Update the build status badge to point to Github Actions

* removed old dependency for cap_net_raw, by stop usage of tracerouting when running as a pod

* removed unused imports

.github/workflows/greetings.yml

@@ -1,14 +0,0 @@
-name: Greetings
-
-on: [pull_request, issues]
-
-jobs:
-  greeting:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/first-interaction@v1
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        issue-message: "Hola! @${{ github.actor }} 🥳 , You've just created an Issue!🌟 Thanks for making the Project Better"
-        pr-message: 'Submitted a PR already ?? @${{ github.actor }} . Sit tight until one of our amazing maintainers review it. Make sure you read the contributing guide'
- 

.github/workflows/lint.yml

@@ -0,0 +1,12 @@
+name: Lint
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+      - uses: pre-commit/action@v2.0.0

.github/workflows/test.yml

@@ -0,0 +1,54 @@
+name: Test
+
+on: [push, pull_request]
+
+env:
+  FORCE_COLOR: 1
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.6", "3.7", "3.8", "3.9"]
+        os: [ubuntu-20.04, ubuntu-18.04, ubuntu-16.04]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Get pip cache dir
+        id: pip-cache
+        run: |
+          echo "::set-output name=dir::$(pip cache dir)"
+
+      - name: Cache
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.pip-cache.outputs.dir }}
+          key:
+            ${{ matrix.os }}-${{ matrix.python-version }}-${{ hashFiles('requirements-dev.txt') }}
+          restore-keys: |
+            ${{ matrix.os }}-${{ matrix.python-version }}-
+
+      - name: Install dependencies
+        run: |
+          python -m pip install -U pip
+          python -m pip install -U wheel
+          python -m pip install -r requirements.txt
+          python -m pip install -r requirements-dev.txt
+
+      - name: Test
+        shell: bash
+        run: |
+          make test
+
+      - name: Upload coverage
+        uses: codecov/codecov-action@v1
+        with:
+          name: ${{ matrix.os }} Python ${{ matrix.python-version }}

.travis.yml

@@ -1,21 +0,0 @@
-group: travis_latest
-language: python
-cache: pip
-python:
-    - "3.6"
-    - "3.7"
-    - "3.8"
-    - "3.9"
-install:
-  - pip install -r requirements.txt
-  - pip install -r requirements-dev.txt
-before_script:
-  - make lint-check
-script:
-  - make test
-after_success:
-  -  bash <(curl -s https://codecov.io/bash)
-notifications:
-  email:
-    on_success: change
-    on_failure: always

README.md

@@ -1,6 +1,6 @@
 ![kube-hunter](https://github.com/aquasecurity/kube-hunter/blob/master/kube-hunter.png)
 
-[![Build Status](https://travis-ci.org/aquasecurity/kube-hunter.svg?branch=master)](https://travis-ci.org/aquasecurity/kube-hunter)
+[![Build Status](https://github.com/aquasecurity/kube-hunter/workflows/Test/badge.svg)](https://github.com/aquasecurity/kube-hunter/actions)
 [![codecov](https://codecov.io/gh/aquasecurity/kube-hunter/branch/master/graph/badge.svg)](https://codecov.io/gh/aquasecurity/kube-hunter)
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
 [![License](https://img.shields.io/github/license/aquasecurity/kube-hunter)](https://github.com/aquasecurity/kube-hunter/blob/master/LICENSE)

kube_hunter/modules/discovery/hosts.py

@@ -5,8 +5,7 @@ import requests
 
 from enum import Enum
 from netaddr import IPNetwork, IPAddress, AddrFormatError
-from netifaces import AF_INET, ifaddresses, interfaces
-from scapy.all import ICMP, IP, Ether, srp1
+from netifaces import AF_INET, ifaddresses, interfaces, gateways
 
 from kube_hunter.conf import get_config
 from kube_hunter.core.events import handler
@@ -109,7 +108,7 @@ class FromPodHostDiscovery(Discovery):
             if self.is_azure_pod():
                 subnets, cloud = self.azure_metadata_discovery()
             else:
-                subnets = self.traceroute_discovery()
+                subnets = self.gateway_discovery()
 
             should_scan_apiserver = False
             if self.event.kubeservicehost:
@@ -141,14 +140,9 @@ class FromPodHostDiscovery(Discovery):
             return False
 
     # for pod scanning
-    def traceroute_discovery(self):
-        config = get_config()
-        node_internal_ip = srp1(
-            Ether() / IP(dst="1.1.1.1", ttl=1) / ICMP(),
-            verbose=0,
-            timeout=config.network_timeout,
-        )[IP].src
-        return [[node_internal_ip, "24"]]
+    def gateway_discovery(self):
+        """ Retrieving default gateway of pod, which is usually also a contact point with the host """
+        return [[gateways()["default"][AF_INET][0], "24"]]
 
     # querying azure's interface metadata api | works only from a pod
     def azure_metadata_discovery(self):

kube_hunter/modules/hunting/apiserver.py

@@ -56,16 +56,19 @@ class ServerApiHTTPAccess(Vulnerability, Event):
 
 
 class ApiInfoDisclosure(Vulnerability, Event):
+    """Information Disclosure depending upon RBAC permissions and Kube-Cluster Setup"""
+
     def __init__(self, evidence, using_token, name):
+        category = InformationDisclosure
         if using_token:
-            name += " using service account token"
+            name += " using default service account token"
         else:
             name += " as anonymous user"
         Vulnerability.__init__(
             self,
             KubernetesCluster,
             name=name,
-            category=InformationDisclosure,
+            category=category,
             vid="KHV007",
         )
         self.evidence = evidence

kube_hunter/modules/hunting/certificates.py

@@ -8,11 +8,13 @@ from kube_hunter.core.events import handler
 from kube_hunter.core.events.types import Vulnerability, Event, Service
 
 logger = logging.getLogger(__name__)
-email_pattern = re.compile(rb"([a-z0-9]+@[a-z0-9]+\.[a-z0-9]+)")
+email_pattern = re.compile(rb"([a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+)")
 
 
 class CertificateEmail(Vulnerability, Event):
-    """Certificate includes an email address"""
+    """The Kubernetes API Server advertises a public certificate for TLS.
+    This certificate includes an email address, that may provide additional information for an attacker on your
+    organization, or be abused for further email based attacks."""
 
     def __init__(self, email):
         Vulnerability.__init__(