修复k8s扫描端口bug，新增K8S大类探测

config/config.go

@@ -11,6 +11,8 @@ const (
 
 var CrackX = []string{"elastic", "ftp", "mongo", "mssql", "mysql", "postgres", "smb", "ssh", "redis", "oracle"}
 
-var ProbeX = []string{"docker", "rmi", "oxid", "ms17010", "smb", "zookeeper", "dubbo", "etcd", "k8s", "smbghost", "jboss", "prometheus"}
+var ProbeX = []string{"docker", "rmi", "oxid", "ms17010", "smb", "zookeeper", "dubbo", "etcd", "smbghost", "jboss", "prometheus"}
+
+var K8S = []string{"k8s10250", "k8s6443", "etcd"}
 
 var PASSWORDS = []string{" ", "123456", "admin", "admin123", "root", "5201314", "pass123", "pass@123", "password", "123123", "654321", "111111", "123", "1", "admin@123", "Admin@123", "admin123!@#", "1234qwer!@#$", "1qaz@WSX1qaz", "QAZwsxEDC", "{user}", "{user}1", "{user}12", "{user}111", "{user}123", "{user}1234", "{user}12345", "{user}123456", "{user}@123", "{user}_123", "{user}#123", "{user}@111", "{user}@2019", "P@ssw0rd!", "P@ssw0rd", "Passw0rd", "qwe123", "12345678", "test", "test123", "123qwe!@#", "123456789", "123321", "666666", "a123456.", "123456~a", "000000", "1234567890", "8888888", "!QAZ2wsx", "1qaz2wsx", "1QAZ2wsx", "1q2w3e4r", "abc123", "abc123456", "1qaz@WSX", "a11111", "a12345", "Aa1234", "Aa1234.", "Aa12345", "123456a", "123456aa", "a123456", "a123123", "Aa123123", "Aa123456", "Aa12345.", "sysadmin", "system"}

core/probemodule/k8s10250.go

@@ -0,0 +1,60 @@
+package probemodule
+
+import (
+	"bufio"
+	"crypto/tls"
+	"cube/config"
+	"fmt"
+	"net/http"
+	"strings"
+)
+
+type K8s10250 struct {
+	*Probe
+}
+
+func (k K8s10250) ProbeName() string {
+	return "k8s10250"
+}
+
+func (k K8s10250) ProbePort() string {
+	return "10250"
+}
+
+func (k K8s10250) PortCheck() bool {
+	return true
+}
+
+func (k K8s10250) ProbeExec() ProbeResult {
+	result := ProbeResult{Probe: *k.Probe, Result: "", Err: nil}
+
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+	clt := http.Client{Timeout: config.TcpConnTimeout, Transport: tr}
+	host := fmt.Sprintf("https://%s:%s/pods", k.Ip, k.Port)
+	req, _ := http.NewRequest("GET", host, nil)
+	req.Header.Add("User-Agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
+	req.Header.Add("Connection", "close")
+	req.Header.Add("Accept-Language", "zh-CN,zh;q=0.9")
+	req.Header.Add("Accept-Charset", "utf-8")
+	resp, err := clt.Do(req)
+	if err != nil {
+		panic(err)
+	}
+	data := make([]byte, 1024)
+	c := bufio.NewReader(resp.Body)
+	c.Read(data)
+	resp.Body.Close()
+	if strings.Contains(string(data), "PodList") {
+		result.Result = fmt.Sprintf("K8S Vuln Found: K8S Unauthorized Node")
+	}
+	if resp.StatusCode == 401 && strings.Contains(string(data), "Unauthorized") {
+		result.Result = fmt.Sprintf("K8S Node Found, But Need Authorized :(")
+	}
+	return result
+}
+
+func init() {
+	AddProbeKeys("k8s10250")
+}

core/probemodule/k8s6443.go

@@ -0,0 +1,60 @@
+package probemodule
+
+import (
+	"bufio"
+	"crypto/tls"
+	"cube/config"
+	"fmt"
+	"net/http"
+	"strings"
+)
+
+type K8s6443 struct {
+	*Probe
+}
+
+func (k K8s6443) ProbeName() string {
+	return "k8s6443"
+}
+
+func (k K8s6443) ProbePort() string {
+	return "6443"
+}
+
+func (k K8s6443) PortCheck() bool {
+	return true
+}
+
+func (k K8s6443) ProbeExec() ProbeResult {
+	result := ProbeResult{Probe: *k.Probe, Result: "", Err: nil}
+
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+	clt := http.Client{Timeout: config.TcpConnTimeout, Transport: tr}
+	host := fmt.Sprintf("https://%s:%s/api/v1/namespaces/default/pods", k.Ip, k.Port)
+	req, _ := http.NewRequest("GET", host, nil)
+	req.Header.Add("User-Agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
+	req.Header.Add("Connection", "close")
+	req.Header.Add("Accept-Language", "zh-CN,zh;q=0.9")
+	req.Header.Add("Accept-Charset", "utf-8")
+	resp, err := clt.Do(req)
+	if err != nil {
+		panic(err)
+	}
+	data := make([]byte, 1024)
+	c := bufio.NewReader(resp.Body)
+	c.Read(data)
+	resp.Body.Close()
+	if strings.Contains(string(data), "PodList") {
+		result.Result = fmt.Sprintf("K8S Vuln Found: K8S master API Unauthorized!!")
+	}
+	if resp.StatusCode == 403 && strings.Contains(string(data), "forbidden") {
+		result.Result = fmt.Sprintf("K8S master API Found, But Need Authorized :(")
+	}
+	return result
+}
+
+func init() {
+	AddProbeKeys("k8s6443")
+}

core/probemodule/etcd.go → core/probemodule/k8setcd.go

@@ -36,7 +36,7 @@ func (e Etcd) ProbeExec() ProbeResult {
 	req.Header.Add("Accept-Charset", "utf-8")
 	resp, err := clt.Do(req)
 	if err != nil {
-		panic(err)
+		return result
 	}
 	data := make([]byte, 50)
 	c := bufio.NewReader(resp.Body)

core/probemodule/probe_interface.go

@@ -55,8 +55,10 @@ func (p *Probe) NewIProbe() IProbe {
 		return &Zookeeper{p}
 	case "etcd":
 		return &Etcd{p}
-	case "k8s":
-		return &K8s{p}
+	case "k8s10250":
+		return &K8s10250{p}
+	case "k8s6443":
+		return &K8s6443{p}
 	case "jboss":
 		return &JBoss{p}
 	case "prometheus":

core/probemodule/probe_option.go

@@ -31,6 +31,9 @@ func (po *ProbeOption) ParsePluginName() []string {
 	if len(pns) > 2 && pkg.Contains("Y", pns) {
 		pluginNameList = nil
 	}
+	if len(pns) > 2 && pkg.Contains("K8S", pns) {
+		pluginNameList = nil
+	}
 	switch {
 	case len(pns) == 1:
 		if pns[0] == "X" {
@@ -39,6 +42,9 @@ func (po *ProbeOption) ParsePluginName() []string {
 		if pns[0] == "Y" {
 			pluginNameList = ProbeKeys
 		}
+		if pns[0] == "K8S" {
+			pluginNameList = config.K8S
+		}
 		if pkg.Contains(pns[0], ProbeKeys) {
 			pluginNameList = pns
 		}