Instance Metadata Hunter(s)

What would you like to be added

New (set of) Instance Metadata Hunter(s) Intuitively. Will only run on a --pod scan We already have a small implementation of using azure metadata api to discover more subnets. this hunters should replace this implementation as well Add a Passive + Active Hunter that will scan Instance Metadata Services for each cloud provider.

Research on:

AWS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
Azure: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=windows
GKE: https://cloud.google.com/compute/docs/metadata
DigiOcean: https://developers.digitalocean.com/documentation/metadata/

Other clouds:

Cool cheat sheet by @jhaddix: https://gist.github.com/jhaddix/78cece26c91c6263653f31ba453e273b

Mission:

Find cool ways to do most damage with minimum permissions

aquasecurity / kube-hunter

Instance Metadata Hunter(s) #445

What would you like to be added

Other clouds:

Mission: