Added Advanced Usage section to the readme, documenting azure quick scanning

Update KHV003.md (#439 )
deps: Update github pages dependencies (#431 )
2026-02-22 22:04:13 +00:00 · 2021-04-08 17:20:12 +03:00 · 2021-03-16 17:17:55 +02:00 · 2021-01-17 16:03:04 +02:00 · 2021-01-07 19:46:00 +02:00 · 2020-12-26 21:31:53 +02:00
39 changed files with 596 additions and 347 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -7,7 +7,7 @@
 Please include a summary of the change and which issue is fixed. Also include relevant motivation and context. List any dependencies that are required for this change.

 ## Contribution Guidelines
-Please Read through the [Contribution Guidelines](https://github.com/aquasecurity/kube-hunter/blob/master/CONTRIBUTING.md).
+Please Read through the [Contribution Guidelines](https://github.com/aquasecurity/kube-hunter/blob/main/CONTRIBUTING.md).

 ## Fixed Issues

--- a/.github/workflows/greetings.yml
+++ b/.github/workflows/greetings.yml
@@ -1,14 +0,0 @@
-name: Greetings
-
-on: [pull_request, issues]
-
-jobs:
-  greeting:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/first-interaction@v1
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        issue-message: "Hola! @${{ github.actor }} 🥳 , You've just created an Issue!🌟 Thanks for making the Project Better"
-        pr-message: 'Submitted a PR already ?? @${{ github.actor }} . Sit tight until one of our amazing maintainers review it. Make sure you read the contributing guide'
- 
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,14 @@
+---
+name: Lint
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+      - uses: pre-commit/action@v2.0.0
+      - uses: ibiqlik/action-yamllint@v3
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,65 @@
+---
+name: Publish
+on:
+  push:
+    tags:
+      - "v*"
+env:
+  ALIAS: aquasecurity
+  REP: kube-hunter
+jobs:
+  publish:
+    name: Publish
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Check Out Repo
+        uses: actions/checkout@v2
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildxarch-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildxarch-
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to ECR
+        uses: docker/login-action@v1
+        with:
+          registry: public.ecr.aws
+          username: ${{ secrets.ECR_ACCESS_KEY_ID }}
+          password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
+      - name: Get version
+        id: get_version
+        uses: crazy-max/ghaction-docker-meta@v1
+        with:
+          images: ${{ env.REP }}
+          tag-semver: |
+            {{version}}
+
+      - name: Build and push - Docker/ECR
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          platforms: linux/amd64
+          builder: ${{ steps.buildx.outputs.name }}
+          push: true
+          tags: |
+            ${{ secrets.DOCKERHUB_USER }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}
+            public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}
+            ${{ secrets.DOCKERHUB_USER }}/${{ env.REP }}:latest
+            public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:latest
+          cache-from: type=local,src=/tmp/.buildx-cache/release
+          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -0,0 +1,53 @@
+---
+on:
+  push:
+    # Sequence of patterns matched against refs/tags
+    tags:
+      - 'v*'  # Push events to matching v*, i.e. v1.0, v20.15.10
+
+name: Release
+
+jobs:
+  build:
+    name: Upload Release Asset
+    runs-on: ubuntu-16.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.9'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install -U pip
+          python -m pip install -r requirements-dev.txt
+
+      - name: Build project
+        shell: bash
+        run: |
+          make pyinstaller
+
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: ${{ github.ref }}
+          draft: false
+          prerelease: false
+
+      - name: Upload Release Asset
+        id: upload-release-asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./dist/kube-hunter
+          asset_name: kube-hunter-linux-x86_64-${{ github.ref }}
+          asset_content_type: application/octet-stream
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -0,0 +1,55 @@
+---
+name: Test
+
+on: [push, pull_request]
+
+env:
+  FORCE_COLOR: 1
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.6", "3.7", "3.8", "3.9"]
+        os: [ubuntu-20.04, ubuntu-18.04, ubuntu-16.04]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Get pip cache dir
+        id: pip-cache
+        run: |
+          echo "::set-output name=dir::$(pip cache dir)"
+
+      - name: Cache
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.pip-cache.outputs.dir }}
+          key:
+            ${{ matrix.os }}-${{ matrix.python-version }}-${{ hashFiles('requirements-dev.txt') }}
+          restore-keys: |
+            ${{ matrix.os }}-${{ matrix.python-version }}-
+
+      - name: Install dependencies
+        run: |
+          python -m pip install -U pip
+          python -m pip install -U wheel
+          python -m pip install -r requirements.txt
+          python -m pip install -r requirements-dev.txt
+
+      - name: Test
+        shell: bash
+        run: |
+          make test
+
+      - name: Upload coverage
+        uses: codecov/codecov-action@v1
+        with:
+          name: ${{ matrix.os }} Python ${{ matrix.python-version }}
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,10 +1,11 @@
+---
 repos:
- repo: https://github.com/psf/black
-  rev: stable
-  hooks:
-  - id: black
- repo: https://gitlab.com/pycqa/flake8
-  rev: 3.7.9
-  hooks:
-    - id: flake8
-      additional_dependencies: [flake8-bugbear]
+  - repo: https://github.com/psf/black
+    rev: stable
+    hooks:
+      - id: black
+  - repo: https://gitlab.com/pycqa/flake8
+    rev: 3.7.9
+    hooks:
+      - id: flake8
+        additional_dependencies: [flake8-bugbear]
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,21 +0,0 @@
-group: travis_latest
-language: python
-cache: pip
-python:
-    - "3.6"
-    - "3.7"
-    - "3.8"
-    - "3.9"
-install:
-  - pip install -r requirements.txt
-  - pip install -r requirements-dev.txt
-before_script:
-  - make lint-check
-script:
-  - make test
-after_success:
-  -  bash <(curl -s https://codecov.io/bash)
-notifications:
-  email:
-    on_success: change
-    on_failure: always
--- a/.yamllint
+++ b/.yamllint
@@ -0,0 +1,6 @@
+---
+extends: default
+
+rules:
+  line-length: disable
+  truthy: disable
--- a/README.md
+++ b/README.md
@@ -1,12 +1,18 @@
-![kube-hunter](https://github.com/aquasecurity/kube-hunter/blob/master/kube-hunter.png)
+![kube-hunter](https://github.com/aquasecurity/kube-hunter/blob/main/kube-hunter.png)

-[![Build Status](https://travis-ci.org/aquasecurity/kube-hunter.svg?branch=master)](https://travis-ci.org/aquasecurity/kube-hunter)
-[![codecov](https://codecov.io/gh/aquasecurity/kube-hunter/branch/master/graph/badge.svg)](https://codecov.io/gh/aquasecurity/kube-hunter)
+[![GitHub Release][release-img]][release]
+![Downloads][download]
+![Docker Pulls][docker-pull]
+[![Build Status](https://github.com/aquasecurity/kube-hunter/workflows/Test/badge.svg)](https://github.com/aquasecurity/kube-hunter/actions)
+[![codecov](https://codecov.io/gh/aquasecurity/kube-hunter/branch/main/graph/badge.svg)](https://codecov.io/gh/aquasecurity/kube-hunter)
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
-[![License](https://img.shields.io/github/license/aquasecurity/kube-hunter)](https://github.com/aquasecurity/kube-hunter/blob/master/LICENSE)
+[![License](https://img.shields.io/github/license/aquasecurity/kube-hunter)](https://github.com/aquasecurity/kube-hunter/blob/main/LICENSE)
 [![Docker image](https://images.microbadger.com/badges/image/aquasec/kube-hunter.svg)](https://microbadger.com/images/aquasec/kube-hunter "Get your own image badge on microbadger.com")

-
+[download]: https://img.shields.io/github/downloads/aquasecurity/kube-hunter/total?logo=github
+[release-img]: https://img.shields.io/github/release/aquasecurity/kube-hunter.svg?logo=github
+[release]: https://github.com/aquasecurity/kube-hunter/releases
+[docker-pull]: https://img.shields.io/docker/pulls/aquasec/kube-hunter?logo=docker&label=docker%20pulls%20%2F%20kube-hunter

 kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. **You should NOT run kube-hunter on a Kubernetes cluster that you don't own!**

@@ -14,9 +20,9 @@ kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was d

 **Explore vulnerabilities**: The kube-hunter knowledge base includes articles about discoverable vulnerabilities and issues. When kube-hunter reports an issue, it will show its VID (Vulnerability ID) so you can look it up in the KB at https://aquasecurity.github.io/kube-hunter/

-**Contribute**: We welcome contributions, especially new hunter modules that perform additional tests. If you would like to develop your modules please read [Guidelines For Developing Your First kube-hunter Module](https://github.com/aquasecurity/kube-hunter/blob/master/CONTRIBUTING.md).
+**Contribute**: We welcome contributions, especially new hunter modules that perform additional tests. If you would like to develop your modules please read [Guidelines For Developing Your First kube-hunter Module](https://github.com/aquasecurity/kube-hunter/blob/main/CONTRIBUTING.md).

-[![kube-hunter demo video](https://github.com/aquasecurity/kube-hunter/blob/master/kube-hunter-screenshot.png)](https://youtu.be/s2-6rTkH8a8?t=57s)
+[![kube-hunter demo video](https://github.com/aquasecurity/kube-hunter/blob/main/kube-hunter-screenshot.png)](https://youtu.be/s2-6rTkH8a8?t=57s)

 Table of Contents
 =================
@@ -29,6 +35,7 @@ Table of Contents
   * [Nodes Mapping](#nodes-mapping)
   * [Output](#output)
   * [Dispatching](#dispatching)
+   * [Advanced Usage](#advanced-usage)
 * [Deployment](#deployment)
   * [On Machine](#on-machine)
      * [Prerequisites](#prerequisites)
@@ -108,6 +115,11 @@ Available dispatch methods are:
    * KUBEHUNTER_HTTP_DISPATCH_URL (defaults to: https://localhost)
    * KUBEHUNTER_HTTP_DISPATCH_METHOD (defaults to: POST)

+### Advanced Usage 
+#### Azure Quick Scanning 
+When running **as a Pod in an Azure environment**, kube-hunter will fetch subnets from the Instance Metadata Service. Naturally this makes the discovery process take longer.
+To hardlimit subnet scanning to a `/24` CIDR, use the `--quick` option. 
+
 ## Deployment
 There are three methods for deploying kube-hunter:

@@ -176,7 +188,7 @@ The example `job.yaml` file defines a Job that will run kube-hunter in a pod, us
 * View the test results with `kubectl logs <pod name>`

 ## Contribution 
-To read the contribution guidelines, <a href="https://github.com/aquasecurity/kube-hunter/blob/master/CONTRIBUTING.md"> Click here </a>
+To read the contribution guidelines, <a href="https://github.com/aquasecurity/kube-hunter/blob/main/CONTRIBUTING.md"> Click here </a>

 ## License
-This repository is available under the [Apache License 2.0](https://github.com/aquasecurity/kube-hunter/blob/master/LICENSE).
+This repository is available under the [Apache License 2.0](https://github.com/aquasecurity/kube-hunter/blob/main/LICENSE).
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+| Version   | Supported          |
+| --------- | ------------------ |
+| 0.4.x | :white_check_mark: |
+| 0.3.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+We encourage you to find vulnerabilities in kube-hunter.
+The process is simple, just report a Bug issue. and we will take a look at this.
+If you prefer to disclose privately, you can write to one of the security maintainers at:
+
+| Name        | Email              |
+| ----------- | ------------------ |
+| Daniel Sagi | daniel.sagi@aquasec.com |
--- a/docs/Gemfile.lock
+++ b/docs/Gemfile.lock
@@ -1,11 +1,12 @@
 GEM
  remote: https://rubygems.org/
  specs:
-    activesupport (4.2.11.1)
-      i18n (~> 0.7)
+    activesupport (6.0.3.4)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
      minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
      tzinfo (~> 1.1)
+      zeitwerk (~> 2.2, >= 2.2.2)
    addressable (2.7.0)
      public_suffix (>= 2.0.2, < 5.0)
    coffee-script (2.4.1)
@@ -15,65 +16,67 @@ GEM
    colorator (1.1.0)
    commonmarker (0.17.13)
      ruby-enum (~> 0.5)
-    concurrent-ruby (1.1.5)
-    dnsruby (1.61.3)
-      addressable (~> 2.5)
-    em-websocket (0.5.1)
+    concurrent-ruby (1.1.7)
+    dnsruby (1.61.5)
+      simpleidn (~> 0.1)
+    em-websocket (0.5.2)
      eventmachine (>= 0.12.9)
      http_parser.rb (~> 0.6.0)
    ethon (0.12.0)
      ffi (>= 1.3.0)
    eventmachine (1.2.7)
    execjs (2.7.0)
-    faraday (0.17.0)
+    faraday (1.3.0)
+      faraday-net_http (~> 1.0)
      multipart-post (>= 1.2, < 3)
-    ffi (1.11.1)
+      ruby2_keywords
+    faraday-net_http (1.0.1)
+    ffi (1.14.2)
    forwardable-extended (2.6.0)
    gemoji (3.0.1)
-    github-pages (201)
-      activesupport (= 4.2.11.1)
+    github-pages (209)
      github-pages-health-check (= 1.16.1)
-      jekyll (= 3.8.5)
-      jekyll-avatar (= 0.6.0)
+      jekyll (= 3.9.0)
+      jekyll-avatar (= 0.7.0)
      jekyll-coffeescript (= 1.1.1)
      jekyll-commonmark-ghpages (= 0.1.6)
      jekyll-default-layout (= 0.1.4)
-      jekyll-feed (= 0.11.0)
+      jekyll-feed (= 0.15.1)
      jekyll-gist (= 1.5.0)
-      jekyll-github-metadata (= 2.12.1)
-      jekyll-mentions (= 1.4.1)
-      jekyll-optional-front-matter (= 0.3.0)
+      jekyll-github-metadata (= 2.13.0)
+      jekyll-mentions (= 1.6.0)
+      jekyll-optional-front-matter (= 0.3.2)
      jekyll-paginate (= 1.1.0)
-      jekyll-readme-index (= 0.2.0)
-      jekyll-redirect-from (= 0.14.0)
-      jekyll-relative-links (= 0.6.0)
-      jekyll-remote-theme (= 0.4.0)
+      jekyll-readme-index (= 0.3.0)
+      jekyll-redirect-from (= 0.16.0)
+      jekyll-relative-links (= 0.6.1)
+      jekyll-remote-theme (= 0.4.2)
      jekyll-sass-converter (= 1.5.2)
-      jekyll-seo-tag (= 2.5.0)
-      jekyll-sitemap (= 1.2.0)
-      jekyll-swiss (= 0.4.0)
+      jekyll-seo-tag (= 2.6.1)
+      jekyll-sitemap (= 1.4.0)
+      jekyll-swiss (= 1.0.0)
      jekyll-theme-architect (= 0.1.1)
      jekyll-theme-cayman (= 0.1.1)
      jekyll-theme-dinky (= 0.1.1)
-      jekyll-theme-hacker (= 0.1.1)
+      jekyll-theme-hacker (= 0.1.2)
      jekyll-theme-leap-day (= 0.1.1)
      jekyll-theme-merlot (= 0.1.1)
      jekyll-theme-midnight (= 0.1.1)
      jekyll-theme-minimal (= 0.1.1)
      jekyll-theme-modernist (= 0.1.1)
-      jekyll-theme-primer (= 0.5.3)
+      jekyll-theme-primer (= 0.5.4)
      jekyll-theme-slate (= 0.1.1)
      jekyll-theme-tactile (= 0.1.1)
      jekyll-theme-time-machine (= 0.1.1)
-      jekyll-titles-from-headings (= 0.5.1)
-      jemoji (= 0.10.2)
-      kramdown (= 1.17.0)
-      liquid (= 4.0.0)
-      listen (= 3.1.5)
+      jekyll-titles-from-headings (= 0.5.3)
+      jemoji (= 0.12.0)
+      kramdown (= 2.3.0)
+      kramdown-parser-gfm (= 1.1.0)
+      liquid (= 4.0.3)
      mercenary (~> 0.3)
-      minima (= 2.5.0)
+      minima (= 2.5.1)
      nokogiri (>= 1.10.4, < 2.0)
-      rouge (= 3.11.0)
+      rouge (= 3.23.0)
      terminal-table (~> 1.4)
    github-pages-health-check (1.16.1)
      addressable (~> 2.3)
@@ -81,27 +84,27 @@ GEM
      octokit (~> 4.0)
      public_suffix (~> 3.0)
      typhoeus (~> 1.3)
-    html-pipeline (2.12.0)
+    html-pipeline (2.14.0)
      activesupport (>= 2)
      nokogiri (>= 1.4)
    http_parser.rb (0.6.0)
    i18n (0.9.5)
      concurrent-ruby (~> 1.0)
-    jekyll (3.8.5)
+    jekyll (3.9.0)
      addressable (~> 2.4)
      colorator (~> 1.0)
      em-websocket (~> 0.5)
      i18n (~> 0.7)
      jekyll-sass-converter (~> 1.0)
      jekyll-watch (~> 2.0)
-      kramdown (~> 1.14)
+      kramdown (>= 1.17, < 3)
      liquid (~> 4.0)
      mercenary (~> 0.3.3)
      pathutil (~> 0.9)
      rouge (>= 1.7, < 4)
      safe_yaml (~> 1.0)
-    jekyll-avatar (0.6.0)
-      jekyll (~> 3.0)
+    jekyll-avatar (0.7.0)
+      jekyll (>= 3.0, < 5.0)
    jekyll-coffeescript (1.1.1)
      coffee-script (~> 2.2)
      coffee-script-source (~> 1.11.1)
@@ -114,36 +117,37 @@ GEM
      rouge (>= 2.0, < 4.0)
    jekyll-default-layout (0.1.4)
      jekyll (~> 3.0)
-    jekyll-feed (0.11.0)
-      jekyll (~> 3.3)
+    jekyll-feed (0.15.1)
+      jekyll (>= 3.7, < 5.0)
    jekyll-gist (1.5.0)
      octokit (~> 4.2)
-    jekyll-github-metadata (2.12.1)
-      jekyll (~> 3.4)
+    jekyll-github-metadata (2.13.0)
+      jekyll (>= 3.4, < 5.0)
      octokit (~> 4.0, != 4.4.0)
-    jekyll-mentions (1.4.1)
+    jekyll-mentions (1.6.0)
      html-pipeline (~> 2.3)
-      jekyll (~> 3.0)
-    jekyll-optional-front-matter (0.3.0)
-      jekyll (~> 3.0)
+      jekyll (>= 3.7, < 5.0)
+    jekyll-optional-front-matter (0.3.2)
+      jekyll (>= 3.0, < 5.0)
    jekyll-paginate (1.1.0)
-    jekyll-readme-index (0.2.0)
-      jekyll (~> 3.0)
-    jekyll-redirect-from (0.14.0)
-      jekyll (~> 3.3)
-    jekyll-relative-links (0.6.0)
-      jekyll (~> 3.3)
-    jekyll-remote-theme (0.4.0)
+    jekyll-readme-index (0.3.0)
+      jekyll (>= 3.0, < 5.0)
+    jekyll-redirect-from (0.16.0)
+      jekyll (>= 3.3, < 5.0)
+    jekyll-relative-links (0.6.1)
+      jekyll (>= 3.3, < 5.0)
+    jekyll-remote-theme (0.4.2)
      addressable (~> 2.0)
-      jekyll (~> 3.5)
-      rubyzip (>= 1.2.1, < 3.0)
+      jekyll (>= 3.5, < 5.0)
+      jekyll-sass-converter (>= 1.0, <= 3.0.0, != 2.0.0)
+      rubyzip (>= 1.3.0, < 3.0)
    jekyll-sass-converter (1.5.2)
      sass (~> 3.4)
-    jekyll-seo-tag (2.5.0)
-      jekyll (~> 3.3)
-    jekyll-sitemap (1.2.0)
-      jekyll (~> 3.3)
-    jekyll-swiss (0.4.0)
+    jekyll-seo-tag (2.6.1)
+      jekyll (>= 3.3, < 5.0)
+    jekyll-sitemap (1.4.0)
+      jekyll (>= 3.7, < 5.0)
+    jekyll-swiss (1.0.0)
    jekyll-theme-architect (0.1.1)
      jekyll (~> 3.5)
      jekyll-seo-tag (~> 2.0)
@@ -153,8 +157,8 @@ GEM
    jekyll-theme-dinky (0.1.1)
      jekyll (~> 3.5)
      jekyll-seo-tag (~> 2.0)
-    jekyll-theme-hacker (0.1.1)
-      jekyll (~> 3.5)
+    jekyll-theme-hacker (0.1.2)
+      jekyll (> 3.5, < 5.0)
      jekyll-seo-tag (~> 2.0)
    jekyll-theme-leap-day (0.1.1)
      jekyll (~> 3.5)
@@ -171,8 +175,8 @@ GEM
    jekyll-theme-modernist (0.1.1)
      jekyll (~> 3.5)
      jekyll-seo-tag (~> 2.0)
-    jekyll-theme-primer (0.5.3)
-      jekyll (~> 3.5)
+    jekyll-theme-primer (0.5.4)
+      jekyll (> 3.5, < 5.0)
      jekyll-github-metadata (~> 2.9)
      jekyll-seo-tag (~> 2.0)
    jekyll-theme-slate (0.1.1)
@@ -184,43 +188,49 @@ GEM
    jekyll-theme-time-machine (0.1.1)
      jekyll (~> 3.5)
      jekyll-seo-tag (~> 2.0)
-    jekyll-titles-from-headings (0.5.1)
-      jekyll (~> 3.3)
+    jekyll-titles-from-headings (0.5.3)
+      jekyll (>= 3.3, < 5.0)
    jekyll-watch (2.2.1)
      listen (~> 3.0)
-    jemoji (0.10.2)
+    jemoji (0.12.0)
      gemoji (~> 3.0)
      html-pipeline (~> 2.2)
-      jekyll (~> 3.0)
-    kramdown (1.17.0)
-    liquid (4.0.0)
-    listen (3.1.5)
-      rb-fsevent (~> 0.9, >= 0.9.4)
-      rb-inotify (~> 0.9, >= 0.9.7)
-      ruby_dep (~> 1.2)
+      jekyll (>= 3.0, < 5.0)
+    kramdown (2.3.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    liquid (4.0.3)
+    listen (3.4.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
    mercenary (0.3.6)
-    mini_portile2 (2.4.0)
-    minima (2.5.0)
-      jekyll (~> 3.5)
+    mini_portile2 (2.5.0)
+    minima (2.5.1)
+      jekyll (>= 3.5, < 5.0)
      jekyll-feed (~> 0.9)
      jekyll-seo-tag (~> 2.1)
-    minitest (5.12.2)
+    minitest (5.14.3)
    multipart-post (2.1.1)
-    nokogiri (1.10.8)
-      mini_portile2 (~> 2.4.0)
-    octokit (4.14.0)
+    nokogiri (1.11.1)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
+    octokit (4.20.0)
+      faraday (>= 0.9)
      sawyer (~> 0.8.0, >= 0.5.3)
    pathutil (0.16.2)
      forwardable-extended (~> 2.6)
    public_suffix (3.1.1)
-    rb-fsevent (0.10.3)
-    rb-inotify (0.10.0)
+    racc (1.5.2)
+    rb-fsevent (0.10.4)
+    rb-inotify (0.10.1)
      ffi (~> 1.0)
-    rouge (3.11.0)
-    ruby-enum (0.7.2)
+    rexml (3.2.4)
+    rouge (3.23.0)
+    ruby-enum (0.8.0)
      i18n
-    ruby_dep (1.5.0)
-    rubyzip (2.0.0)
+    ruby2_keywords (0.0.2)
+    rubyzip (2.3.0)
    safe_yaml (1.0.5)
    sass (3.7.4)
      sass-listen (~> 4.0.0)
@@ -230,14 +240,20 @@ GEM
    sawyer (0.8.2)
      addressable (>= 2.3.5)
      faraday (> 0.8, < 2.0)
+    simpleidn (0.1.1)
+      unf (~> 0.1.4)
    terminal-table (1.8.0)
      unicode-display_width (~> 1.1, >= 1.1.1)
    thread_safe (0.3.6)
-    typhoeus (1.3.1)
+    typhoeus (1.4.0)
      ethon (>= 0.9.0)
-    tzinfo (1.2.5)
+    tzinfo (1.2.9)
      thread_safe (~> 0.1)
-    unicode-display_width (1.6.0)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.7)
+    unicode-display_width (1.7.0)
+    zeitwerk (2.4.2)

 PLATFORMS
  ruby
@@ -247,4 +263,4 @@ DEPENDENCIES
  jekyll-sitemap

 BUNDLED WITH
-   1.17.2
+   2.2.5
--- a/docs/_config.yml
+++ b/docs/_config.yml
@@ -1,6 +1,7 @@
+---
 title: kube-hunter
 description: Kube-hunter hunts for security weaknesses in Kubernetes clusters
-logo: https://raw.githubusercontent.com/aquasecurity/kube-hunter/master/kube-hunter.png
+logo: https://raw.githubusercontent.com/aquasecurity/kube-hunter/main/kube-hunter.png
 show_downloads: false
 google_analytics: UA-63272154-1
 theme: jekyll-theme-minimal
@@ -10,7 +11,7 @@ collections:
 defaults:
  -
    scope:
-      path: "" # an empty string here means all files in the project
+      path: ""  # an empty string here means all files in the project
    values:
      layout: "default"

--- a/docs/_kb/KHV003.md
+++ b/docs/_kb/KHV003.md
@@ -12,7 +12,10 @@ Microsoft Azure provides an internal HTTP endpoint that exposes information from

 ## Remediation

-Consider using AAD Pod Identity. A Microsoft project that allows scoping the identity of workloads to Kubernetes Pods instead of VMs (instances).
+Starting in the 2020.10.15 Azure VHD Release, AKS restricts the pod CIDR access to that internal HTTP endpoint. 
+
+[CVE-2021-27075](https://github.com/Azure/AKS/issues/2168)
+

 ## References

--- a/docs/_kb/KHV052.md
+++ b/docs/_kb/KHV052.md
@@ -0,0 +1,23 @@
+---
+vid: KHV052
+title: Exposed Pods
+categories: [Information Disclosure]
+---
+
+# {{ page.vid }} - {{ page.title }}
+
+## Issue description
+
+An attacker could view sensitive information about pods that are bound to a Node using the exposed /pods endpoint
+This can be done either by accessing the readonly port (default 10255), or from the secure kubelet port (10250)
+
+## Remediation
+
+Ensure kubelet is protected using `--anonymous-auth=false` kubelet flag. Allow only legitimate users using `--client-ca-file` or `--authentication-token-webhook` kubelet flags. This is usually done by the installer or cloud provider.
+
+Disable the readonly port by using `--read-only-port=0` kubelet flag.
+
+## References
+
+- [Kubelet configuration](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/)
+- [Kubelet authentication/authorization](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-authentication-authorization/)
--- a/job.yaml
+++ b/job.yaml
@@ -1,3 +1,4 @@
+---
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -6,9 +7,9 @@ spec:
  template:
    spec:
      containers:
-      - name: kube-hunter
-        image: aquasec/kube-hunter 
-        command: ["kube-hunter"]
-        args: ["--pod"]
+        - name: kube-hunter
+          image: aquasec/kube-hunter
+          command: ["kube-hunter"]
+          args: ["--pod"]
      restartPolicy: Never
  backoffLimit: 4
--- a/kube-hunter-screenshot.png
+++ b/kube-hunter-screenshot.png
--- a/kube_hunter/main.py
+++ b/kube_hunter/main.py
@@ -73,13 +73,13 @@ def list_hunters():
    print("\nPassive Hunters:\n----------------")
    for hunter, docs in handler.passive_hunters.items():
        name, doc = hunter.parse_docs(docs)
-        print("* {}\n  {}\n".format(name, doc))
+        print(f"* {name}\n  {doc}\n")

    if config.active:
        print("\n\nActive Hunters:\n---------------")
        for hunter, docs in handler.active_hunters.items():
            name, doc = hunter.parse_docs(docs)
-            print("* {}\n  {}\n".format(name, doc))
+            print(f"* {name}\n  {doc}\n")


 hunt_started_lock = threading.Lock()
--- a/kube_hunter/core/events/handler.py
+++ b/kube_hunter/core/events/handler.py
@@ -14,7 +14,7 @@ logger = logging.getLogger(__name__)
 # Inherits Queue object, handles events asynchronously
 class EventQueue(Queue):
    def __init__(self, num_worker=10):
-        super(EventQueue, self).__init__()
+        super().__init__()
        self.passive_hunters = dict()
        self.active_hunters = dict()
        self.all_hunters = dict()
--- a/kube_hunter/modules/discovery/hosts.py
+++ b/kube_hunter/modules/discovery/hosts.py
@@ -5,8 +5,7 @@ import requests

 from enum import Enum
 from netaddr import IPNetwork, IPAddress, AddrFormatError
-from netifaces import AF_INET, ifaddresses, interfaces
-from scapy.all import ICMP, IP, Ether, srp1
+from netifaces import AF_INET, ifaddresses, interfaces, gateways

 from kube_hunter.conf import get_config
 from kube_hunter.core.events import handler
@@ -37,7 +36,7 @@ class RunningAsPodEvent(Event):
        try:
            with open(f"/var/run/secrets/kubernetes.io/serviceaccount/{file}") as f:
                return f.read()
-        except IOError:
+        except OSError:
            pass


@@ -53,7 +52,7 @@ class AzureMetadataApi(Vulnerability, Event):
            vid="KHV003",
        )
        self.cidr = cidr
-        self.evidence = "cidr: {}".format(cidr)
+        self.evidence = f"cidr: {cidr}"


 class HostScanEvent(Event):
@@ -109,7 +108,7 @@ class FromPodHostDiscovery(Discovery):
            if self.is_azure_pod():
                subnets, cloud = self.azure_metadata_discovery()
            else:
-                subnets = self.traceroute_discovery()
+                subnets = self.gateway_discovery()

            should_scan_apiserver = False
            if self.event.kubeservicehost:
@@ -141,14 +140,9 @@ class FromPodHostDiscovery(Discovery):
            return False

    # for pod scanning
-    def traceroute_discovery(self):
-        config = get_config()
-        node_internal_ip = srp1(
-            Ether() / IP(dst="1.1.1.1", ttl=1) / ICMP(),
-            verbose=0,
-            timeout=config.network_timeout,
-        )[IP].src
-        return [[node_internal_ip, "24"]]
+    def gateway_discovery(self):
+        """ Retrieving default gateway of pod, which is usually also a contact point with the host """
+        return [[gateways()["default"][AF_INET][0], "24"]]

    # querying azure's interface metadata api | works only from a pod
    def azure_metadata_discovery(self):
--- a/kube_hunter/modules/hunting/aks.py
+++ b/kube_hunter/modules/hunting/aks.py
@@ -1,9 +1,10 @@
+import os
 import json
 import logging
 import requests

 from kube_hunter.conf import get_config
-from kube_hunter.modules.hunting.kubelet import ExposedRunHandler
+from kube_hunter.modules.hunting.kubelet import ExposedPodsHandler, SecureKubeletPortHunter
 from kube_hunter.core.events import handler
 from kube_hunter.core.events.types import Event, Vulnerability
 from kube_hunter.core.types import Hunter, ActiveHunter, IdentityTheft, Azure
@@ -14,7 +15,7 @@ logger = logging.getLogger(__name__)
 class AzureSpnExposure(Vulnerability, Event):
    """The SPN is exposed, potentially allowing an attacker to gain access to the Azure subscription"""

-    def __init__(self, container):
+    def __init__(self, container, evidence=""):
        Vulnerability.__init__(
            self,
            Azure,
@@ -23,9 +24,10 @@ class AzureSpnExposure(Vulnerability, Event):
            vid="KHV004",
        )
        self.container = container
+        self.evidence = evidence


-@handler.subscribe(ExposedRunHandler, predicate=lambda x: x.cloud == "Azure")
+@handler.subscribe(ExposedPodsHandler, predicate=lambda x: x.cloud_type == "Azure")
 class AzureSpnHunter(Hunter):
    """AKS Hunting
    Hunting Azure cluster deployments using specific known configurations
@@ -37,35 +39,33 @@ class AzureSpnHunter(Hunter):

    # getting a container that has access to the azure.json file
    def get_key_container(self):
-        config = get_config()
-        endpoint = f"{self.base_url}/pods"
        logger.debug("Trying to find container with access to azure.json file")
-        try:
-            r = requests.get(endpoint, verify=False, timeout=config.network_timeout)
-        except requests.Timeout:
-            logger.debug("failed getting pod info")
-        else:
-            pods_data = r.json().get("items", [])
-            suspicious_volume_names = []
-            for pod_data in pods_data:
-                for volume in pod_data["spec"].get("volumes", []):
-                    if volume.get("hostPath"):
-                        path = volume["hostPath"]["path"]
-                        if "/etc/kubernetes/azure.json".startswith(path):
-                            suspicious_volume_names.append(volume["name"])
-                for container in pod_data["spec"]["containers"]:
-                    for mount in container.get("volumeMounts", []):
-                        if mount["name"] in suspicious_volume_names:
-                            return {
-                                "name": container["name"],
-                                "pod": pod_data["metadata"]["name"],
-                                "namespace": pod_data["metadata"]["namespace"],
-                            }
+
+        # pods are saved in the previous event object
+        pods_data = self.event.pods
+
+        suspicious_volume_names = []
+        for pod_data in pods_data:
+            for volume in pod_data["spec"].get("volumes", []):
+                if volume.get("hostPath"):
+                    path = volume["hostPath"]["path"]
+                    if "/etc/kubernetes/azure.json".startswith(path):
+                        suspicious_volume_names.append(volume["name"])
+            for container in pod_data["spec"]["containers"]:
+                for mount in container.get("volumeMounts", []):
+                    if mount["name"] in suspicious_volume_names:
+                        return {
+                            "name": container["name"],
+                            "pod": pod_data["metadata"]["name"],
+                            "namespace": pod_data["metadata"]["namespace"],
+                            "mount": mount,
+                        }

    def execute(self):
        container = self.get_key_container()
        if container:
-            self.publish_event(AzureSpnExposure(container=container))
+            evidence = f"pod: {container['pod']}, namespace: {container['namespace']}"
+            self.publish_event(AzureSpnExposure(container=container, evidence=evidence))


@handler.subscribe(AzureSpnExposure)
@@ -78,14 +78,42 @@ class ProveAzureSpnExposure(ActiveHunter):
        self.event = event
        self.base_url = f"https://{self.event.host}:{self.event.port}"

+    def test_run_capability(self):
+        """
+        Uses SecureKubeletPortHunter to test the /run handler
+        TODO: when multiple event subscription is implemented, use this here to make sure /run is accessible
+        """
+        debug_handlers = SecureKubeletPortHunter.DebugHandlers(path=self.base_url, session=self.event.session, pod=None)
+        return debug_handlers.test_run_container()
+
    def run(self, command, container):
        config = get_config()
-        run_url = "/".join(self.base_url, "run", container["namespace"], container["pod"], container["name"])
-        return requests.post(run_url, verify=False, params={"cmd": command}, timeout=config.network_timeout)
+        run_url = f"{self.base_url}/run/{container['namespace']}/{container['pod']}/{container['name']}"
+        return self.event.session.post(run_url, verify=False, params={"cmd": command}, timeout=config.network_timeout)
+
+    def get_full_path_to_azure_file(self):
+        """
+        Returns a full path to /etc/kubernetes/azure.json
+        Taking into consideration the difference folder of the mount inside the container.
+        TODO: implement the edge case where the mount is to parent /etc folder.
+        """
+        azure_file_path = self.event.container["mount"]["mountPath"]
+
+        # taking care of cases where a subPath is added to map the specific file
+        if not azure_file_path.endswith("azure.json"):
+            azure_file_path = os.path.join(azure_file_path, "azure.json")
+
+        return azure_file_path

    def execute(self):
+        if not self.test_run_capability():
+            logger.debug("Not proving AzureSpnExposure because /run debug handler is disabled")
+            return
+
        try:
-            subscription = self.run("cat /etc/kubernetes/azure.json", container=self.event.container).json()
+            azure_file_path = self.get_full_path_to_azure_file()
+            logger.debug(f"trying to access the azure.json at the resolved path: {azure_file_path}")
+            subscription = self.run(f"cat {azure_file_path}", container=self.event.container).json()
        except requests.Timeout:
            logger.debug("failed to run command in container", exc_info=True)
        except json.decoder.JSONDecodeError:
--- a/kube_hunter/modules/hunting/apiserver.py
+++ b/kube_hunter/modules/hunting/apiserver.py
@@ -56,16 +56,19 @@ class ServerApiHTTPAccess(Vulnerability, Event):


 class ApiInfoDisclosure(Vulnerability, Event):
+    """Information Disclosure depending upon RBAC permissions and Kube-Cluster Setup"""
+
    def __init__(self, evidence, using_token, name):
+        category = InformationDisclosure
        if using_token:
-            name += " using service account token"
+            name += " using default service account token"
        else:
            name += " as anonymous user"
        Vulnerability.__init__(
            self,
            KubernetesCluster,
            name=name,
-            category=InformationDisclosure,
+            category=category,
            vid="KHV007",
        )
        self.evidence = evidence
@@ -343,7 +346,7 @@ class AccessApiServer(Hunter):
            else:
                self.publish_event(ServerApiAccess(api, self.with_token))

-        namespaces = self.get_items("{path}/api/v1/namespaces".format(path=self.path))
+        namespaces = self.get_items(f"{self.path}/api/v1/namespaces")
        if namespaces:
            self.publish_event(ListNamespaces(namespaces, self.with_token))

@@ -371,7 +374,7 @@ class AccessApiServerWithToken(AccessApiServer):
    """

    def __init__(self, event):
-        super(AccessApiServerWithToken, self).__init__(event)
+        super().__init__(event)
        assert self.event.auth_token
        self.headers = {"Authorization": f"Bearer {self.event.auth_token}"}
        self.category = InformationDisclosure
--- a/kube_hunter/modules/hunting/arp.py
+++ b/kube_hunter/modules/hunting/arp.py
@@ -43,7 +43,7 @@ class ArpSpoofHunter(ActiveHunter):
    def detect_l3_on_host(self, arp_responses):
        """ returns True for an existence of an L3 network plugin """
        logger.debug("Attempting to detect L3 network plugin using ARP")
-        unique_macs = list(set(response[ARP].hwsrc for _, response in arp_responses))
+        unique_macs = list({response[ARP].hwsrc for _, response in arp_responses})

        # if LAN addresses not unique
        if len(unique_macs) == 1:
--- a/kube_hunter/modules/hunting/certificates.py
+++ b/kube_hunter/modules/hunting/certificates.py
@@ -8,11 +8,13 @@ from kube_hunter.core.events import handler
 from kube_hunter.core.events.types import Vulnerability, Event, Service

 logger = logging.getLogger(__name__)
-email_pattern = re.compile(rb"([a-z0-9]+@[a-z0-9]+\.[a-z0-9]+)")
+email_pattern = re.compile(rb"([a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+)")


 class CertificateEmail(Vulnerability, Event):
-    """Certificate includes an email address"""
+    """The Kubernetes API Server advertises a public certificate for TLS.
+    This certificate includes an email address, that may provide additional information for an attacker on your
+    organization, or be abused for further email based attacks."""

    def __init__(self, email):
        Vulnerability.__init__(
@@ -23,7 +25,7 @@ class CertificateEmail(Vulnerability, Event):
            vid="KHV021",
        )
        self.email = email
-        self.evidence = "email: {}".format(self.email)
+        self.evidence = f"email: {self.email}"


@handler.subscribe(Service)
--- a/kube_hunter/modules/hunting/cves.py
+++ b/kube_hunter/modules/hunting/cves.py
@@ -104,7 +104,7 @@ class IncompleteFixToKubectlCpVulnerability(Vulnerability, Event):
            vid="KHV027",
        )
        self.binary_version = binary_version
-        self.evidence = "kubectl version: {}".format(self.binary_version)
+        self.evidence = f"kubectl version: {self.binary_version}"


 class KubectlCpVulnerability(Vulnerability, Event):
@@ -120,7 +120,7 @@ class KubectlCpVulnerability(Vulnerability, Event):
            vid="KHV028",
        )
        self.binary_version = binary_version
-        self.evidence = "kubectl version: {}".format(self.binary_version)
+        self.evidence = f"kubectl version: {self.binary_version}"


 class CveUtils:
--- a/kube_hunter/modules/hunting/dns.py
+++ b/kube_hunter/modules/hunting/dns.py
@@ -25,7 +25,7 @@ class PossibleDnsSpoofing(Vulnerability, Event):
            vid="KHV030",
        )
        self.kubedns_pod_ip = kubedns_pod_ip
-        self.evidence = "kube-dns at: {}".format(self.kubedns_pod_ip)
+        self.evidence = f"kube-dns at: {self.kubedns_pod_ip}"


 # Only triggered with RunningAsPod base event
--- a/kube_hunter/modules/hunting/kubelet.py
+++ b/kube_hunter/modules/hunting/kubelet.py
@@ -35,10 +35,7 @@ class ExposedPodsHandler(Vulnerability, Event):

    def __init__(self, pods):
        Vulnerability.__init__(
-            self,
-            component=Kubelet,
-            name="Exposed Pods",
-            category=InformationDisclosure,
+            self, component=Kubelet, name="Exposed Pods", category=InformationDisclosure, vid="KHV052"
        )
        self.pods = pods
        self.evidence = f"count: {len(self.pods)}"
@@ -84,7 +81,7 @@ class ExposedRunningPodsHandler(Vulnerability, Event):
            vid="KHV038",
        )
        self.count = count
-        self.evidence = "{} running pods".format(self.count)
+        self.evidence = f"{self.count} running pods"


 class ExposedExecHandler(Vulnerability, Event):
@@ -347,27 +344,23 @@ class SecureKubeletPortHunter(Hunter):

        # need further investigation on websockets protocol for further implementation
        def test_port_forward(self):
-            config = get_config()
-            headers = {
-                "Upgrade": "websocket",
-                "Connection": "Upgrade",
-                "Sec-Websocket-Key": "s",
-                "Sec-Websocket-Version": "13",
-                "Sec-Websocket-Protocol": "SPDY",
-            }
-            pf_url = self.path + KubeletHandlers.PORTFORWARD.value.format(
-                pod_namespace=self.pod["namespace"],
-                pod_id=self.pod["name"],
-                port=80,
-            )
-            self.session.get(
-                pf_url,
-                headers=headers,
-                verify=False,
-                stream=True,
-                timeout=config.network_timeout,
-            ).status_code == 200
+            pass
            # TODO: what to return?
+            # Example starting code:
+            #
+            # config = get_config()
+            # headers = {
+            #     "Upgrade": "websocket",
+            #     "Connection": "Upgrade",
+            #     "Sec-Websocket-Key": "s",
+            #     "Sec-Websocket-Version": "13",
+            #     "Sec-Websocket-Protocol": "SPDY",
+            # }
+            # pf_url = self.path + KubeletHandlers.PORTFORWARD.value.format(
+            #     pod_namespace=self.pod["namespace"],
+            #     pod_id=self.pod["name"],
+            #     port=80,
+            # )

        # executes one command and returns output
        def test_run_container(self):
@@ -378,8 +371,9 @@ class SecureKubeletPortHunter(Hunter):
                container_name="test",
                cmd="",
            )
-            # if we get a Method Not Allowed, we know we passed Authentication and Authorization.
-            return self.session.get(run_url, verify=False, timeout=config.network_timeout).status_code == 405
+            # if we get this message, we know we passed Authentication and Authorization, and that the endpoint is enabled.
+            status_code = self.session.post(run_url, verify=False, timeout=config.network_timeout).status_code
+            return status_code == requests.codes.NOT_FOUND

        # returns list of currently running pods
        def test_running_pods(self):
@@ -532,7 +526,7 @@ class ProveAnonymousAuth(ActiveHunter):

    def __init__(self, event):
        self.event = event
-        self.base_url = "https://{host}:10250/".format(host=self.event.host)
+        self.base_url = f"https://{self.event.host}:10250/"

    def get_request(self, url, verify=False):
        config = get_config()
@@ -571,7 +565,7 @@ class ProveAnonymousAuth(ActiveHunter):
        return ProveAnonymousAuth.has_no_error(result) and ProveAnonymousAuth.has_no_exception(result)

    def cat_command(self, run_request_url, full_file_path):
-        return self.post_request(run_request_url, {"cmd": "cat {}".format(full_file_path)})
+        return self.post_request(run_request_url, {"cmd": f"cat {full_file_path}"})

    def process_container(self, run_request_url):
        service_account_token = self.cat_command(run_request_url, "/var/run/secrets/kubernetes.io/serviceaccount/token")
@@ -608,7 +602,7 @@ class ProveAnonymousAuth(ActiveHunter):
                for container_data in pod_data["spec"]["containers"]:
                    container_name = container_data["name"]

-                    run_request_url = self.base_url + "run/{}/{}/{}".format(pod_namespace, pod_id, container_name)
+                    run_request_url = self.base_url + f"run/{pod_namespace}/{pod_id}/{container_name}"

                    extracted_data = self.process_container(run_request_url)

@@ -617,11 +611,11 @@ class ProveAnonymousAuth(ActiveHunter):
                        environment_variables = extracted_data["environment_variables"]

                        temp_message += (
-                            "\n\nPod namespace: {}".format(pod_namespace)
-                            + "\n\nPod ID: {}".format(pod_id)
-                            + "\n\nContainer name: {}".format(container_name)
-                            + "\n\nService account token: {}".format(service_account_token)
-                            + "\nEnvironment variables: {}".format(environment_variables)
+                            f"\n\nPod namespace: {pod_namespace}"
+                            + f"\n\nPod ID: {pod_id}"
+                            + f"\n\nContainer name: {container_name}"
+                            + f"\n\nService account token: {service_account_token}"
+                            + f"\nEnvironment variables: {environment_variables}"
                        )

                        first_check = container_data.get("securityContext", {}).get("privileged")
@@ -646,7 +640,7 @@ class ProveAnonymousAuth(ActiveHunter):
            if temp_message:
                message = "The following containers have been successfully breached." + temp_message

-                self.event.evidence = "{}".format(message)
+                self.event.evidence = f"{message}"

            if exposed_existing_privileged_containers:
                self.publish_event(
@@ -666,7 +660,7 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):

    def __init__(self, event, seconds_to_wait_for_os_command=1):
        self.event = event
-        self.base_url = "https://{host}:10250/".format(host=self.event.host)
+        self.base_url = f"https://{self.event.host}:10250/"
        self.seconds_to_wait_for_os_command = seconds_to_wait_for_os_command
        self.number_of_rm_attempts = 5
        self.number_of_rmdir_attempts = 5
@@ -685,7 +679,7 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):
            return "Exception: " + str(ex)

    def cat_command(self, run_request_url, full_file_path):
-        return self.post_request(run_request_url, {"cmd": "cat {}".format(full_file_path)})
+        return self.post_request(run_request_url, {"cmd": f"cat {full_file_path}"})

    def clean_attacked_exposed_existing_privileged_container(
        self,
@@ -701,7 +695,7 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):

        self.rm_command(
            run_request_url,
-            "{}/etc/cron.daily/{}".format(directory_created, file_created),
+            f"{directory_created}/etc/cron.daily/{file_created}",
            number_of_rm_attempts,
            seconds_to_wait_for_os_command,
        )
@@ -729,9 +723,7 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):
    def rm_command(self, run_request_url, file_to_remove, number_of_rm_attempts, seconds_to_wait_for_os_command):
        if self.check_file_exists(run_request_url, file_to_remove):
            for _ in range(number_of_rm_attempts):
-                command_execution_outcome = self.post_request(
-                    run_request_url, {"cmd": "rm -f {}".format(file_to_remove)}
-                )
+                command_execution_outcome = self.post_request(run_request_url, {"cmd": f"rm -f {file_to_remove}"})

                if seconds_to_wait_for_os_command:
                    time.sleep(seconds_to_wait_for_os_command)
@@ -758,10 +750,10 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):
        return False

    def chmod_command(self, run_request_url, permissions, file):
-        return self.post_request(run_request_url, {"cmd": "chmod {} {}".format(permissions, file)})
+        return self.post_request(run_request_url, {"cmd": f"chmod {permissions} {file}"})

    def touch_command(self, run_request_url, file_to_create):
-        return self.post_request(run_request_url, {"cmd": "touch {}".format(file_to_create)})
+        return self.post_request(run_request_url, {"cmd": f"touch {file_to_create}"})

    def attack_exposed_existing_privileged_container(
        self, run_request_url, directory_created, number_of_rm_attempts, seconds_to_wait_for_os_command, file_name=None
@@ -769,7 +761,7 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):
        if file_name is None:
            file_name = "kube-hunter" + str(uuid.uuid1())

-        file_name_with_path = "{}/etc/cron.daily/{}".format(directory_created, file_name)
+        file_name_with_path = f"{directory_created}/etc/cron.daily/{file_name}"

        file_created = self.touch_command(run_request_url, file_name_with_path)

@@ -797,9 +789,7 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):
    ):
        if self.check_directory_exists(run_request_url, directory_to_remove):
            for _ in range(number_of_rmdir_attempts):
-                command_execution_outcome = self.post_request(
-                    run_request_url, {"cmd": "rmdir {}".format(directory_to_remove)}
-                )
+                command_execution_outcome = self.post_request(run_request_url, {"cmd": f"rmdir {directory_to_remove}"})

                if seconds_to_wait_for_os_command:
                    time.sleep(seconds_to_wait_for_os_command)
@@ -826,7 +816,7 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):
        return False

    def ls_command(self, run_request_url, file_or_directory):
-        return self.post_request(run_request_url, {"cmd": "ls {}".format(file_or_directory)})
+        return self.post_request(run_request_url, {"cmd": f"ls {file_or_directory}"})

    def umount_command(
        self,
@@ -844,7 +834,7 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):
            for _ in range(number_of_umount_attempts):
                # Ref: http://man7.org/linux/man-pages/man2/umount.2.html
                command_execution_outcome = self.post_request(
-                    run_request_url, {"cmd": "umount {} {}".format(file_system_or_partition, directory)}
+                    run_request_url, {"cmd": f"umount {file_system_or_partition} {directory}"}
                )

                if seconds_to_wait_for_os_command:
@@ -875,16 +865,16 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):

    def mount_command(self, run_request_url, file_system_or_partition, directory):
        # Ref: http://man7.org/linux/man-pages/man1/mkdir.1.html
-        return self.post_request(run_request_url, {"cmd": "mount {} {}".format(file_system_or_partition, directory)})
+        return self.post_request(run_request_url, {"cmd": f"mount {file_system_or_partition} {directory}"})

    def mkdir_command(self, run_request_url, directory_to_create):
        # Ref: http://man7.org/linux/man-pages/man1/mkdir.1.html
-        return self.post_request(run_request_url, {"cmd": "mkdir {}".format(directory_to_create)})
+        return self.post_request(run_request_url, {"cmd": f"mkdir {directory_to_create}"})

    def findfs_command(self, run_request_url, file_system_or_partition_type, file_system_or_partition):
        # Ref: http://man7.org/linux/man-pages/man8/findfs.8.html
        return self.post_request(
-            run_request_url, {"cmd": "findfs {}{}".format(file_system_or_partition_type, file_system_or_partition)}
+            run_request_url, {"cmd": f"findfs {file_system_or_partition_type}{file_system_or_partition}"}
        )

    def get_root_values(self, command_line):
@@ -943,9 +933,7 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):
                            )

                            if ProveAnonymousAuth.has_no_error_nor_exception(mounted_file_system_or_partition):
-                                host_name = self.cat_command(
-                                    run_request_url, "{}/etc/hostname".format(directory_created)
-                                )
+                                host_name = self.cat_command(run_request_url, f"{directory_created}/etc/hostname")

                                if ProveAnonymousAuth.has_no_error_nor_exception(host_name):
                                    return {
@@ -979,7 +967,7 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):
            pod_id = exposed_existing_privileged_containers["pod_id"]
            container_name = exposed_existing_privileged_containers["container_name"]

-            run_request_url = self.base_url + "run/{}/{}/{}".format(pod_namespace, pod_id, container_name)
+            run_request_url = self.base_url + f"run/{pod_namespace}/{pod_id}/{container_name}"

            is_exposed_existing_privileged_container_privileged = self.process_exposed_existing_privileged_container(
                run_request_url,
@@ -1029,7 +1017,7 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):
                + temp_message
            )

-            self.event.evidence = "{}".format(message)
+            self.event.evidence = f"{message}"
        else:
            message = (
                "The following exposed existing privileged containers"
@@ -1038,7 +1026,7 @@ class MaliciousIntentViaSecureKubeletPort(ActiveHunter):
                + temp_message
            )

-            self.event.evidence = "{}".format(message)
+            self.event.evidence = f"{message}"


@handler.subscribe(ExposedRunHandler)
@@ -1145,11 +1133,16 @@ class ProveSystemLogs(ActiveHunter):
            f"{self.base_url}/" + KubeletHandlers.LOGS.value.format(path="audit/audit.log"),
            verify=False,
            timeout=config.network_timeout,
-        ).text
-        logger.debug(f"Audit log of host {self.event.host}: {audit_logs[:10]}")
-        # iterating over proctitles and converting them into readable strings
-        proctitles = []
-        for proctitle in re.findall(r"proctitle=(\w+)", audit_logs):
-            proctitles.append(bytes.fromhex(proctitle).decode("utf-8").replace("\x00", " "))
-        self.event.proctitles = proctitles
-        self.event.evidence = f"audit log: {proctitles}"
+        )
+
+        # TODO: add more methods for proving system logs
+        if audit_logs.status_code == requests.status_codes.codes.OK:
+            logger.debug(f"Audit log of host {self.event.host}: {audit_logs.text[:10]}")
+            # iterating over proctitles and converting them into readable strings
+            proctitles = []
+            for proctitle in re.findall(r"proctitle=(\w+)", audit_logs.text):
+                proctitles.append(bytes.fromhex(proctitle).decode("utf-8").replace("\x00", " "))
+            self.event.proctitles = proctitles
+            self.event.evidence = f"audit log: {proctitles}"
+        else:
+            self.event.evidence = "Could not parse system logs"
--- a/kube_hunter/modules/hunting/mounts.py
+++ b/kube_hunter/modules/hunting/mounts.py
@@ -32,7 +32,7 @@ class WriteMountToVarLog(Vulnerability, Event):
            vid="KHV047",
        )
        self.pods = pods
-        self.evidence = "pods: {}".format(", ".join((pod["metadata"]["name"] for pod in self.pods)))
+        self.evidence = "pods: {}".format(", ".join(pod["metadata"]["name"] for pod in self.pods))


 class DirectoryTraversalWithKubelet(Vulnerability, Event):
@@ -47,7 +47,7 @@ class DirectoryTraversalWithKubelet(Vulnerability, Event):
            category=PrivilegeEscalation,
        )
        self.output = output
-        self.evidence = "output: {}".format(self.output)
+        self.evidence = f"output: {self.output}"


@handler.subscribe(ExposedPodsHandler)
--- a/kube_hunter/modules/report/base.py
+++ b/kube_hunter/modules/report/base.py
@@ -7,6 +7,9 @@ from kube_hunter.modules.report.collector import (
    vulnerabilities_lock,
 )

+BASE_KB_LINK = "https://avd.aquasec.com/"
+FULL_KB_LINK = "https://avd.aquasec.com/kube-hunter/{vid}/"
+

 class BaseReporter:
    def get_nodes(self):
@@ -38,6 +41,7 @@ class BaseReporter:
                    "vulnerability": vuln.get_name(),
                    "description": vuln.explain(),
                    "evidence": str(vuln.evidence),
+                    "avd_reference": FULL_KB_LINK.format(vid=vuln.get_vid().lower()),
                    "hunter": vuln.hunter.get_name(),
                }
                for vuln in vulnerabilities
@@ -63,6 +67,4 @@ class BaseReporter:
        if statistics:
            report["hunter_statistics"] = self.get_hunter_statistics()

-        report["kburl"] = "https://aquasecurity.github.io/kube-hunter/kb/{vid}"
-
        return report
--- a/kube_hunter/modules/report/plain.py
+++ b/kube_hunter/modules/report/plain.py
@@ -1,6 +1,6 @@
 from prettytable import ALL, PrettyTable

-from kube_hunter.modules.report.base import BaseReporter
+from kube_hunter.modules.report.base import BaseReporter, BASE_KB_LINK
 from kube_hunter.modules.report.collector import (
    services,
    vulnerabilities,
@@ -11,7 +11,6 @@ from kube_hunter.modules.report.collector import (

 EVIDENCE_PREVIEW = 100
 MAX_TABLE_WIDTH = 20
-KB_LINK = "https://github.com/aquasecurity/kube-hunter/tree/master/docs/_kb"


 class PlainReporter(BaseReporter):
@@ -60,7 +59,7 @@ class PlainReporter(BaseReporter):
            if service.event_id not in id_memory:
                nodes_table.add_row(["Node/Master", service.host])
                id_memory.add(service.event_id)
-        nodes_ret = "\nNodes\n{}\n".format(nodes_table)
+        nodes_ret = f"\nNodes\n{nodes_table}\n"
        services_lock.release()
        return nodes_ret

@@ -114,7 +113,7 @@ class PlainReporter(BaseReporter):
        return (
            "\nVulnerabilities\n"
            "For further information about a vulnerability, search its ID in: \n"
-            f"{KB_LINK}\n{vuln_table}\n"
+            f"{BASE_KB_LINK}\n{vuln_table}\n"
        )

    def hunters_table(self):
--- a/pyinstaller_hooks/hook-prettytable.py
+++ b/pyinstaller_hooks/hook-prettytable.py
@@ -0,0 +1,3 @@
+from PyInstaller.utils.hooks import collect_all
+
+datas, binaries, hiddenimports = collect_all("prettytable")
--- a/setup.py
+++ b/setup.py
@@ -41,6 +41,8 @@ class PyInstallerCommand(Command):
        cfg.read("setup.cfg")
        command = [
            "pyinstaller",
+            "--additional-hooks-dir",
+            "pyinstaller_hooks",
            "--clean",
            "--onefile",
            "--name",
--- a/tests/discovery/test_apiserver.py
+++ b/tests/discovery/test_apiserver.py
@@ -123,7 +123,7 @@ def test_InsecureApiServer():

 # We should only generate an ApiServer event for a response that looks like it came from a Kubernetes node
@handler.subscribe(ApiServer)
-class testApiServer(object):
+class testApiServer:
    def __init__(self, event):
        print("Event")
        assert event.host == "mockKubernetes"
--- a/tests/discovery/test_hosts.py
+++ b/tests/discovery/test_hosts.py
@@ -90,7 +90,7 @@ class TestDiscoveryUtils:
    def test_generate_hosts_valid_ignore():
        remove = IPAddress("192.168.1.8")
        scan = "192.168.1.0/24"
-        expected = set(ip for ip in IPNetwork(scan) if ip != remove)
+        expected = {ip for ip in IPNetwork(scan) if ip != remove}

        actual = set(HostDiscoveryHelpers.generate_hosts([scan, f"!{str(remove)}"]))

--- a/tests/hunting/test_aks.py
+++ b/tests/hunting/test_aks.py
@@ -3,54 +3,47 @@ import requests_mock

 from kube_hunter.conf import Config, set_config

+import json
+
 set_config(Config())

-from kube_hunter.modules.hunting.kubelet import ExposedRunHandler
+from kube_hunter.modules.hunting.kubelet import ExposedPodsHandler
 from kube_hunter.modules.hunting.aks import AzureSpnHunter


 def test_AzureSpnHunter():
-    e = ExposedRunHandler()
-    e.host = "mockKubernetes"
-    e.port = 443
-    e.protocol = "https"
-
+    e = ExposedPodsHandler(pods=[])
    pod_template = '{{"items":[ {{"apiVersion":"v1","kind":"Pod","metadata":{{"name":"etc","namespace":"default"}},"spec":{{"containers":[{{"command":["sleep","99999"],"image":"ubuntu","name":"test","volumeMounts":[{{"mountPath":"/mp","name":"v"}}]}}],"volumes":[{{"hostPath":{{"path":"{}"}},"name":"v"}}]}}}} ]}}'

    bad_paths = ["/", "/etc", "/etc/", "/etc/kubernetes", "/etc/kubernetes/azure.json"]
    good_paths = ["/yo", "/etc/yo", "/etc/kubernetes/yo.json"]

    for p in bad_paths:
-        with requests_mock.Mocker() as m:
-            m.get("https://mockKubernetes:443/pods", text=pod_template.format(p))
-            h = AzureSpnHunter(e)
-            c = h.get_key_container()
-            assert c
+        e.pods = json.loads(pod_template.format(p))["items"]
+        h = AzureSpnHunter(e)
+        c = h.get_key_container()
+        assert c

    for p in good_paths:
-        with requests_mock.Mocker() as m:
-            m.get("https://mockKubernetes:443/pods", text=pod_template.format(p))
-            h = AzureSpnHunter(e)
-            c = h.get_key_container()
-            assert c == None
-
-    with requests_mock.Mocker() as m:
-        pod_no_volume_mounts = '{"items":[ {"apiVersion":"v1","kind":"Pod","metadata":{"name":"etc","namespace":"default"},"spec":{"containers":[{"command":["sleep","99999"],"image":"ubuntu","name":"test"}],"volumes":[{"hostPath":{"path":"/whatever"},"name":"v"}]}} ]}'
-        m.get("https://mockKubernetes:443/pods", text=pod_no_volume_mounts)
+        e.pods = json.loads(pod_template.format(p))["items"]
        h = AzureSpnHunter(e)
        c = h.get_key_container()
        assert c == None

-    with requests_mock.Mocker() as m:
-        pod_no_volumes = '{"items":[ {"apiVersion":"v1","kind":"Pod","metadata":{"name":"etc","namespace":"default"},"spec":{"containers":[{"command":["sleep","99999"],"image":"ubuntu","name":"test"}]}} ]}'
-        m.get("https://mockKubernetes:443/pods", text=pod_no_volumes)
-        h = AzureSpnHunter(e)
-        c = h.get_key_container()
-        assert c == None
+    pod_no_volume_mounts = '{"items":[ {"apiVersion":"v1","kind":"Pod","metadata":{"name":"etc","namespace":"default"},"spec":{"containers":[{"command":["sleep","99999"],"image":"ubuntu","name":"test"}],"volumes":[{"hostPath":{"path":"/whatever"},"name":"v"}]}} ]}'
+    e.pods = json.loads(pod_no_volume_mounts)["items"]
+    h = AzureSpnHunter(e)
+    c = h.get_key_container()
+    assert c == None

-    with requests_mock.Mocker() as m:
-        pod_other_volume = '{"items":[ {"apiVersion":"v1","kind":"Pod","metadata":{"name":"etc","namespace":"default"},"spec":{"containers":[{"command":["sleep","99999"],"image":"ubuntu","name":"test","volumeMounts":[{"mountPath":"/mp","name":"v"}]}],"volumes":[{"emptyDir":{},"name":"v"}]}} ]}'
-        m.get("https://mockKubernetes:443/pods", text=pod_other_volume)
-        h = AzureSpnHunter(e)
-        c = h.get_key_container()
-        assert c == None
+    pod_no_volumes = '{"items":[ {"apiVersion":"v1","kind":"Pod","metadata":{"name":"etc","namespace":"default"},"spec":{"containers":[{"command":["sleep","99999"],"image":"ubuntu","name":"test"}]}} ]}'
+    e.pods = json.loads(pod_no_volumes)["items"]
+    h = AzureSpnHunter(e)
+    c = h.get_key_container()
+    assert c == None
+
+    pod_other_volume = '{"items":[ {"apiVersion":"v1","kind":"Pod","metadata":{"name":"etc","namespace":"default"},"spec":{"containers":[{"command":["sleep","99999"],"image":"ubuntu","name":"test","volumeMounts":[{"mountPath":"/mp","name":"v"}]}],"volumes":[{"emptyDir":{},"name":"v"}]}} ]}'
+    e.pods = json.loads(pod_other_volume)["items"]
+    h = AzureSpnHunter(e)
+    c = h.get_key_container()
+    assert c == None
--- a/tests/hunting/test_apiserver_hunter.py
+++ b/tests/hunting/test_apiserver_hunter.py
@@ -122,7 +122,7 @@ def test_AccessApiServer():


@handler.subscribe(ListNamespaces)
-class test_ListNamespaces(object):
+class test_ListNamespaces:
    def __init__(self, event):
        print("ListNamespaces")
        assert event.evidence == ["hello"]
@@ -135,7 +135,7 @@ class test_ListNamespaces(object):


@handler.subscribe(ListPodsAndNamespaces)
-class test_ListPodsAndNamespaces(object):
+class test_ListPodsAndNamespaces:
    def __init__(self, event):
        print("ListPodsAndNamespaces")
        assert len(event.evidence) == 2
@@ -158,7 +158,7 @@ class test_ListPodsAndNamespaces(object):

 # Should never see this because the API call in the test returns 403 status code
@handler.subscribe(ListRoles)
-class test_ListRoles(object):
+class test_ListRoles:
    def __init__(self, event):
        print("ListRoles")
        assert 0
@@ -169,7 +169,7 @@ class test_ListRoles(object):
 # Should only see this when we have a token because the API call returns an empty list of items
 # in the test where we have no token
@handler.subscribe(ListClusterRoles)
-class test_ListClusterRoles(object):
+class test_ListClusterRoles:
    def __init__(self, event):
        print("ListClusterRoles")
        assert event.auth_token == "so-secret"
@@ -178,7 +178,7 @@ class test_ListClusterRoles(object):


@handler.subscribe(ServerApiAccess)
-class test_ServerApiAccess(object):
+class test_ServerApiAccess:
    def __init__(self, event):
        print("ServerApiAccess")
        if event.category == UnauthenticatedAccess:
@@ -191,7 +191,7 @@ class test_ServerApiAccess(object):


@handler.subscribe(ApiServerPassiveHunterFinished)
-class test_PassiveHunterFinished(object):
+class test_PassiveHunterFinished:
    def __init__(self, event):
        print("PassiveHunterFinished")
        assert event.namespaces == ["hello"]
@@ -276,12 +276,12 @@ def test_AccessApiServerActive():


@handler.subscribe(CreateANamespace)
-class test_CreateANamespace(object):
+class test_CreateANamespace:
    def __init__(self, event):
        assert "abcde" in event.evidence


@handler.subscribe(DeleteANamespace)
-class test_DeleteANamespace(object):
+class test_DeleteANamespace:
    def __init__(self, event):
        assert "2019-02-26" in event.evidence
--- a/tests/hunting/test_certificates.py
+++ b/tests/hunting/test_certificates.py
@@ -37,6 +37,6 @@ rceJuGsnJEQ=


@handler.subscribe(CertificateEmail)
-class test_CertificateEmail(object):
+class test_CertificateEmail:
    def __init__(self, event):
        assert event.email == b"build@nodejs.org0"
--- a/tests/hunting/test_cvehunting.py
+++ b/tests/hunting/test_cvehunting.py
@@ -41,7 +41,7 @@ def test_K8sCveHunter():


@handler.subscribe(ServerApiVersionEndPointAccessPE)
-class test_CVE_2018_1002105(object):
+class test_CVE_2018_1002105:
    def __init__(self, event):
        global cve_counter
        cve_counter += 1
--- a/tests/hunting/test_kubelet.py
+++ b/tests/hunting/test_kubelet.py
@@ -270,7 +270,7 @@ def test_proveanonymousauth_connectivity_issues():


@handler.subscribe(ExposedExistingPrivilegedContainersViaSecureKubeletPort)
-class ExposedPrivilegedContainersViaAnonymousAuthEnabledInSecureKubeletPortEventCounter(object):
+class ExposedPrivilegedContainersViaAnonymousAuthEnabledInSecureKubeletPortEventCounter:
    def __init__(self, event):
        global counter
        counter += 1
@@ -371,9 +371,9 @@ def test_attack_exposed_existing_privileged_container_success():
        run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
        directory_created = "/kube-hunter-mock_" + str(uuid.uuid1())
        file_name = "kube-hunter-mock" + str(uuid.uuid1())
-        file_name_with_path = "{}/etc/cron.daily/{}".format(directory_created, file_name)
+        file_name_with_path = f"{directory_created}/etc/cron.daily/{file_name}"

-        session_mock.post(run_url + urllib.parse.quote("touch {}".format(file_name_with_path), safe=""), text="")
+        session_mock.post(run_url + urllib.parse.quote(f"touch {file_name_with_path}", safe=""), text="")
        session_mock.post(
            run_url + urllib.parse.quote("chmod {} {}".format("755", file_name_with_path), safe=""), text=""
        )
@@ -395,12 +395,12 @@ def test_attack_exposed_existing_privileged_container_failure_when_touch():
    with requests_mock.Mocker(session=class_being_tested.event.session) as session_mock:
        directory_created = "/kube-hunter-mock_" + str(uuid.uuid1())
        file_name = "kube-hunter-mock" + str(uuid.uuid1())
-        file_name_with_path = "{}/etc/cron.daily/{}".format(directory_created, file_name)
+        file_name_with_path = f"{directory_created}/etc/cron.daily/{file_name}"

        url = "https://localhost:10250/"
        run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
        session_mock.post(
-            run_url + urllib.parse.quote("touch {}".format(file_name_with_path), safe=""),
+            run_url + urllib.parse.quote(f"touch {file_name_with_path}", safe=""),
            text="Operation not permitted",
        )

@@ -420,11 +420,11 @@ def test_attack_exposed_existing_privileged_container_failure_when_chmod():
    with requests_mock.Mocker(session=class_being_tested.event.session) as session_mock:
        directory_created = "/kube-hunter-mock_" + str(uuid.uuid1())
        file_name = "kube-hunter-mock" + str(uuid.uuid1())
-        file_name_with_path = "{}/etc/cron.daily/{}".format(directory_created, file_name)
+        file_name_with_path = f"{directory_created}/etc/cron.daily/{file_name}"

        url = "https://localhost:10250/"
        run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
-        session_mock.post(run_url + urllib.parse.quote("touch {}".format(file_name_with_path), safe=""), text="")
+        session_mock.post(run_url + urllib.parse.quote(f"touch {file_name_with_path}", safe=""), text="")
        session_mock.post(
            run_url + urllib.parse.quote("chmod {} {}".format("755", file_name_with_path), safe=""),
            text="Permission denied",
@@ -547,12 +547,12 @@ def test_process_exposed_existing_privileged_container_success():

        session_mock.post(run_url + urllib.parse.quote("cat /proc/cmdline", safe=""), text=cat_proc_cmdline)
        session_mock.post(run_url + urllib.parse.quote("findfs LABEL=Mock", safe=""), text="/dev/mock_fs")
-        session_mock.post(run_url + urllib.parse.quote("mkdir {}".format(directory_created), safe=""), text="")
+        session_mock.post(run_url + urllib.parse.quote(f"mkdir {directory_created}", safe=""), text="")
        session_mock.post(
            run_url + urllib.parse.quote("mount {} {}".format("/dev/mock_fs", directory_created), safe=""), text=""
        )
        session_mock.post(
-            run_url + urllib.parse.quote("cat {}/etc/hostname".format(directory_created), safe=""), text="mockhostname"
+            run_url + urllib.parse.quote(f"cat {directory_created}/etc/hostname", safe=""), text="mockhostname"
        )

        return_value = class_being_tested.process_exposed_existing_privileged_container(
@@ -619,9 +619,7 @@ def test_process_exposed_existing_privileged_container_failure_when_mkdir():

        session_mock.post(run_url + urllib.parse.quote("cat /proc/cmdline", safe=""), text=cat_proc_cmdline)
        session_mock.post(run_url + urllib.parse.quote("findfs LABEL=Mock", safe=""), text="/dev/mock_fs")
-        session_mock.post(
-            run_url + urllib.parse.quote("mkdir {}".format(directory_created), safe=""), text="Permission denied"
-        )
+        session_mock.post(run_url + urllib.parse.quote(f"mkdir {directory_created}", safe=""), text="Permission denied")

        return_value = class_being_tested.process_exposed_existing_privileged_container(
            url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu",
@@ -644,7 +642,7 @@ def test_process_exposed_existing_privileged_container_failure_when_mount():

        session_mock.post(run_url + urllib.parse.quote("cat /proc/cmdline", safe=""), text=cat_proc_cmdline)
        session_mock.post(run_url + urllib.parse.quote("findfs LABEL=Mock", safe=""), text="/dev/mock_fs")
-        session_mock.post(run_url + urllib.parse.quote("mkdir {}".format(directory_created), safe=""), text="")
+        session_mock.post(run_url + urllib.parse.quote(f"mkdir {directory_created}", safe=""), text="")
        session_mock.post(
            run_url + urllib.parse.quote("mount {} {}".format("/dev/mock_fs", directory_created), safe=""),
            text="Permission denied",
@@ -671,12 +669,12 @@ def test_process_exposed_existing_privileged_container_failure_when_cat_hostname

        session_mock.post(run_url + urllib.parse.quote("cat /proc/cmdline", safe=""), text=cat_proc_cmdline)
        session_mock.post(run_url + urllib.parse.quote("findfs LABEL=Mock", safe=""), text="/dev/mock_fs")
-        session_mock.post(run_url + urllib.parse.quote("mkdir {}".format(directory_created), safe=""), text="")
+        session_mock.post(run_url + urllib.parse.quote(f"mkdir {directory_created}", safe=""), text="")
        session_mock.post(
            run_url + urllib.parse.quote("mount {} {}".format("/dev/mock_fs", directory_created), safe=""), text=""
        )
        session_mock.post(
-            run_url + urllib.parse.quote("cat {}/etc/hostname".format(directory_created), safe=""),
+            run_url + urllib.parse.quote(f"cat {directory_created}/etc/hostname", safe=""),
            text="Permission denied",
        )

@@ -699,18 +697,18 @@ def test_maliciousintentviasecurekubeletport_success():
        run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
        directory_created = "/kube-hunter-mock_" + str(uuid.uuid1())
        file_name = "kube-hunter-mock" + str(uuid.uuid1())
-        file_name_with_path = "{}/etc/cron.daily/{}".format(directory_created, file_name)
+        file_name_with_path = f"{directory_created}/etc/cron.daily/{file_name}"

        session_mock.post(run_url + urllib.parse.quote("cat /proc/cmdline", safe=""), text=cat_proc_cmdline)
        session_mock.post(run_url + urllib.parse.quote("findfs LABEL=Mock", safe=""), text="/dev/mock_fs")
-        session_mock.post(run_url + urllib.parse.quote("mkdir {}".format(directory_created), safe=""), text="")
+        session_mock.post(run_url + urllib.parse.quote(f"mkdir {directory_created}", safe=""), text="")
        session_mock.post(
            run_url + urllib.parse.quote("mount {} {}".format("/dev/mock_fs", directory_created), safe=""), text=""
        )
        session_mock.post(
-            run_url + urllib.parse.quote("cat {}/etc/hostname".format(directory_created), safe=""), text="mockhostname"
+            run_url + urllib.parse.quote(f"cat {directory_created}/etc/hostname", safe=""), text="mockhostname"
        )
-        session_mock.post(run_url + urllib.parse.quote("touch {}".format(file_name_with_path), safe=""), text="")
+        session_mock.post(run_url + urllib.parse.quote(f"touch {file_name_with_path}", safe=""), text="")
        session_mock.post(
            run_url + urllib.parse.quote("chmod {} {}".format("755", file_name_with_path), safe=""), text=""
        )
Author	SHA1	Message	Date
danielsagi	5d8b437093	Added Advanced Usage section to the readme, documenting azure quick scanning	2021-04-08 17:20:12 +03:00
miwithro	cdd9f9d432	Update KHV003.md (#439 )	2021-03-16 17:17:55 +02:00
Simarpreet Singh	99678f3cac	deps: Update github pages dependencies (#431 ) Signed-off-by: Simarpreet Singh <simar@linux.com>	2021-01-17 16:03:04 +02:00
danielsagi	cdbc3dc12b	Bug Fix: False Negative On AKS Hunting (#420 ) * removed false negative in AzureSpnHunter when /run is disabled * changed to use direct imported class * fixed multiple bugs in azure spn hunting, and improved efficency * fixed bug in cloud identification. TODO: remove the outsourcing for cloud provider * removed unused config variable * fixed tests to use already parsed pods as the given previous event has changed	2021-01-07 19:46:00 +02:00
Carol Valencia	d208b43532	feat: github actions to publish ecr and docker (#429 ) * feat: github actions to publish ecr and docker * test: github actions to publish ecr and docker * chore: yaml lint github actions * chore: yaml lint github actions * fix: secrets envs for github action * chore: build and push action for ecr/docker Co-authored-by: Carol Valencia <krol3@users.noreply.github.com>	2020-12-26 21:31:53 +02:00
Itay Shakury	42250d9f62	move from master branch to main (#427 )	2020-12-17 16:16:16 +02:00
danielsagi	d94d86a4c1	Created a Vulnerability Disclosure README (#423 ) * Created a vulnerability disclosure readme * Update SECURITY.md Co-authored-by: Liz Rice <liz@lizrice.com> * Update SECURITY.md Co-authored-by: Liz Rice <liz@lizrice.com> * Update SECURITY.md Co-authored-by: Liz Rice <liz@lizrice.com> Co-authored-by: Liz Rice <liz@lizrice.com>	2020-12-17 15:16:28 +02:00
danielsagi	a1c2c3ee3e	Updated kramdown (#424 ) Updated kramdown to a newer patched version, the old version was not patched to CVE-2020-14001	2020-12-17 11:50:02 +00:00
danielsagi	6aeee7f49d	Improvements and bug fixed in Release workflow (#425 ) * changed ubuntu to an older version, for compatibility reasons with glibc on pyinstaller steps and added a step to parse the release tag * removed parsing of release tag * changed flow name * removed 'release' from the release name	2020-12-08 21:46:24 +02:00
danielsagi	f95df8172b	added a release workflow for a linux binary (#421 )	2020-12-04 13:45:03 +02:00
danielsagi	a3ad928f29	Bug Fix: Pyinstaller prettytable error (#419 ) * added specific problematic hooks folder for when compiling with pyinstaller. added a fix for prettytable import * fixed typo * lint fix	2020-12-04 13:43:37 +02:00
danielsagi	22d6676e08	Removed Travis and Greetings workflows (#415 ) * removed greetings workflow, and travis * Update the build status badge to point to Github Actions	2020-12-04 13:42:38 +02:00
danielsagi	b9e0ef30e8	Removed Old Dependency For CAP_NET_RAW (#416 ) * removed old dependency for cap_net_raw, by stop usage of tracerouting when running as a pod * removed unused imports	2020-12-03 17:11:18 +02:00
RDxR10	693d668d0a	Update apiserver.py (#397 ) * Update apiserver.py Added description of KHV007 * fixed linting issues Co-authored-by: danielsagi <danielsagi2009@gmail.com>	2020-11-28 19:41:06 +02:00
RDxR10	2e4684658f	Update certificates.py (#398 ) * Update certificates.py Regex expression update for email * fixed linting issues Co-authored-by: danielsagi <danielsagi2009@gmail.com>	2020-11-28 18:55:14 +02:00
Hugo van Kemenade	f5e8b14818	Migrate tests to GitHub Actions (#395 ) (#399 ) Co-authored-by: danielsagi <danielsagi2009@gmail.com>	2020-11-28 17:34:30 +02:00
danielsagi	05094a9415	Fix lint comments (#414 ) * removed unused get query to port forward * moved existing code to comments Co-authored-by: Liz Rice <liz@lizrice.com>	2020-11-28 17:16:57 +02:00
danielsagi	8acedf2e7d	updated screenshot of aqua's site (#412 )	2020-11-27 16:04:38 +02:00
danielsagi	14ca1b8bce	Fixed false positive on test_run_handler (#411 ) * fixed wrong check on test run handler * changed method of testing to be using 404 with real post method	2020-11-19 17:41:33 +02:00
danielsagi	5a578fd8ab	More intuitive message when ProveSystemLogs fails (#409 ) * fixed wrong message for when proving audit logs * fixed linting	2020-11-18 11:35:13 +02:00
danielsagi	bf7023d01c	Added docs for exposed pods (#407 ) * added doc _kb for exposed pods * correlated the new khv to the Exposed pods vulnerability * fixed linting	2020-11-17 15:22:06 +02:00
danielsagi	d7168af7d5	Change KB links to avd (#406 ) * changed link to point to avd * changed kb_links to be on base report module. and updated to point to avd. now json output returns the full avd url to the vulnerability * switched to adding a new avd_reference instead of changed the VID * added newline to fix linting	2020-11-17 14:03:18 +02:00
Hugo van Kemenade	35873baa12	Upgrade syntax for supported Python versions (#394 ) (#401 ) Co-authored-by: danielsagi <danielsagi2009@gmail.com>	2020-11-16 20:40:28 +02:00