From c098530a52f5fc2d6b28f989ac47afe9558b0430 Mon Sep 17 00:00:00 2001 From: Rohit Salecha Date: Tue, 5 Nov 2019 17:02:40 -0500 Subject: [PATCH] Added Kubernetes Checks Added a function k8s_checks to check if the linux server is running a kubernetes cluster. --- LinEnum.sh | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/LinEnum.sh b/LinEnum.sh index a5aea9d..c4b5b32 100755 --- a/LinEnum.sh +++ b/LinEnum.sh @@ -1302,6 +1302,53 @@ if [ "$lxdgroup" ]; then fi } +k8s_checks() +{ + +k8sconfig=`kubectl config view 2>/dev/null` + +if [ "$k8sconfig" ]; then + echo -e "\e[00;33m[+] Looks like there is a Kubernetes Cluster running \e[00m\n$k8sconfig" + echo -e "\n" + + +k8sservices=`kubectl get services 2>/dev/null` +if [ "$k8sservices" ]; then + echo -e "\e[00;33m[+] Services Running on Kubernetes cluster. \e[00m\n$k8sservices" + echo -e "\n" +fi + +k8spodswithlabels=`kubectl get pods --all-namespaces 2>/dev/null` +if [ "$k8spodswithlabels" ]; then + echo -e "\e[00;33m[+] Kubernetes Pods with Labels \e[00m\n$k8spodswithlabels" + echo -e "\e[00;33m[+] Run 'kubectl logs ' to search for interesting information in logs\e[00m\n" + echo -e "\e[00;33m[+] Run 'kubectl exec -it -- sh' to gain shell access into pods and extract information like 'printenv' etc \e[00m\n" + echo -e "\n" +fi + +k8snodes=`kubectl get nodes 2>/dev/null` +if [ "$k8snodes" ]; then + echo -e "\e[00;33m[+] Kubernetes Nodes \e[00m\n$k8snodes" + echo -e "\n" +fi + +k8sevents=`kubectl get events 2>/dev/null` +if [ "$k8sevents" ]; then + echo -e "\e[00;33m[+] Kubernetes Events. Check here for interesting \e[00m\n$k8sevents" + echo -e "\n" +fi + +k8ssecrets=`kubectl get secret -o json 2>/dev/null` +if [ "$k8ssecrets" ]; then + echo -e "\e[00;33m[+] Fetch all Secrets stored in Kubernetes Cluster \e[00m\n$k8ssecrets" + echo -e "\n" +fi + +fi + +} + + footer() { echo -e "\e[00;33m### SCAN COMPLETE ####################################\e[00m" @@ -1321,6 +1368,7 @@ call_each() interesting_files docker_checks lxc_container_checks + k8s_checks footer }