feat: wildcard coredns dump comamnd

Esonhugh · Mar 21, 2024 · 7b2cb33 · 7b2cb33
1 parent 1101e39
commit 7b2cb33
Show file tree

Hide file tree

Showing 7 changed files with 105 additions and 30 deletions.
diff --git a/cmd/service/service.go b/cmd/service/service.go
@@ -17,7 +17,7 @@ func init() {
 
 var ServiceCmd = &cobra.Command{
 	Use:   "service",
-	Short: "service is a tool to discover k8s services",
+	Short: "service is a tool to discover k8s services ports",
 	Run: func(cmd *cobra.Command, args []string) {
 		if command.Opts.Zone == "" || command.Opts.SvcDomains == nil || len(command.Opts.SvcDomains) == 0 {
 			log.Warn("zone can't empty and svc-domains can't empty")

diff --git a/cmd/subnet/subnet.go b/cmd/subnet/subnet.go
@@ -19,7 +19,7 @@ func init() {
 
 var SubNetCmd = &cobra.Command{
 	Use:   "subnet",
-	Short: "subnet is a tool to discover k8s available ip in subnet",
+	Short: "subnet is a tool to discover k8s available service ip in subnet",
 	Run: func(cmd *cobra.Command, args []string) {
 		if command.Opts.Cidr == "" {
 			log.Warn("cidr is required")

diff --git a/cmd/wildcard/wildcard.go b/cmd/wildcard/wildcard.go
@@ -0,0 +1,40 @@
+package wildcard
+
+import (
+	"os"
+
+	command "github.com/esonhugh/k8spider/cmd"
+	"github.com/esonhugh/k8spider/define"
+	"github.com/esonhugh/k8spider/pkg/scanner"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	command.RootCmd.AddCommand(WildCardCmd)
+}
+
+var WildCardCmd = &cobra.Command{
+	Use:   "wild",
+	Short: "wild is a tool to abuse wildcard feature in kubernetes service discovery",
+	Run: func(cmd *cobra.Command, args []string) {
+		if command.Opts.Zone == "" {
+			log.Warn("zone can't empty")
+			return
+		}
+		printResult(scanner.DumpWildCard(command.Opts.Zone))
+	},
+}
+
+func printResult(records define.Records) {
+	if command.Opts.OutputFile != "" {
+		f, err := os.OpenFile(command.Opts.OutputFile, os.O_CREATE|os.O_WRONLY, 0644)
+		if err != nil {
+			log.Warnf("OpenFile failed: %v", err)
+		}
+		defer f.Close()
+		records.Print(log.StandardLogger().Writer(), f)
+	} else {
+		records.Print(log.StandardLogger().Writer())
+	}
+}
diff --git a/main.go b/main.go
@@ -6,6 +6,7 @@ import (
 	_ "github.com/esonhugh/k8spider/cmd/axfr"
 	_ "github.com/esonhugh/k8spider/cmd/service"
 	_ "github.com/esonhugh/k8spider/cmd/subnet"
+	_ "github.com/esonhugh/k8spider/cmd/wildcard"
 )
 
 func main() {

diff --git a/pkg/scanner/axfr.go b/pkg/scanner/axfr.go
@@ -0,0 +1,35 @@
+package scanner
+
+import (
+	"strings"
+
+	"github.com/esonhugh/k8spider/define"
+	"github.com/miekg/dns"
+	log "github.com/sirupsen/logrus"
+)
+
+// default target should be zone
+func DumpAXFR(target string, dnsServer string) ([]define.Record, error) {
+	t := new(dns.Transfer)
+	m := new(dns.Msg)
+	m.SetAxfr(target)
+	ch, err := t.In(m, dnsServer)
+	if err != nil {
+		return nil, err
+	}
+	var records []define.Record
+	for rr := range ch {
+		if rr.Error != nil {
+			log.Debugf("Error: %v", rr.Error)
+			continue
+		}
+		for _, r := range rr.RR {
+			records = append(records, define.Record{
+				SvcDomain: r.Header().Name,
+				Extra:     strings.Join(strings.Split(r.String(), "\t"), " "),
+			})
+		}
+		log.Debugf("Record: %v", rr.RR)
+	}
+	return records, nil
+}
diff --git a/pkg/scanner/scanner.go b/pkg/scanner/scanner.go
@@ -2,11 +2,9 @@ package scanner
 
 import (
 	"net"
-	"strings"
 
 	"github.com/esonhugh/k8spider/define"
 	"github.com/esonhugh/k8spider/pkg"
-	"github.com/miekg/dns"
 	log "github.com/sirupsen/logrus"
 )
 
@@ -65,29 +63,3 @@ func ScanSvcForPorts(records []define.Record) []define.Record {
 	}
 	return records
 }
-
-// default target should be zone
-func DumpAXFR(target string, dnsServer string) ([]define.Record, error) {
-	t := new(dns.Transfer)
-	m := new(dns.Msg)
-	m.SetAxfr(target)
-	ch, err := t.In(m, dnsServer)
-	if err != nil {
-		return nil, err
-	}
-	var records []define.Record
-	for rr := range ch {
-		if rr.Error != nil {
-			log.Debugf("Error: %v", rr.Error)
-			continue
-		}
-		for _, r := range rr.RR {
-			records = append(records, define.Record{
-				SvcDomain: r.Header().Name,
-				Extra:     strings.Join(strings.Split(r.String(), "\t"), " "),
-			})
-		}
-		log.Debugf("Record: %v", rr.RR)
-	}
-	return records, nil
-}
diff --git a/pkg/scanner/wildcard.go b/pkg/scanner/wildcard.go
@@ -0,0 +1,27 @@
+package scanner
+
+import (
+	"github.com/esonhugh/k8spider/define"
+	"github.com/esonhugh/k8spider/pkg"
+	"github.com/miekg/dns"
+	log "github.com/sirupsen/logrus"
+)
+
+func DumpWildCard(zone string) []define.Record {
+	searchDNS := []string{
+		dns.Fqdn("any.any.svc." + zone),
+		dns.Fqdn("any.any.any.svc." + zone),
+	}
+	var records []define.Record
+	for _, dns := range searchDNS {
+		_, srv, err := pkg.SRVRecord(dns)
+		if err != nil {
+			log.Warnf("wildcard dns query to %v failed: %v", dns, err)
+			continue
+		}
+		r := define.Record{}
+		r.SetSrvRecord(dns, srv)
+		records = append(records, r)
+	}
+	return records
+}