Sunday, January 6, 2019
Kubernetes: kube-hunter.py etcd
I mentioned in the master post one a few auditing tools that exist. Kube-Hunter is one that is pretty ok. You can use this to quickly scan for multiple kubernetes issues.
Example run:
$ ./kube-hunter.py
Choose one of the options below:
1. Remote scanning (scans one or more specific IPs or DNS names)
2. Subnet scanning (scans subnets on all local network interfaces)
3. IP range scanning (scans a given IP range)
Your choice: 1
Remotes (separated by a ','): 1.2.3.4
~ Started
~ Discovering Open Kubernetes Services...
|
| Etcd:
| type: open service
| service: Etcd
|_ host: 1.2.3.4:2379
|
| Etcd Remote version disclosure:
| type: vulnerability
| host: 1.2.3.4:2379
| description:
| Remote version disclosure might give an
|_ attacker a valuable data to attack a cluster
|
| Etcd is accessible using insecure connection (HTTP):
| type: vulnerability
| host: 1.2.3.4:2379
| description:
| Etcd is accessible using HTTP (without
| authorization and authentication), it would allow a
| potential attacker to
| gain access to
|_ the etcd
|
| Etcd Remote Read Access Event:
| type: vulnerability
| host: 1.2.3.4:2379
| description:
| Remote read access might expose to an
|_ attacker cluster's possible exploits, secrets and more.
----------
Nodes
+-------------+----------------+
| TYPE | LOCATION |
+-------------+----------------+
| Node/Master | 1.2.3.4 |
+-------------+----------------+
Detected Services
+---------+---------------------+----------------------+
| SERVICE | LOCATION | DESCRIPTION |
+---------+---------------------+----------------------+
| Etcd | 1.2.3.4:2379 | Etcd is a DB that |
| | | stores cluster's |
| | | data, it contains |
| | | configuration and |
| | | current state |
| | | information, and |
| | | might contain |
| | | secrets |
+---------+---------------------+----------------------+
Vulnerabilities
+--------------+------------------+----------------------+---------------------+--------------------------+
| LOCATION | CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE |
+--------------+------------------+----------------------+---------------------+--------------------------+
| 1.2.3.4:2379 | Unauthenticated | Etcd is accessible | Etcd is accessible | {"etcdserver":"3.3.9 |
| | Access | using insecure | using HTTP (without | ","etcdcluster":"3.3 |
| | | connection (HTTP) | authorization and | ... |
| | | | authentication), it | |
| | | | would allow a | |
| | | | potential attacker | |
| | | | to | |
| | | | gain access to | |
| | | | the etcd | |
+---------------------+----------------------+----------------------+----------------------+--------------+
| 1.2.3.4:2379 | Information | Etcd Remote version | Remote version | {"etcdserver":"3.3.9 |
| | Disclosure | disclosure | disclosure might | ","etcdcluster":"3.3 |
| | | | give an attacker a | ... |
| | | | valuable data to | |
| | | | attack a cluster | |
+---------------------+----------------------+----------------------+----------------------+--------------+
| 1.2.3.4:2379 | Access Risk | Etcd Remote Read | Remote read access | {"action":"get","nod |
| | | Access Event | might expose to an | e":{"dir":true,"node |
| | | | attacker cluster's | ... |
| | | | possible exploits, | |
| | | | secrets and more. | |
+--------------+------------------+----------------------+---------------------+--------------------------+
No comments:
Post a Comment