Merge pull request #48 from wywwzjj/main

add DNS-Based Service Discovery
cdk-team · May 25, 2022 · f8d186d · f8d186d
2 parents 032d08c + e7d820c
commit f8d186d
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -98,6 +98,7 @@ This command will run the scripts below without local file scanning, using `--fu
 |Information Gathering|Sensitive Process|✔|[link](https://github.com/cdk-team/CDK/wiki/Evaluate:-Services)|
 |Information Gathering|Sensitive Local Files|✔|[link](https://github.com/cdk-team/CDK/wiki/Evaluate:-Sensitive-Files)|
 |Information Gathering|Kube-proxy Route Localnet(CVE-2020-8558)|✔|[link](https://github.com/cdk-team/CDK/wiki/Evaluate:-check-net.ipv4.conf.all.route_localnet)|
+|Information Gathering|DNS-Based Service Discovery|✔|[link](https://github.com/kubernetes/dns/blob/master/docs/specification.md)|
 |Discovery|K8s Api-server Info|✔|[link](https://github.com/cdk-team/CDK/wiki/Evaluate:-K8s-API-Server)|
 |Discovery|K8s Service-account Info|✔|[link](https://github.com/cdk-team/CDK/wiki/Evaluate:-K8s-Service-Account)|
 |Discovery|Cloud Provider Metadata API|✔|[link](https://github.com/cdk-team/CDK/wiki/Evaluate:-Cloud-Provider-Metadata-API)|

diff --git a/pkg/cli/parse.go b/pkg/cli/parse.go
@@ -1,4 +1,3 @@
-
 /*
 Copyright 2022 The Authors of https://github.com/CDK-TEAM/CDK .
 
@@ -101,6 +100,9 @@ func ParseCDKMain() {
 		fmt.Printf("\n[Discovery - Cloud Provider Metadata API]\n")
 		evaluate.CheckCloudMetadataAPI()
 
+		fmt.Printf("\n[Information Gathering - DNS-Based Service Discovery]\n")
+		evaluate.DNSBasedServiceDiscovery()
+
 		if Args["--full"].(bool) {
 
 			fmt.Printf("\n[Information Gathering - Sensitive Files]\n")

diff --git a/pkg/evaluate/service_discorvery_dns.go b/pkg/evaluate/service_discorvery_dns.go
@@ -0,0 +1,40 @@
+package evaluate
+
+import (
+	"fmt"
+	"net"
+	"sort"
+	"strings"
+)
+
+// https://github.com/kubernetes/dns/blob/master/docs/specification.md
+func DNSBasedServiceDiscovery() {
+	dnsNames := []string{"any.any.svc.cluster.local.", "any.any.any.svc.cluster.local."}
+
+	var results []*net.SRV
+	for _, name := range dnsNames {
+		_, srvs, err := net.LookupSRV("", "", name)
+		if err != nil {
+			fmt.Printf("error when requesting coreDNS: %s\n", err.Error())
+			continue
+		}
+
+		results = append(results, srvs...)
+	}
+
+	sort.Slice(results, func(i, j int) bool {
+		switch strings.Compare(results[i].Target, results[j].Target) {
+		case -1:
+			return true
+		case 0:
+			return results[i].Port < results[j].Port
+		case 1:
+			return false
+		}
+		return false
+	})
+
+	for _, srv := range results {
+		fmt.Println(srv.Target, srv.Port)
+	}
+}
diff --git a/thanks.md b/thanks.md
@@ -6,4 +6,5 @@ Avatar | ID | Link
 ---- | ---- | ----
 [![lazydog](https://github.com/yeahx.png?size=40)](https://github.com/yeahx) | [lazydog](https://github.com/yeahx) | https://github.com/yeahx
 [![kingkaki](https://github.com/kingkaki.png?size=40)](https://github.com/kingkaki) | [kingkaki](https://github.com/kingkaki) | https://github.com/kingkaki
+[![wywwzjj](https://github.com/wywwzjj.png?size=40)](https://github.com/wywwzjj) | [wywwzjj](https://github.com/wywwzjj) | https://github.com/wywwzjj