Feature: Custom Hunting

[danielsagi]

Description

This feature enables advanced users to explicitly specify which hunters they want kube-hunter to register. Now

Added:

• New flag --custom flag that receives a list of hunter class names to whitelist the registration process
• New flag --raw-hunter-names to use in conjunction with --list in order to view Hunter class names, to use with the custom feature
• Documentaion regarding the new "Custom Hunting" feature

Internal changes:

• new config field specifying core_hunters which will always register.
• the logic is in handles.py and is now running at the start of every register operation, to check whether custom hunt is enabled, and if so checks the whitelisted hunters. this is done by the new method: allowed_for_custom_registration(target_hunter) in the event queue object

The future

Due to the complexity of kube-hunter's event handling. it is hard to create a custom hunt by a given wanted end result (Some vulnerability to check)

I want us to add a mapping for every hunter of what vulnerabilities it might produce, by that we can then generate a decision tree by which we can automatically register all of the hunters responsible to output such end vulnerability. This will result in an easy advanced custom hunting, which would allow users to only use partial logic in kube-hunter, without having to know class names.

BEFORE

$ kube-hunter --log debug
2022-01-28 18:02:18,049 DEBUG root <class 'kube_hunter.modules.report.collector.Collector'> subscribed to <class 'kube_hunter.core.events.types.Vulnerability'>
2022-01-28 18:02:18,049 DEBUG root <class 'kube_hunter.modules.report.collector.Collector'> subscribed to <class 'kube_hunter.core.events.types.Service'>
2022-01-28 18:02:18,049 DEBUG root <class 'kube_hunter.modules.report.collector.SendFullReport'> subscribed to <class 'kube_hunter.core.events.types.HuntFinished'>
2022-01-28 18:02:18,050 DEBUG root <class 'kube_hunter.modules.report.collector.StartedInfo'> subscribed to <class 'kube_hunter.core.events.types.HuntStarted'>
2022-01-28 18:02:18,129 DEBUG root <class 'kube_hunter.modules.discovery.apiserver.ApiServiceDiscovery'> subscribed to <class 'kube_hunter.core.events.types.OpenPortEvent'>
2022-01-28 18:02:18,129 DEBUG root <class 'kube_hunter.modules.discovery.apiserver.ApiServiceClassify'> filter subscribed to <class 'kube_hunter.modules.discovery.apiserver.K8sApiService'>
2022-01-28 18:02:18,131 DEBUG root <class 'kube_hunter.modules.discovery.dashboard.KubeDashboard'> subscribed to <class 'kube_hunter.core.events.types.OpenPortEvent'>
2022-01-28 18:02:18,133 DEBUG root <class 'kube_hunter.modules.discovery.etcd.EtcdRemoteAccess'> subscribed to <class 'kube_hunter.core.events.types.OpenPortEvent'>
2022-01-28 18:02:20,266 DEBUG root <class 'kube_hunter.modules.discovery.hosts.FromPodHostDiscovery'> subscribed to <class 'kube_hunter.modules.discovery.hosts.RunningAsPodEvent'>
2022-01-28 18:02:20,267 DEBUG root <class 'kube_hunter.modules.discovery.hosts.HostDiscovery'> subscribed to <class 'kube_hunter.modules.discovery.hosts.HostScanEvent'>
2022-01-28 18:02:20,270 DEBUG root <class 'kube_hunter.modules.discovery.kubectl.KubectlClientDiscovery'> subscribed to <class 'kube_hunter.core.events.types.HuntStarted'>
2022-01-28 18:02:20,272 DEBUG root <class 'kube_hunter.modules.discovery.kubelet.KubeletDiscovery'> subscribed to <class 'kube_hunter.core.events.types.OpenPortEvent'>
2022-01-28 18:02:20,275 DEBUG root <class 'kube_hunter.modules.discovery.ports.PortDiscovery'> subscribed to <class 'kube_hunter.core.events.types.NewHostEvent'>
2022-01-28 18:02:20,280 DEBUG root <class 'kube_hunter.modules.discovery.proxy.KubeProxy'> subscribed to <class 'kube_hunter.core.events.types.OpenPortEvent'>

AFTER

$ kube-hunter --log debug --custom ""
2022-01-28 18:11:28,106 DEBUG root <class 'kube_hunter.modules.report.collector.Collector'> subscribed to <class 'kube_hunter.core.events.types.Vulnerability'>
2022-01-28 18:11:28,106 DEBUG root <class 'kube_hunter.modules.report.collector.Collector'> subscribed to <class 'kube_hunter.core.events.types.Service'>
2022-01-28 18:11:28,106 DEBUG root <class 'kube_hunter.modules.report.collector.SendFullReport'> subscribed to <class 'kube_hunter.core.events.types.HuntFinished'>
2022-01-28 18:11:28,107 DEBUG root <class 'kube_hunter.modules.report.collector.StartedInfo'> subscribed to <class 'kube_hunter.core.events.types.HuntStarted'>
2022-01-28 18:11:29,268 DEBUG root <class 'kube_hunter.modules.discovery.hosts.FromPodHostDiscovery'> subscribed to <class 'kube_hunter.modules.discovery.hosts.RunningAsPodEvent'>
2022-01-28 18:11:29,268 DEBUG root <class 'kube_hunter.modules.discovery.hosts.HostDiscovery'> subscribed to <class 'kube_hunter.modules.discovery.hosts.HostScanEvent'>
2022-01-28 18:11:29,272 DEBUG root <class 'kube_hunter.modules.discovery.ports.PortDiscovery'> subscribed to <class 'kube_hunter.core.events.types.NewHostEvent'>

Contribution checklist

• [ ] I have read the Contributing Guidelines.
• [ ] The commits refer to an active issue in the repository.
• [ ] I have added automated testing to cover this case.

Notes

Please mention if you have not checked any of the above boxes.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[codecov[bot]]

Codecov Report

Merging #489 (947e710) into main (c17aa17) will increase coverage by 0.02%. The diff coverage is 63.63%.

@@            Coverage Diff             @@
##             main     #489      +/-   ##
==========================================
+ Coverage   64.49%   64.51%   +0.02%     
==========================================
  Files          46       46              
  Lines        2512     2531      +19     
==========================================
+ Hits         1620     1633      +13     
- Misses        892      898       +6     

Impacted Files	Coverage Δ
kube_hunter/modules/report/dispatchers.py	46.66% <ø> (ø)
kube_hunter/core/events/handler.py	86.58% <42.85%> (-2.89%)	:arrow_down:
kube_hunter/conf/__init__.py	96.96% <100.00%> (+0.54%)	:arrow_up:
kube_hunter/conf/parser.py	81.25% <100.00%> (+1.25%)	:arrow_up:

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update c17aa17...947e710. Read the comment docs.