Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2

3
##
4
# This module requires Metasploit: https://metasploit.com/download
5
# Current source: https://github.com/rapid7/metasploit-framework
6
##
7

8
class MetasploitModule < Msf::Auxiliary
9
  include Msf::Exploit::Remote::HttpClient
10
  include Msf::Auxiliary::Report
11
  include Msf::Exploit::Remote::HTTP::Kubernetes
12
  include Msf::Exploit::Remote::HTTP::Kubernetes::Enumeration
13

14
  def initialize(info = {})
15
    super(
16
      update_info(
17
        info,
18
        'Name' => 'Kubernetes Enumeration',
19
        'Description' => %q{
20
          Enumerate a Kubernetes API to report useful resources such as available namespaces,
21
          pods, secrets, etc.
22

23
          Useful resources will be highlighted using the HIGHLIGHT_NAME_PATTERN option.
24
        },
25
        'License' => MSF_LICENSE,
26
        'Author' => [
27
          'alanfoster',
28
          'Spencer McIntyre'
29
        ],
30
        'Notes' => {
31
          'SideEffects' => [IOC_IN_LOGS],
32
          'Reliability' => [],
33
          'Stability' => [CRASH_SAFE]
34
        },
35
        'DefaultOptions' => {
36
          'SSL' => true
37
        },
38
        'Actions' => [
39
          ['all', { 'Description' => 'enumerate all resources' }],
40
          ['version', { 'Description' => 'enumerate version' }],
41
          ['auth', { 'Description' => 'enumerate auth' }],
42
          ['namespace', { 'Description' => 'enumerate namespace' }],
43
          ['namespaces', { 'Description' => 'enumerate namespaces' }],
44
          ['pod', { 'Description' => 'enumerate pod' }],
45
          ['pods', { 'Description' => 'enumerate pods' }],
46
          ['secret', { 'Description' => 'enumerate secret' }],
47
          ['secrets', { 'Description' => 'enumerate secrets' }],
48
        ],
49
        'DefaultAction' => 'all',
50
        'Platform' => ['linux', 'unix'],
51
        'SessionTypes' => ['meterpreter']
52
      )
53
    )
54

55
    register_options(
56
      [
57
        Opt::RHOSTS(nil, false),
58
        Opt::RPORT(nil, false),
59
        Msf::OptInt.new('SESSION', [false, 'An optional session to use for configuration']),
60
        OptRegexp.new('HIGHLIGHT_NAME_PATTERN', [true, 'PCRE regex of resource names to highlight', 'username|password|user|pass']),
61
        OptString.new('NAME', [false, 'The name of the resource to enumerate', nil]),
62
        OptEnum.new('OUTPUT', [true, 'output format to use', 'table', ['table', 'json']])
63
      ]
64
    )
65
  end
66

67
  def output_for(type)
68
    case type
69
    when 'table'
70
      Msf::Exploit::Remote::HTTP::Kubernetes::Output::Table.new(self, highlight_name_pattern: datastore['HIGHLIGHT_NAME_PATTERN'])
71
    when 'json'
72
      Msf::Exploit::Remote::HTTP::Kubernetes::Output::JSON.new(self)
73
    end
74
  end
75

76
  def run
77
    if session
78
      print_status("Routing traffic through session: #{session.sid}")
79
      configure_via_session
80
    end
81
    validate_configuration!
82

83
    @kubernetes_client = Msf::Exploit::Remote::HTTP::Kubernetes::Client.new({ http_client: self, token: api_token })
84
    @output = output_for(datastore['output'])
85

86
    case action.name
87
    when 'all'
88
      enum_all
89
    when 'version'
90
      enum_version
91
    when 'auth'
92
      enum_auth(datastore['NAMESPACE'])
93
    when 'namespaces', 'namespace'
94
      enum_namespaces(name: datastore['NAME'])
95
    when 'pods', 'pod'
96
      enum_pods(datastore['NAMESPACE'], name: datastore['NAME'])
97
    when 'secret', 'secrets'
98
      enum_secrets(datastore['NAMESPACE'], name: datastore['NAME'])
99
    end
100
  rescue Msf::Exploit::Remote::HTTP::Kubernetes::Error::ApiError => e
101
    print_error(e.message)
102
  end
103
end
104

105