search

aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters
Apache License 2.0
4.71k stars 581 forks source link

Two new kubelet active hunters. #344

Closed abdullahgarcia closed 4 years ago

abdullahgarcia commented 4 years ago

Description

I'm introducing two new active hunters:

Both active hunters enable a deeper analysis on how malicious actors could benefit of a mis-configured secure kubelet port.

Contribution Guidelines

Please Read through the Contribution Guidelines.

Fixed Issues

Please mention any issues fixed in the PR by referencing it properly in the commit message. As per the convention, use appropriate keywords such as fixes, closes, resolves to automatically refer the issue. Please consult official github documentation for details.

Fixes #(issue)

"BEFORE" and "AFTER" output

To verify that the change works as desired, please include an output of terminal before and after the changes under headings "BEFORE" and "AFTER".

BEFORE

Any Terminal Output Before Changes.

AFTER

Any Terminal Output Before Changes.

Contribution checklist

Notes

This piece of work is unrelated to any active issue in the repository. It brings additional functionality.

abdullahgarcia commented 4 years ago

Hi,

Please, review accordingly.

Abdullah

iyehuda commented 4 years ago

Hi @abdullahgarcia, thanks for your contribution! It might take us some time to review since it's not a little PR.

abdullahgarcia commented 4 years ago

Hi @iYehuda,

No worries.

Please, let me know if you need any assistance or you have further doubts.

Thanks!

Abdullah

abdullahgarcia commented 4 years ago

Hi @iYehuda,

Just following up.

Thanks!

Abdullah

lizrice commented 4 years ago

Hi @abdullahgarcia! I started looking at this but got waylaid by some other issues in active hunters. Thanks for the reminder :-)

codecov-io commented 4 years ago

Codecov Report

Merging #344 into master will increase coverage by 3.54%. The diff coverage is 95.45%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #344      +/-   ##
==========================================
+ Coverage   59.19%   62.73%   +3.54%     
==========================================
  Files          42       42              
  Lines        2061     2281     +220     
==========================================
+ Hits         1220     1431     +211     
- Misses        841      850       +9
Impacted Files Coverage Δ
kube_hunter/modules/hunting/kubelet.py 59.79% <95.45%> (+28.88%) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update d6ca666...6adf6fa. Read the comment docs.

abdullahgarcia commented 4 years ago

Hi @lizrice,

Just following up.

Thanks!

Abdullah

abdullahgarcia commented 4 years ago

Hi @lizrice,

Just following up.

Thanks!

Abdullah

abdullahgarcia commented 4 years ago

Hi @lizrice,

Just checking if it would be easier to go together over the changes.

Thanks!

Abdullah

lizrice commented 4 years ago

So many apologies @abdullahgarcia. I started testing this out, got distracted by finding #350 and then other things got in the way! We are looking at it now, thank you for highlighting this in yesterday's call.

abdullahgarcia commented 4 years ago

Hi @danielsagi,

Just following up after the changes.

Thanks!

Abdullah

danielsagi commented 4 years ago

Hi @abdullahgarcia , Thanks for the ping. We're just doing some tests on our side to make sure everythings as expected, I believe that in the next few days this will be done. I will update you.

abdullahgarcia commented 4 years ago

Hi @danielsagi,

I've addressed your comments.

Please, let me know if anything else is required.

Thanks again!

Abdullah

lizrice commented 4 years ago

Thanks again for this @abdullahgarcia, and for your patience!

abdullahgarcia commented 4 years ago

Thanks again for this @abdullahgarcia, and for your patience!

Thanks to you and the team! Expect more contributions! =)