예제 #1
0
 def __init__(self, pods):
     Vulnerability.__init__(self,
                            Kubelet,
                            "Exposed Pods",
                            category=InformationDisclosure)
     self.pods = pods
     self.evidence = f"count: {len(self.pods)}"
예제 #2
0
 def __init__(self):
     Vulnerability.__init__(
         self,
         KubernetesCluster,
         name="CAP_NET_RAW Enabled",
         category=AccessRisk,
     )
예제 #3
0
 def __init__(self, evidence):
     Vulnerability.__init__(self,
                            KubernetesCluster,
                            name="Critical Privilege Escalation CVE",
                            category=PrivilegeEscalation,
                            vid="KHV022")
     self.evidence = evidence
예제 #4
0
 def __init__(self, keys):
     Vulnerability.__init__(self,
                            KubernetesCluster,
                            name="Etcd Remote Read Access Event",
                            category=AccessRisk,
                            vid="KHV032")
     self.evidence = keys
예제 #5
0
 def __init__(self, write_res):
     Vulnerability.__init__(
         self,
         KubernetesCluster,
         name="Etcd Remote Write Access Event",
         category=RemoteCodeExec, vid="KHV031")
     self.evidence = write_res
예제 #6
0
 def __init__(self, container):
     Vulnerability.__init__(self,
                            Azure,
                            "Azure SPN Exposure",
                            category=IdentityTheft,
                            vid="KHV004")
     self.container = container
예제 #7
0
    def __init__(self, version):

        Vulnerability.__init__(self, KubernetesCluster,
                               name="Etcd Remote version disclosure",
                               category=InformationDisclosure,
                               vid="KHV033")
        self.evidence = version
예제 #8
0
 def __init__(self, output):
     Vulnerability.__init__(self,
                            KubernetesCluster,
                            "Root Traversal Read On The Kubelet",
                            category=PrivilegeEscalation)
     self.output = output
     self.evidence = "output: {}".format(self.output)
예제 #9
0
 def __init__(self):
     Vulnerability.__init__(
         self,
         KubernetesCluster,
         name="CAP_NET_RAW Enabled",
         category=ARPPoisoningTechnique,
     )
예제 #10
0
 def __init__(self, nodes):
     Vulnerability.__init__(self,
                            KubernetesCluster,
                            "Dashboard Exposed",
                            category=RemoteCodeExec,
                            vid="KHV029")
     self.evidence = "nodes: {}".format(' '.join(nodes)) if nodes else None
예제 #11
0
 def __init__(self, evidence):
     Vulnerability.__init__(self,
                            KubernetesCluster,
                            name="Possible Reset Flood Attack",
                            category=DenialOfService,
                            vid="KHV025")
     self.evidence = evidence
예제 #12
0
 def __init__(self, email):
     Vulnerability.__init__(self, KubernetesCluster,
                            "Certificate Includes Email Address",
                            category=InformationDisclosure,
                            khv="KHV021")
     self.email = email
     self.evidence = "email: {}".format(self.email)
예제 #13
0
 def __init__(self):
     Vulnerability.__init__(
         self,
         component=Kubelet,
         name="Anonymous Authentication",
         category=RemoteCodeExec,
         vid="KHV036",
     )
예제 #14
0
 def __init__(self):
     Vulnerability.__init__(
         self,
         component=Kubelet,
         name="Exposed Attaching To Container",
         category=RemoteCodeExec,
         vid="KHV042",
     )
예제 #15
0
 def __init__(self):
     Vulnerability.__init__(
         self,
         component=Kubelet,
         name="Exposed Port Forward",
         category=RemoteCodeExec,
         vid="KHV041",
     )
예제 #16
0
 def __init__(self, evidence):
     Vulnerability.__init__(
         self,
         KubernetesCluster,
         name="Read access to pod's service account token",
         category=AccessRisk,
         vid="KHV050")
     self.evidence = evidence
예제 #17
0
 def __init__(self, binary_version):
     Vulnerability.__init__(self,
                            KubectlClient,
                            "Kubectl Vulnerable To CVE-2019-1002101",
                            category=RemoteCodeExec,
                            vid="KHV028")
     self.binary_version = binary_version
     self.evidence = "kubectl version: {}".format(self.binary_version)
예제 #18
0
 def __init__(self, kubedns_pod_ip):
     Vulnerability.__init__(self,
                            KubernetesCluster,
                            "Possible DNS Spoof",
                            category=IdentityTheft,
                            vid="KHV030")
     self.kubedns_pod_ip = kubedns_pod_ip
     self.evidence = "kube-dns at: {}".format(self.kubedns_pod_ip)
예제 #19
0
 def __init__(self):
     Vulnerability.__init__(
         self,
         KubernetesCluster,
         "Proxy Exposed",
         category=ConnectFromProxyServerTechnique,
         vid="KHV049",
     )
예제 #20
0
 def __init__(self, evidence):
     Vulnerability.__init__(
         self,
         KubernetesCluster,
         name="Deleted A Pod",
         category=AccessRisk,
     )
     self.evidence = evidence
예제 #21
0
 def __init__(self, evidence):
     Vulnerability.__init__(
         self,
         KubernetesCluster,
         name="Patched a cluster role",
         category=AccessRisk,
     )
     self.evidence = evidence
예제 #22
0
 def __init__(self, evidence):
     Vulnerability.__init__(
         self,
         KubernetesCluster,
         name="Created a namespace",
         category=AccessRisk,
     )
     self.evidence = evidence
예제 #23
0
 def __init__(self):
     Vulnerability.__init__(
         self,
         component=Kubelet,
         name="Exposed Container Logs",
         category=InformationDisclosure,
         vid="KHV037",
     )
예제 #24
0
파일: hosts.py 프로젝트: virajs/kube-hunter
 def __init__(self, cidr):
     Vulnerability.__init__(self,
                            Azure,
                            "Azure Metadata Exposure",
                            category=InformationDisclosure,
                            vid="KHV003")
     self.cidr = cidr
     self.evidence = "cidr: {}".format(cidr)
예제 #25
0
 def __init__(self):
     Vulnerability.__init__(
         self,
         component=Kubelet,
         name="Exposed Run Inside Container",
         category=RemoteCodeExec,
         vid="KHV040",
     )
예제 #26
0
 def __init__(self, evidence):
     Vulnerability.__init__(
         self,
         KubernetesCluster,
         name="Arbitrary Access To Cluster Scoped Resources",
         category=PrivilegeEscalation,
         vid="KHV026")
     self.evidence = evidence
예제 #27
0
파일: arp.py 프로젝트: xmonader/kube-hunter
 def __init__(self):
     Vulnerability.__init__(
         self,
         KubernetesCluster,
         "Possible Arp Spoof",
         category=IdentityTheft,
         vid="KHV020",
     )
예제 #28
0
 def __init__(self, pods):
     Vulnerability.__init__(self,
                            component=Kubelet,
                            name="Exposed Pods",
                            category=InformationDisclosure,
                            vid="KHV052")
     self.pods = pods
     self.evidence = f"count: {len(self.pods)}"
예제 #29
0
 def __init__(self, evidence):
     Vulnerability.__init__(
         self,
         component=KubernetesCluster,
         name="Access to pod's secrets",
         category=AccessRisk,
     )
     self.evidence = evidence
예제 #30
0
 def __init__(self, evidence):
     Vulnerability.__init__(
         self,
         KubernetesCluster,
         name="Denial of Service to Kubernetes API Server",
         category=DenialOfService,
         vid="KHV023")
     self.evidence = evidence