aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters

Apache License 2.0

4.71k stars 581 forks source link

Support ignoring IPs #332

Closed mormamn closed 4 years ago

mormamn commented 4 years ago

Description

Ignore list of IP's given in the cidr, the following way: !{cidr} = ignore this cidr (!192.168.0.0/16) {cidr} = scan this cidr (192.168.0.0/16)

Contribution Guidelines

Please Read through the Contribution Guidelines.

Fixed Issues

Closes #296

"BEFORE" and "AFTER" output

with the command kube-hunter --log debug --cidr '192.168.0.0/24,!192.168.0.8/32'

BEFORE

DEBUG kube_hunter.modules.discovery.hosts HostDiscoveryHelpers.generate_subnet yielding 192.168.0.7 DEBUG kube_hunter.modules.discovery.hosts HostDiscoveryHelpers.generate_subnet yielding 192.168.0.8 DEBUG kube_hunter.modules.discovery.hosts HostDiscoveryHelpers.generate_subnet yielding 192.168.0.9

AFTER

DEBUG kube_hunter.modules.discovery.hosts HostDiscoveryHelpers.generate_subnet yielding 192.168.0.7 DEBUG kube_hunter.modules.discovery.hosts HostDiscoveryHelpers.generate_subnet DENIED 192.168.0.8 DEBUG kube_hunter.modules.discovery.hosts HostDiscoveryHelpers.generate_subnet yielding 192.168.0.9

Contribution checklist

[x] I have read the Contributing Guidelines.
[X] The commits refer to an active issue in the repository.
[X] I have added automated testing to cover this case.

Notes

Please notice that you must set --cidr value in between single quotes when using !, otherwise it will be interpreted by bash as job command.
Originally raised in #297

codecov-io commented 4 years ago

Codecov Report

Merging #332 into master will increase coverage by 0.39%. The diff coverage is 92.30%.

@@            Coverage Diff             @@
##           master     #332      +/-   ##
==========================================
+ Coverage   60.16%   60.55%   +0.39%     
==========================================
  Files          41       41              
  Lines        1968     1980      +12     
==========================================
+ Hits         1184     1199      +15     
+ Misses        784      781       -3

Impacted Files	Coverage Δ
kube_hunter/conf/parser.py	`95.23% <80.00%> (-4.77%)`	:arrow_down:
kube_hunter/modules/discovery/hosts.py	`79.83% <95.23%> (+2.44%)`	:arrow_up:
kube_hunter/modules/discovery/ports.py	`88.88% <0.00%> (+11.11%)`	:arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 0f17392...f39204b. Read the comment docs.

iyehuda commented 4 years ago

@mormamn Please resolve merge conflicts