diff --git a/config/config.go b/config/config.go index faa8a7c..852153c 100644 --- a/config/config.go +++ b/config/config.go @@ -11,6 +11,8 @@ const ( var CrackX = []string{"elastic", "ftp", "mongo", "mssql", "mysql", "postgres", "smb", "ssh", "redis", "oracle"} -var ProbeX = []string{"docker", "rmi", "oxid", "ms17010", "smb", "zookeeper", "dubbo", "etcd", "k8s", "smbghost", "jboss", "prometheus"} +var ProbeX = []string{"docker", "rmi", "oxid", "ms17010", "smb", "zookeeper", "dubbo", "etcd", "smbghost", "jboss", "prometheus"} + +var K8S = []string{"k8s10250", "k8s6443", "etcd"} var PASSWORDS = []string{" ", "123456", "admin", "admin123", "root", "5201314", "pass123", "pass@123", "password", "123123", "654321", "111111", "123", "1", "admin@123", "Admin@123", "admin123!@#", "1234qwer!@#$", "1qaz@WSX1qaz", "QAZwsxEDC", "{user}", "{user}1", "{user}12", "{user}111", "{user}123", "{user}1234", "{user}12345", "{user}123456", "{user}@123", "{user}_123", "{user}#123", "{user}@111", "{user}@2019", "P@ssw0rd!", "P@ssw0rd", "Passw0rd", "qwe123", "12345678", "test", "test123", "123qwe!@#", "123456789", "123321", "666666", "a123456.", "123456~a", "000000", "1234567890", "8888888", "!QAZ2wsx", "1qaz2wsx", "1QAZ2wsx", "1q2w3e4r", "abc123", "abc123456", "1qaz@WSX", "a11111", "a12345", "Aa1234", "Aa1234.", "Aa12345", "123456a", "123456aa", "a123456", "a123123", "Aa123123", "Aa123456", "Aa12345.", "sysadmin", "system"} diff --git a/core/probemodule/k8s.go b/core/probemodule/k8s.go deleted file mode 100644 index 011876c..0000000 --- a/core/probemodule/k8s.go +++ /dev/null @@ -1,53 +0,0 @@ -package probemodule - -import ( - "bufio" - "cube/config" - "fmt" - "net/http" - "strings" -) - -type K8s struct { - *Probe -} - -func (k K8s) ProbeName() string { - return "k8s" -} - -func (k K8s) ProbePort() string { - return "10255" -} - -func (k K8s) PortCheck() bool { - return true -} - -func (k K8s) ProbeExec() ProbeResult { - result := ProbeResult{Probe: *k.Probe, Result: "", Err: nil} - - clt := http.Client{Timeout: config.TcpConnTimeout} - host := fmt.Sprintf("http://%s:%s/pods", k.Ip, k.Port) - req, _ := http.NewRequest("GET", host, nil) - req.Header.Add("User-Agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36") - req.Header.Add("Connection", "close") - req.Header.Add("Accept-Language", "zh-CN,zh;q=0.9") - req.Header.Add("Accept-Charset", "utf-8") - resp, err := clt.Do(req) - if err != nil { - panic(err) - } - data := make([]byte, 50) - c := bufio.NewReader(resp.Body) - c.Read(data) - resp.Body.Close() - if strings.Contains(string(data), "PodList") { - result.Result = fmt.Sprintf("Kubelet Found: %s", string(data)) - } - return result -} - -func init() { - AddProbeKeys("k8s") -} diff --git a/core/probemodule/k8s10250.go b/core/probemodule/k8s10250.go new file mode 100644 index 0000000..69f57cd --- /dev/null +++ b/core/probemodule/k8s10250.go @@ -0,0 +1,60 @@ +package probemodule + +import ( + "bufio" + "crypto/tls" + "cube/config" + "fmt" + "net/http" + "strings" +) + +type K8s10250 struct { + *Probe +} + +func (k K8s10250) ProbeName() string { + return "k8s10250" +} + +func (k K8s10250) ProbePort() string { + return "10250" +} + +func (k K8s10250) PortCheck() bool { + return true +} + +func (k K8s10250) ProbeExec() ProbeResult { + result := ProbeResult{Probe: *k.Probe, Result: "", Err: nil} + + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + clt := http.Client{Timeout: config.TcpConnTimeout, Transport: tr} + host := fmt.Sprintf("https://%s:%s/pods", k.Ip, k.Port) + req, _ := http.NewRequest("GET", host, nil) + req.Header.Add("User-Agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36") + req.Header.Add("Connection", "close") + req.Header.Add("Accept-Language", "zh-CN,zh;q=0.9") + req.Header.Add("Accept-Charset", "utf-8") + resp, err := clt.Do(req) + if err != nil { + panic(err) + } + data := make([]byte, 1024) + c := bufio.NewReader(resp.Body) + c.Read(data) + resp.Body.Close() + if strings.Contains(string(data), "PodList") { + result.Result = fmt.Sprintf("K8S Vuln Found: K8S Unauthorized Node") + } + if resp.StatusCode == 401 && strings.Contains(string(data), "Unauthorized") { + result.Result = fmt.Sprintf("K8S Node Found, But Need Authorized :(") + } + return result +} + +func init() { + AddProbeKeys("k8s10250") +} diff --git a/core/probemodule/k8s6443.go b/core/probemodule/k8s6443.go new file mode 100644 index 0000000..beff54e --- /dev/null +++ b/core/probemodule/k8s6443.go @@ -0,0 +1,60 @@ +package probemodule + +import ( + "bufio" + "crypto/tls" + "cube/config" + "fmt" + "net/http" + "strings" +) + +type K8s6443 struct { + *Probe +} + +func (k K8s6443) ProbeName() string { + return "k8s6443" +} + +func (k K8s6443) ProbePort() string { + return "6443" +} + +func (k K8s6443) PortCheck() bool { + return true +} + +func (k K8s6443) ProbeExec() ProbeResult { + result := ProbeResult{Probe: *k.Probe, Result: "", Err: nil} + + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + clt := http.Client{Timeout: config.TcpConnTimeout, Transport: tr} + host := fmt.Sprintf("https://%s:%s/api/v1/namespaces/default/pods", k.Ip, k.Port) + req, _ := http.NewRequest("GET", host, nil) + req.Header.Add("User-Agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36") + req.Header.Add("Connection", "close") + req.Header.Add("Accept-Language", "zh-CN,zh;q=0.9") + req.Header.Add("Accept-Charset", "utf-8") + resp, err := clt.Do(req) + if err != nil { + panic(err) + } + data := make([]byte, 1024) + c := bufio.NewReader(resp.Body) + c.Read(data) + resp.Body.Close() + if strings.Contains(string(data), "PodList") { + result.Result = fmt.Sprintf("K8S Vuln Found: K8S master API Unauthorized!!") + } + if resp.StatusCode == 403 && strings.Contains(string(data), "forbidden") { + result.Result = fmt.Sprintf("K8S master API Found, But Need Authorized :(") + } + return result +} + +func init() { + AddProbeKeys("k8s6443") +} diff --git a/core/probemodule/etcd.go b/core/probemodule/k8setcd.go similarity index 98% rename from core/probemodule/etcd.go rename to core/probemodule/k8setcd.go index f239d94..7c43906 100644 --- a/core/probemodule/etcd.go +++ b/core/probemodule/k8setcd.go @@ -36,7 +36,7 @@ func (e Etcd) ProbeExec() ProbeResult { req.Header.Add("Accept-Charset", "utf-8") resp, err := clt.Do(req) if err != nil { - panic(err) + return result } data := make([]byte, 50) c := bufio.NewReader(resp.Body) diff --git a/core/probemodule/probe_interface.go b/core/probemodule/probe_interface.go index 16f4895..4fc53be 100644 --- a/core/probemodule/probe_interface.go +++ b/core/probemodule/probe_interface.go @@ -55,8 +55,10 @@ func (p *Probe) NewIProbe() IProbe { return &Zookeeper{p} case "etcd": return &Etcd{p} - case "k8s": - return &K8s{p} + case "k8s10250": + return &K8s10250{p} + case "k8s6443": + return &K8s6443{p} case "jboss": return &JBoss{p} case "prometheus": diff --git a/core/probemodule/probe_option.go b/core/probemodule/probe_option.go index 884b58d..44edfa5 100644 --- a/core/probemodule/probe_option.go +++ b/core/probemodule/probe_option.go @@ -31,6 +31,9 @@ func (po *ProbeOption) ParsePluginName() []string { if len(pns) > 2 && pkg.Contains("Y", pns) { pluginNameList = nil } + if len(pns) > 2 && pkg.Contains("K8S", pns) { + pluginNameList = nil + } switch { case len(pns) == 1: if pns[0] == "X" { @@ -39,6 +42,9 @@ func (po *ProbeOption) ParsePluginName() []string { if pns[0] == "Y" { pluginNameList = ProbeKeys } + if pns[0] == "K8S" { + pluginNameList = config.K8S + } if pkg.Contains(pns[0], ProbeKeys) { pluginNameList = pns }