Merge branch 'master' into added_docs_for_exposed_pods

fixed linting
correlated the new khv to the Exposed pods vulnerability
2026-03-02 01:30:31 +00:00 · 2020-11-17 14:04:25 +02:00 · 2020-11-15 17:28:28 +02:00 · 2020-11-15 15:43:33 +02:00 · 2020-11-15 15:43:11 +02:00
1 changed files with 10 additions and 16 deletions
--- a/kube_hunter/modules/hunting/kubelet.py
+++ b/kube_hunter/modules/hunting/kubelet.py
@@ -375,9 +375,8 @@ class SecureKubeletPortHunter(Hunter):
                container_name="test",
                cmd="",
            )
-            # if we get this message, we know we passed Authentication and Authorization, and that the endpoint is enabled.
-            status_code = self.session.post(run_url, verify=False, timeout=config.network_timeout).status_code
-            return status_code == requests.codes.NOT_FOUND
+            # if we get a Method Not Allowed, we know we passed Authentication and Authorization.
+            return self.session.get(run_url, verify=False, timeout=config.network_timeout).status_code == 405

        # returns list of currently running pods
        def test_running_pods(self):
@@ -1137,16 +1136,11 @@ class ProveSystemLogs(ActiveHunter):
            f"{self.base_url}/" + KubeletHandlers.LOGS.value.format(path="audit/audit.log"),
            verify=False,
            timeout=config.network_timeout,
-        )
-
-        # TODO: add more methods for proving system logs
-        if audit_logs.status_code == requests.status_codes.codes.OK:
-            logger.debug(f"Audit log of host {self.event.host}: {audit_logs.text[:10]}")
-            # iterating over proctitles and converting them into readable strings
-            proctitles = []
-            for proctitle in re.findall(r"proctitle=(\w+)", audit_logs.text):
-                proctitles.append(bytes.fromhex(proctitle).decode("utf-8").replace("\x00", " "))
-            self.event.proctitles = proctitles
-            self.event.evidence = f"audit log: {proctitles}"
-        else:
-            self.event.evidence = "Could not parse system logs"
+        ).text
+        logger.debug(f"Audit log of host {self.event.host}: {audit_logs[:10]}")
+        # iterating over proctitles and converting them into readable strings
+        proctitles = []
+        for proctitle in re.findall(r"proctitle=(\w+)", audit_logs):
+            proctitles.append(bytes.fromhex(proctitle).decode("utf-8").replace("\x00", " "))
+        self.event.proctitles = proctitles
+        self.event.evidence = f"audit log: {proctitles}"
Author	SHA1	Message	Date
danielsagi	716d531f73	Merge branch 'master' into added_docs_for_exposed_pods	2020-11-17 14:04:25 +02:00
Daniel Sagi	1e4366efe6	fixed linting	2020-11-15 17:28:28 +02:00
Daniel Sagi	48cde94e05	correlated the new khv to the Exposed pods vulnerability	2020-11-15 15:43:33 +02:00
Daniel Sagi	f430a435d8	added doc _kb for exposed pods	2020-11-15 15:43:11 +02:00