Merge branch 'fix_passive_hunting_run_handler' of https://github.com/aquasecurity/kube-hunter into fix_passive_hunting_run_handler

changed method of testing to be using 404 with real post method
Merge branch 'master' into fix_passive_hunting_run_handler
2026-02-28 16:50:25 +00:00 · 2020-11-18 21:02:31 +02:00 · 2020-11-18 21:00:53 +02:00 · 2020-11-18 11:35:38 +02:00 · 2020-11-18 11:35:13 +02:00 · 2020-11-17 19:33:03 +02:00
1 changed files with 16 additions and 10 deletions
--- a/kube_hunter/modules/hunting/kubelet.py
+++ b/kube_hunter/modules/hunting/kubelet.py
@@ -375,8 +375,9 @@ class SecureKubeletPortHunter(Hunter):
                container_name="test",
                cmd="",
            )
-            # if we get a Method Not Allowed, we know we passed Authentication and Authorization.
-            return self.session.get(run_url, verify=False, timeout=config.network_timeout).status_code == 405
+            # if we get this message, we know we passed Authentication and Authorization, and that the endpoint is enabled.
+            status_code = self.session.post(run_url, verify=False, timeout=config.network_timeout).status_code
+            return status_code == requests.codes.NOT_FOUND

        # returns list of currently running pods
        def test_running_pods(self):
@@ -1136,11 +1137,16 @@ class ProveSystemLogs(ActiveHunter):
            f"{self.base_url}/" + KubeletHandlers.LOGS.value.format(path="audit/audit.log"),
            verify=False,
            timeout=config.network_timeout,
-        ).text
-        logger.debug(f"Audit log of host {self.event.host}: {audit_logs[:10]}")
-        # iterating over proctitles and converting them into readable strings
-        proctitles = []
-        for proctitle in re.findall(r"proctitle=(\w+)", audit_logs):
-            proctitles.append(bytes.fromhex(proctitle).decode("utf-8").replace("\x00", " "))
-        self.event.proctitles = proctitles
-        self.event.evidence = f"audit log: {proctitles}"
+        )
+
+        # TODO: add more methods for proving system logs
+        if audit_logs.status_code == requests.status_codes.codes.OK:
+            logger.debug(f"Audit log of host {self.event.host}: {audit_logs.text[:10]}")
+            # iterating over proctitles and converting them into readable strings
+            proctitles = []
+            for proctitle in re.findall(r"proctitle=(\w+)", audit_logs.text):
+                proctitles.append(bytes.fromhex(proctitle).decode("utf-8").replace("\x00", " "))
+            self.event.proctitles = proctitles
+            self.event.evidence = f"audit log: {proctitles}"
+        else:
+            self.event.evidence = "Could not parse system logs"
Author	SHA1	Message	Date
Daniel Sagi	e4037f5325	Merge branch 'fix_passive_hunting_run_handler' of https://github.com/aquasecurity/kube-hunter into fix_passive_hunting_run_handler	2020-11-18 21:02:31 +02:00
Daniel Sagi	d9e651efa5	changed method of testing to be using 404 with real post method	2020-11-18 21:00:53 +02:00
danielsagi	9414e2e6bc	Merge branch 'master' into fix_passive_hunting_run_handler	2020-11-18 11:35:38 +02:00
danielsagi	5a578fd8ab	More intuitive message when ProveSystemLogs fails (#409 ) * fixed wrong message for when proving audit logs * fixed linting	2020-11-18 11:35:13 +02:00
danielsagi	ed09849ced	Merge branch 'master' into fix_passive_hunting_run_handler	2020-11-17 19:33:03 +02:00
danielsagi	bf7023d01c	Added docs for exposed pods (#407 ) * added doc _kb for exposed pods * correlated the new khv to the Exposed pods vulnerability * fixed linting	2020-11-17 15:22:06 +02:00
Daniel Sagi	ef3a51cacc	fixed wrong check on test run handler	2020-11-15 19:43:49 +02:00