def execute(self):
config = get_config()
if self.event.auth_token:
logger.debug(
"Trying to access the API server version endpoint using pod's"
f" service account token on {self.event.host}:{self.event.port} \t"
)
else:
logger.debug("Trying to access the API server version endpoint anonymously")
version = self.session.get(f"{self.path}/version", timeout=config.network_timeout).json()["gitVersion"]
logger.debug(f"Discovered version of api server {version}")
self.publish_event(K8sVersionDisclosure(version=version, from_endpoint="/version"))
def execute(self):
version_metadata = json.loads(
requests.get("http://{host}:{port}/version".format(
host=self.event.host,
port=self.event.port,
),
verify=False).text)
if "gitVersion" in version_metadata:
self.publish_event(
K8sVersionDisclosure(version=version_metadata["gitVersion"],
from_endpoint="/version",
extra_info="on the kube-proxy"))
def test_K8sCveHunter():
global cve_counter
# because the hunter unregisters itself, we manually remove this option, so we can test it
K8sClusterCveHunter.__new__ = lambda self, cls: object.__new__(self)
e = K8sVersionDisclosure(version="1.10.1", from_endpoint="/version")
h = K8sClusterCveHunter(e)
h.execute()
time.sleep(0.01)
assert cve_counter == 2
cve_counter = 0
# test patched version
e = K8sVersionDisclosure(version="v1.13.6-gke.13",
from_endpoint="/version")
h = K8sClusterCveHunter(e)
h.execute()
time.sleep(0.01)
assert cve_counter == 0
cve_counter = 0
def execute(self):
if self.event.auth_token:
logging.debug(
'Passive Hunter is attempting to access the API server version end point using the pod\'s service account token on {}:{} \t'
.format(self.event.host, self.event.port))
else:
logging.debug(
'Passive Hunter is attempting to access the API server version end point anonymously'
)
version = json.loads(self.session.get(self.path +
"/version").text)["gitVersion"]
logging.debug("Discovered version of api server {}".format(version))
self.publish_event(
K8sVersionDisclosure(version=version, from_endpoint="/version"))
def execute(self):
config = get_config()
version_metadata = requests.get(
f"http://{self.event.host}:{self.event.port}/version",
verify=False,
timeout=config.network_timeout,
).json()
if "gitVersion" in version_metadata:
self.publish_event(
K8sVersionDisclosure(
version=version_metadata["gitVersion"],
from_endpoint="/version",
extra_info="on kube-proxy",
))
def execute(self):
self.pods_endpoint_data = self.get_pods_endpoint()
k8s_version = self.get_k8s_version()
privileged_containers = self.find_privileged_containers()
healthz = self.check_healthz_endpoint()
if k8s_version:
self.publish_event(
K8sVersionDisclosure(version=k8s_version, from_endpoint="/metrics", extra_info="on Kubelet")
)
if privileged_containers:
self.publish_event(PrivilegedContainers(containers=privileged_containers))
if healthz:
self.publish_event(ExposedHealthzHandler(status=healthz))
if self.pods_endpoint_data:
self.publish_event(ExposedPodsHandler(pods=self.pods_endpoint_data["items"]))
