Merge branch 'fix_passive_hunting_run_handler' of https://github.com/aquasecurity/kube-hunter into fix_passive_hunting_run_handler

changed method of testing to be using 404 with real post method
Merge branch 'master' into fix_passive_hunting_run_handler
2026-02-28 16:50:25 +00:00 · 2020-11-18 21:02:31 +02:00 · 2020-11-18 21:00:53 +02:00 · 2020-11-18 11:35:38 +02:00 · 2020-11-17 19:33:03 +02:00 · 2020-11-15 19:43:49 +02:00
1 changed files with 3 additions and 2 deletions
--- a/kube_hunter/modules/hunting/kubelet.py
+++ b/kube_hunter/modules/hunting/kubelet.py
@@ -375,8 +375,9 @@ class SecureKubeletPortHunter(Hunter):
                container_name="test",
                cmd="",
            )
-            # if we get a Method Not Allowed, we know we passed Authentication and Authorization.
-            return self.session.get(run_url, verify=False, timeout=config.network_timeout).status_code == 405
+            # if we get this message, we know we passed Authentication and Authorization, and that the endpoint is enabled.
+            status_code = self.session.post(run_url, verify=False, timeout=config.network_timeout).status_code
+            return status_code == requests.codes.NOT_FOUND

        # returns list of currently running pods
        def test_running_pods(self):
Author	SHA1	Message	Date
Daniel Sagi	e4037f5325	Merge branch 'fix_passive_hunting_run_handler' of https://github.com/aquasecurity/kube-hunter into fix_passive_hunting_run_handler	2020-11-18 21:02:31 +02:00
Daniel Sagi	d9e651efa5	changed method of testing to be using 404 with real post method	2020-11-18 21:00:53 +02:00
danielsagi	9414e2e6bc	Merge branch 'master' into fix_passive_hunting_run_handler	2020-11-18 11:35:38 +02:00
danielsagi	ed09849ced	Merge branch 'master' into fix_passive_hunting_run_handler	2020-11-17 19:33:03 +02:00
Daniel Sagi	ef3a51cacc	fixed wrong check on test run handler	2020-11-15 19:43:49 +02:00