Open raesene opened 3 years ago
Looks really cool. are there another publicly accessible resources from there we could scan? do you want to take the development of this on you?
It'll depend on the exact Kubernetes distribution in use. for a modern version of kubeadm, these paths are likely to be visible
- /healthz
- /livez
- /readyz
- /version
- /version/
As to development, python is not a language I'm super familiar with, so if someone else has time to take it on, that'll be cool. I can have a look but it's unlikely to be soon :)
What would you like to be added
In default kubeadm clusters (and probably others) there is a default namespace created called
kube-public
which is intended for public information. There is aconfigmap
in that namespace calledcluster-info
which contains the TLS certificate of the API server.Sample curl request to retrieve it
A handy fingerprinting hunter (e.g. when scanning a network) would be to get this URL and extract the CN and Issuer fields
Why is this needed
Could make a useful addition for fingerprinting clusters.