cloud Metadata APIs_
-* FromPodHostDiscovery
-  * _Auto discover attack surface ip addresses for the hunt by using Pod based environment techniques_
-  * _Automatically discovers subnets using cloud Metadata APIs_
-* PortDiscovery
-  * _Port scanning given ip addresses for known kubernetes services ports_
-* Collector
-  * _Collects discovered vulnerabilities and open services for future report_
-* StartedInfo 
-  * _Prints the start message_
-* SendFullReport 
-  * _Dispatching the report based on given configurations_
-
-
-
-
-
 ## Deployment
 There are three methods for deploying kube-hunter:

--- a/docs/_kb/KHV002.md
+++ b/docs/_kb/KHV002.md
@@ -2,7 +2,6 @@
 vid: KHV002
 title: Kubernetes version disclosure
 categories: [Information Disclosure]
-severity: LOW
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV003.md
+++ b/docs/_kb/KHV003.md
@@ -2,7 +2,6 @@
 vid: KHV003
 title: Azure Metadata Exposure
 categories: [Information Disclosure]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV004.md
+++ b/docs/_kb/KHV004.md
@@ -2,7 +2,6 @@
 vid: KHV004
 title: Azure SPN Exposure
 categories: [Identity Theft]
-severity: MEDIUM
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV005.md
+++ b/docs/_kb/KHV005.md
@@ -2,7 +2,6 @@
 vid: KHV005
 title: Access to Kubernetes API
 categories: [Information Disclosure, Unauthenticated Access]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV006.md
+++ b/docs/_kb/KHV006.md
@@ -2,7 +2,6 @@
 vid: KHV006
 title: Insecure (HTTP) access to Kubernetes API
 categories: [Unauthenticated Access]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV007.md
+++ b/docs/_kb/KHV007.md
@@ -2,7 +2,6 @@
 vid: KHV007
 title: Specific Access to Kubernetes API
 categories: [Access Risk]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV020.md
+++ b/docs/_kb/KHV020.md
@@ -2,7 +2,6 @@
 vid: KHV020
 title: Possible Arp Spoof
 categories: [IdentityTheft]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV021.md
+++ b/docs/_kb/KHV021.md
@@ -2,7 +2,6 @@
 vid: KHV021
 title: Certificate Includes Email Address
 categories: [Information Disclosure]
-severity: LOW
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV022.md
+++ b/docs/_kb/KHV022.md
@@ -2,7 +2,6 @@
 vid: KHV022
 title: Critical Privilege Escalation CVE
 categories: [Privilege Escalation]
-severity: CRITICAL
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV023.md
+++ b/docs/_kb/KHV023.md
@@ -2,7 +2,6 @@
 vid: KHV023
 title: Denial of Service to Kubernetes API Server
 categories: [Denial Of Service]
-severity: MEDIUM
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV024.md
+++ b/docs/_kb/KHV024.md
@@ -2,7 +2,6 @@
 vid: KHV024
 title: Possible Ping Flood Attack
 categories: [Denial Of Service]
-severity: MEDIUM
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV025.md
+++ b/docs/_kb/KHV025.md
@@ -2,7 +2,6 @@
 vid: KHV025
 title: Possible Reset Flood Attack
 categories: [Denial Of Service]
-severity: MEDIUM
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV026.md
+++ b/docs/_kb/KHV026.md
@@ -2,7 +2,6 @@
 vid: KHV026
 title: Arbitrary Access To Cluster Scoped Resources
 categories: [PrivilegeEscalation]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV027.md
+++ b/docs/_kb/KHV027.md
@@ -2,7 +2,6 @@
 vid: KHV027
 title: Kubectl Vulnerable To CVE-2019-11246
 categories: [Remote Code Execution]
-severity: MEDIUM
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV028.md
+++ b/docs/_kb/KHV028.md
@@ -2,7 +2,6 @@
 vid: KHV028
 title: Kubectl Vulnerable To CVE-2019-1002101
 categories: [Remote Code Execution]
-severity: MEDIUM
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV029.md
+++ b/docs/_kb/KHV029.md
@@ -2,7 +2,6 @@
 vid: KHV029
 title: Dashboard Exposed
 categories: [Remote Code Execution]
-severity: CRITICAL
 ---

 # {{ page.vid }} - {{ page.title }}
@@ -13,5 +12,4 @@ An open Kubernetes Dashboard was detected. The Kubernetes Dashboard can be used

 ## Remediation

-Do not leave the Dashboard insecured.
-
+Do not leave the Dashboard insecured.
--- a/docs/_kb/KHV030.md
+++ b/docs/_kb/KHV030.md
@@ -2,7 +2,6 @@
 vid: KHV030
 title: Possible DNS Spoof
 categories: [Identity Theft]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV031.md
+++ b/docs/_kb/KHV031.md
@@ -2,7 +2,6 @@
 vid: KHV031
 title: Etcd Remote Write Access Event
 categories: [Remote Code Execution]
-severity: CRITICAL
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV032.md
+++ b/docs/_kb/KHV032.md
@@ -2,7 +2,6 @@
 vid: KHV032
 title: Etcd Remote Read Access Event
 categories: [Access Risk]
-severity: CRITICAL
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV033.md
+++ b/docs/_kb/KHV033.md
@@ -2,7 +2,6 @@
 vid: KHV033
 title: Etcd Remote version disclosure
 categories: [Information Disclosure]
-severity: MEDIUM
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV034.md
+++ b/docs/_kb/KHV034.md
@@ -2,7 +2,6 @@
 vid: KHV034
 title: Etcd is accessible using insecure connection (HTTP)
 categories: [Unauthenticated Access]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV036.md
+++ b/docs/_kb/KHV036.md
@@ -2,7 +2,6 @@
 vid: KHV036
 title: Anonymous Authentication
 categories: [Remote Code Execution]
-severity: CRITICAL
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV037.md
+++ b/docs/_kb/KHV037.md
@@ -2,7 +2,6 @@
 vid: KHV037
 title: Exposed Container Logs
 categories: [Information Disclosure]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV038.md
+++ b/docs/_kb/KHV038.md
@@ -2,7 +2,6 @@
 vid: KHV038
 title: Exposed Running Pods
 categories: [Information Disclosure]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV039.md
+++ b/docs/_kb/KHV039.md
@@ -2,7 +2,6 @@
 vid: KHV039
 title: Exposed Exec On Container
 categories: [Remote Code Execution]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV040.md
+++ b/docs/_kb/KHV040.md
@@ -2,7 +2,6 @@
 vid: KHV040
 title: Exposed Run Inside Container
 categories: [Remote Code Execution]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV041.md
+++ b/docs/_kb/KHV041.md
@@ -2,7 +2,6 @@
 vid: KHV041
 title: Exposed Port Forward
 categories: [Remote Code Execution]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV042.md
+++ b/docs/_kb/KHV042.md
@@ -2,7 +2,6 @@
 vid: KHV042
 title: Exposed Attaching To Container
 categories: [Remote Code Execution]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV043.md
+++ b/docs/_kb/KHV043.md
@@ -2,7 +2,6 @@
 vid: KHV043
 title: Cluster Health Disclosure
 categories: [Information Disclosure]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV044.md
+++ b/docs/_kb/KHV044.md
@@ -2,7 +2,6 @@
 vid: KHV044
 title: Privileged Container
 categories: [Access Risk]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV045.md
+++ b/docs/_kb/KHV045.md
@@ -2,7 +2,6 @@
 vid: KHV045
 title: Exposed System Logs
 categories: [Information Disclosure]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV046.md
+++ b/docs/_kb/KHV046.md
@@ -2,7 +2,6 @@
 vid: KHV046
 title: Exposed Kubelet Cmdline
 categories: [Information Disclosure]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV047.md
+++ b/docs/_kb/KHV047.md
@@ -2,7 +2,6 @@
 vid: KHV047
 title: Pod With Mount To /var/log
 categories: [Privilege Escalation]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV049.md
+++ b/docs/_kb/KHV049.md
@@ -2,7 +2,6 @@
 vid: KHV049
 title: kubectl proxy Exposed
 categories: [Information Disclosure]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV050.md
+++ b/docs/_kb/KHV050.md
@@ -2,7 +2,6 @@
 vid: KHV050
 title: Read access to Pod service account token
 categories: [Access Risk]
-severity: MEDIUM
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV051.md
+++ b/docs/_kb/KHV051.md
@@ -2,7 +2,6 @@
 vid: KHV051
 title: Exposed Existing Privileged Containers Via Secure Kubelet Port
 categories: [Access Risk]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV052.md
+++ b/docs/_kb/KHV052.md
@@ -2,7 +2,6 @@
 vid: KHV052
 title: Exposed Pods
 categories: [Information Disclosure]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/docs/_kb/KHV053.md
+++ b/docs/_kb/KHV053.md
@@ -2,7 +2,6 @@
 vid: KHV053
 title: AWS Metadata Exposure
 categories: [Information Disclosure]
-severity: HIGH
 ---

 # {{ page.vid }} - {{ page.title }}
--- a/kube_hunter/main.py
+++ b/kube_hunter/main.py
@@ -1,7 +1,6 @@
 #!/usr/bin/env python3
 # flake8: noqa: E402

-from functools import partial
 import logging
 import threading

@@ -29,8 +28,6 @@ config = Config(
    k8s_auto_discover_nodes=args.k8s_auto_discover_nodes,
    service_account_token=args.service_account_token,
    kubeconfig=args.kubeconfig,
-    enable_cve_hunting=args.enable_cve_hunting,
-    custom=args.custom,
 )
 setup_logger(args.log, args.log_file)
 set_config(config)
@@ -75,20 +72,16 @@ def interactive_set_config():
    return True


-def list_hunters(class_names=False):
+def list_hunters():
    print("\nPassive Hunters:\n----------------")
    for hunter, docs in handler.passive_hunters.items():
        name, doc = hunter.parse_docs(docs)
-        if class_names:
-            name = hunter.__name__
        print(f"* {name}\n  {doc}\n")

    if config.active:
        print("\n\nActive Hunters:\n---------------")
        for hunter, docs in handler.active_hunters.items():
            name, doc = hunter.parse_docs(docs)
-            if class_names:
-                name = hunter.__name__
            print(f"* {name}\n  {doc}\n")


@@ -101,10 +94,7 @@ def main():
    scan_options = [config.pod, config.cidr, config.remote, config.interface, config.k8s_auto_discover_nodes]
    try:
        if args.list:
-            if args.raw_hunter_names:
-                list_hunters(class_names=True)
-            else:
-                list_hunters()
+            list_hunters()
            return

        if not any(scan_options):
--- a/kube_hunter/conf/init.py
+++ b/kube_hunter/conf/init.py
@@ -1,11 +1,7 @@
-from dataclasses import dataclass, field
+from dataclasses import dataclass
 from typing import Any, Optional


-def get_default_core_hunters():
-    return ["FromPodHostDiscovery", "HostDiscovery", "PortDiscovery", "SendFullReport", "Collector", "StartedInfo"]
-
-
@dataclass
 class Config:
    """Config is a configuration container.
@@ -25,7 +21,6 @@ class Config:
    - remote: Hosts to scan
    - report: Output format
    - statistics: Include hunters statistics
-    - enable_cve_hunting: enables cve hunting, shows cve results
    """

    active: bool = False
@@ -44,10 +39,6 @@ class Config:
    k8s_auto_discover_nodes: bool = False
    service_account_token: Optional[str] = None
    kubeconfig: Optional[str] = None
-    enable_cve_hunting: bool = False
-    custom: Optional[list] = None
-    raw_hunter_names: bool = False
-    core_hunters: list = field(default_factory=get_default_core_hunters)


 _config: Optional[Config] = None
--- a/kube_hunter/conf/parser.py
+++ b/kube_hunter/conf/parser.py
@@ -46,22 +46,6 @@ def parser_add_arguments(parser):
        help="One or more remote ip/dns to hunt",
    )

-    parser.add_argument(
-        "-c",
-        "--custom",
-        nargs="+",
-        metavar="HUNTERS",
-        default=list(),
-        help="Custom hunting. Only given hunter names will register in the hunt."
-        "for a list of options run `--list --raw-hunter-names`",
-    )
-
-    parser.add_argument(
-        "--raw-hunter-names",
-        action="store_true",
-        help="Use in combination with `--list` to display hunter class names to pass for custom hunting flag",
-    )
-
    parser.add_argument(
        "--k8s-auto-discover-nodes",
        action="store_true",
@@ -92,12 +76,6 @@ def parser_add_arguments(parser):

    parser.add_argument("--active", action="store_true", help="Enables active hunting")

-    parser.add_argument(
-        "--enable-cve-hunting",
-        action="store_true",
-        help="Show cluster CVEs based on discovered version (Depending on different vendors, may result in False Positives)",
-    )
-
    parser.add_argument(
        "--log",
        type=str,
--- a/kube_hunter/core/events/handler.py
+++ b/kube_hunter/core/events/handler.py
@@ -62,7 +62,7 @@ class EventQueue(Queue):
    ######################################################
    """

-    def subscribe(self, event, hook=None, predicate=None, is_register=True):
+    def subscribe(self, event, hook=None, predicate=None):
        """
        The Subscribe Decorator - For Regular Registration
        Use this to register for one event only. Your hunter will execute each time this event is published
@@ -74,12 +74,12 @@ class EventQueue(Queue):
        """

        def wrapper(hook):
-            self.subscribe_event(event, hook=hook, predicate=predicate, is_register=is_register)
+            self.subscribe_event(event, hook=hook, predicate=predicate)
            return hook

        return wrapper

-    def subscribe_many(self, events, hook=None, predicates=None, is_register=True):
+    def subscribe_many(self, events, hook=None, predicates=None):
        """
        The Subscribe Many Decorator - For Multiple Registration,
        When your attack needs several prerequisites to exist in the cluster, You need to register for multiple events.
@@ -99,12 +99,12 @@ class EventQueue(Queue):
        """

        def wrapper(hook):
-            self.subscribe_events(events, hook=hook, predicates=predicates, is_register=is_register)
+            self.subscribe_events(events, hook=hook, predicates=predicates)
            return hook

        return wrapper

-    def subscribe_once(self, event, hook=None, predicate=None, is_register=True):
+    def subscribe_once(self, event, hook=None, predicate=None):
        """
        The Subscribe Once Decorator - For Single Trigger Registration,
        Use this when you want your hunter to execute only in your entire program run
@@ -125,8 +125,7 @@ class EventQueue(Queue):

            hook.__new__ = __new__unsubscribe_self

-            self.subscribe_event(event, hook=hook, predicate=predicate, is_register=is_register)
-
+            self.subscribe_event(event, hook=hook, predicate=predicate)
            return hook

        return wrapper
@@ -257,33 +256,7 @@ class EventQueue(Queue):
            self.hooks[event].append((hook, predicate))
            logging.debug("{} subscribed to {}".format(hook, event))

-    def allowed_for_custom_registration(self, target_hunter):
-        """
-        Check if the partial input list contains the hunter we are about to register for events
-        If hunter is considered a Core hunter as specified in `config.core_hunters` we allow it anyway
-
-        Returns true if:
-         1. partial hunt is disabled
-         2. partial hunt is enabled and hunter is in core hunter class
-         3. partial hunt is enabled and hunter is specified in config.partial
-
-        @param target_hunter: hunter class for registration check
-        """
-        config = get_config()
-        if not config.custom:
-            return True
-
-        hunter_class_name = target_hunter.__name__
-        if hunter_class_name in config.core_hunters or hunter_class_name in config.custom:
-            return True
-
-        return False
-
-    def subscribe_event(self, event, hook=None, predicate=None, is_register=True):
-        if not is_register:
-            return
-        if not self.allowed_for_custom_registration(hook):
-            return
+    def subscribe_event(self, event, hook=None, predicate=None):
        if not self._register_hunters(hook):
            return

@@ -294,13 +267,9 @@ class EventQueue(Queue):
        else:
            self._register_hook(event, hook, predicate)

-    def subscribe_events(self, events, hook=None, predicates=None, is_register=True):
-        if not is_register:
-            return
-        if not self.allowed_for_custom_registration(hook):
-            return
+    def subscribe_events(self, events, hook=None, predicates=None):
        if not self._register_hunters(hook):
-            return
+            return False

        if predicates is None:
            predicates = [None] * len(events)
--- a/kube_hunter/modules/discovery/hosts.py
+++ b/kube_hunter/modules/discovery/hosts.py
@@ -166,9 +166,7 @@ class FromPodHostDiscovery(Discovery):
                return True
        except requests.exceptions.ConnectionError:
            logger.debug("Failed to connect AWS metadata server v1")
-        except Exception:
-            logger.debug("Unknown error when trying to connect to AWS metadata v1 API")
-        return False
+            return False

    def is_aws_pod_v2(self):
        config = get_config()
@@ -191,9 +189,7 @@ class FromPodHostDiscovery(Discovery):
                return True
        except requests.exceptions.ConnectionError:
            logger.debug("Failed to connect AWS metadata server v2")
-        except Exception:
-            logger.debug("Unknown error when trying to connect to AWS metadata v2 API")
-        return False
+            return False

    def is_azure_pod(self):
        config = get_config()
@@ -210,9 +206,7 @@ class FromPodHostDiscovery(Discovery):
                return True
        except requests.exceptions.ConnectionError:
            logger.debug("Failed to connect Azure metadata server")
-        except Exception:
-            logger.debug("Unknown error when trying to connect to Azure metadata server")
-        return False
+            return False

    # for pod scanning
    def gateway_discovery(self):
--- a/kube_hunter/modules/hunting/cves.py
+++ b/kube_hunter/modules/hunting/cves.py
@@ -3,8 +3,7 @@ from packaging import version

 from kube_hunter.conf import get_config
 from kube_hunter.core.events import handler
-
-from kube_hunter.core.events.types import K8sVersionDisclosure, Vulnerability, Event
+from kube_hunter.core.events.types import Vulnerability, Event, K8sVersionDisclosure
 from kube_hunter.core.types import (
    Hunter,
    KubectlClient,
@@ -16,7 +15,6 @@ from kube_hunter.core.types import (
 from kube_hunter.modules.discovery.kubectl import KubectlClientEvent

 logger = logging.getLogger(__name__)
-config = get_config()


 class ServerApiVersionEndPointAccessPE(Vulnerability, Event):
@@ -201,7 +199,7 @@ class CveUtils:
        return vulnerable


-@handler.subscribe_once(K8sVersionDisclosure, is_register=config.enable_cve_hunting)
+@handler.subscribe_once(K8sVersionDisclosure)
 class K8sClusterCveHunter(Hunter):
    """K8s CVE Hunter
    Checks if Node is running a Kubernetes version vulnerable to
@@ -226,7 +224,6 @@ class K8sClusterCveHunter(Hunter):
                self.publish_event(vulnerability(self.event.version))


-# Removed due to incomplete implementation for multiple vendors revisions of kubernetes
@handler.subscribe(KubectlClientEvent)
 class KubectlCVEHunter(Hunter):
    """Kubectl CVE Hunter
--- a/kube_hunter/modules/report/dispatchers.py
+++ b/kube_hunter/modules/report/dispatchers.py
@@ -12,7 +12,10 @@ class HTTPDispatcher:
        dispatch_url = os.environ.get("KUBEHUNTER_HTTP_DISPATCH_URL", "https://localhost/")
        try:
            r = requests.request(
-                dispatch_method, dispatch_url, json=report, headers={"Content-Type": "application/json"}, verify=False
+                dispatch_method,
+                dispatch_url,
+                json=report,
+                headers={"Content-Type": "application/json"},
            )
            r.raise_for_status()
            logger.info(f"Report was dispatched to: {dispatch_url}")
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -1,3 +1,5 @@
+-r requirements.txt
+
 flake8
 pytest >= 2.9.1
 requests-mock >= 1.8
--- a/tests/core/test_handler.py
+++ b/tests/core/test_handler.py
@@ -1,6 +1,6 @@
 # flake8: noqa: E402

-from kube_hunter.conf import Config, set_config, get_config
+from kube_hunter.conf import Config, set_config

 set_config(Config(active=True))

@@ -23,9 +23,7 @@ from kube_hunter.modules.hunting.apiserver import (
 from kube_hunter.modules.hunting.arp import ArpSpoofHunter
 from kube_hunter.modules.hunting.capabilities import PodCapabilitiesHunter
 from kube_hunter.modules.hunting.certificates import CertificateDiscovery
-
-from kube_hunter.modules.hunting.cves import K8sClusterCveHunter
-from kube_hunter.modules.hunting.cves import KubectlCVEHunter
+from kube_hunter.modules.hunting.cves import K8sClusterCveHunter, KubectlCVEHunter
 from kube_hunter.modules.hunting.dashboard import KubeDashboard
 from kube_hunter.modules.hunting.dns import DnsSpoofHunter
 from kube_hunter.modules.hunting.etcd import EtcdRemoteAccess, EtcdRemoteAccessActive
@@ -42,8 +40,6 @@ from kube_hunter.modules.hunting.mounts import VarLogMountHunter, ProveVarLogMou
 from kube_hunter.modules.hunting.proxy import KubeProxy, ProveProxyExposed, K8sVersionDisclosureProve
 from kube_hunter.modules.hunting.secrets import AccessSecrets

-config = get_config()
-
 PASSIVE_HUNTERS = {
    ApiServiceDiscovery,
    KubeDashboardDiscovery,
@@ -60,6 +56,7 @@ PASSIVE_HUNTERS = {
    ApiVersionHunter,
    PodCapabilitiesHunter,
    CertificateDiscovery,
+    K8sClusterCveHunter,
    KubectlCVEHunter,
    KubeDashboard,
    EtcdRemoteAccess,
@@ -70,9 +67,6 @@ PASSIVE_HUNTERS = {
    AccessSecrets,
 }

-# if config.enable_cve_hunting:
-#     PASSIVE_HUNTERS.append(K8sClusterCveHunter)
-
 ACTIVE_HUNTERS = {
    ProveAzureSpnExposure,
    AccessApiServerActive,
Author	SHA1	Message	Date
Daniel Sagi	c16c997e47	removed cache and changed to only use ubuntu-latest	2021-09-30 16:32:04 +03:00
Daniel Sagi	a22debaa4e	removed unsupported ubuntu16 machines	2021-09-30 16:07:22 +03:00