diff --git a/cmd/service/service.go b/cmd/service/service.go index b5b6196..953af2b 100644 --- a/cmd/service/service.go +++ b/cmd/service/service.go @@ -17,7 +17,7 @@ func init() { var ServiceCmd = &cobra.Command{ Use: "service", - Short: "service is a tool to discover k8s services", + Short: "service is a tool to discover k8s services ports", Run: func(cmd *cobra.Command, args []string) { if command.Opts.Zone == "" || command.Opts.SvcDomains == nil || len(command.Opts.SvcDomains) == 0 { log.Warn("zone can't empty and svc-domains can't empty") diff --git a/cmd/subnet/subnet.go b/cmd/subnet/subnet.go index 4e9064d..cf0a5ea 100644 --- a/cmd/subnet/subnet.go +++ b/cmd/subnet/subnet.go @@ -19,7 +19,7 @@ func init() { var SubNetCmd = &cobra.Command{ Use: "subnet", - Short: "subnet is a tool to discover k8s available ip in subnet", + Short: "subnet is a tool to discover k8s available service ip in subnet", Run: func(cmd *cobra.Command, args []string) { if command.Opts.Cidr == "" { log.Warn("cidr is required") diff --git a/cmd/wildcard/wildcard.go b/cmd/wildcard/wildcard.go new file mode 100644 index 0000000..97f243c --- /dev/null +++ b/cmd/wildcard/wildcard.go @@ -0,0 +1,40 @@ +package wildcard + +import ( + "os" + + command "github.com/esonhugh/k8spider/cmd" + "github.com/esonhugh/k8spider/define" + "github.com/esonhugh/k8spider/pkg/scanner" + log "github.com/sirupsen/logrus" + "github.com/spf13/cobra" +) + +func init() { + command.RootCmd.AddCommand(WildCardCmd) +} + +var WildCardCmd = &cobra.Command{ + Use: "wild", + Short: "wild is a tool to abuse wildcard feature in kubernetes service discovery", + Run: func(cmd *cobra.Command, args []string) { + if command.Opts.Zone == "" { + log.Warn("zone can't empty") + return + } + printResult(scanner.DumpWildCard(command.Opts.Zone)) + }, +} + +func printResult(records define.Records) { + if command.Opts.OutputFile != "" { + f, err := os.OpenFile(command.Opts.OutputFile, os.O_CREATE|os.O_WRONLY, 0644) + if err != nil { + log.Warnf("OpenFile failed: %v", err) + } + defer f.Close() + records.Print(log.StandardLogger().Writer(), f) + } else { + records.Print(log.StandardLogger().Writer()) + } +} diff --git a/main.go b/main.go index df03ad2..c05d09d 100644 --- a/main.go +++ b/main.go @@ -6,6 +6,7 @@ import ( _ "github.com/esonhugh/k8spider/cmd/axfr" _ "github.com/esonhugh/k8spider/cmd/service" _ "github.com/esonhugh/k8spider/cmd/subnet" + _ "github.com/esonhugh/k8spider/cmd/wildcard" ) func main() { diff --git a/pkg/scanner/axfr.go b/pkg/scanner/axfr.go new file mode 100644 index 0000000..5175478 --- /dev/null +++ b/pkg/scanner/axfr.go @@ -0,0 +1,35 @@ +package scanner + +import ( + "strings" + + "github.com/esonhugh/k8spider/define" + "github.com/miekg/dns" + log "github.com/sirupsen/logrus" +) + +// default target should be zone +func DumpAXFR(target string, dnsServer string) ([]define.Record, error) { + t := new(dns.Transfer) + m := new(dns.Msg) + m.SetAxfr(target) + ch, err := t.In(m, dnsServer) + if err != nil { + return nil, err + } + var records []define.Record + for rr := range ch { + if rr.Error != nil { + log.Debugf("Error: %v", rr.Error) + continue + } + for _, r := range rr.RR { + records = append(records, define.Record{ + SvcDomain: r.Header().Name, + Extra: strings.Join(strings.Split(r.String(), "\t"), " "), + }) + } + log.Debugf("Record: %v", rr.RR) + } + return records, nil +} diff --git a/pkg/scanner/scanner.go b/pkg/scanner/scanner.go index 79ab82b..dc4d85f 100644 --- a/pkg/scanner/scanner.go +++ b/pkg/scanner/scanner.go @@ -2,11 +2,9 @@ package scanner import ( "net" - "strings" "github.com/esonhugh/k8spider/define" "github.com/esonhugh/k8spider/pkg" - "github.com/miekg/dns" log "github.com/sirupsen/logrus" ) @@ -65,29 +63,3 @@ func ScanSvcForPorts(records []define.Record) []define.Record { } return records } - -// default target should be zone -func DumpAXFR(target string, dnsServer string) ([]define.Record, error) { - t := new(dns.Transfer) - m := new(dns.Msg) - m.SetAxfr(target) - ch, err := t.In(m, dnsServer) - if err != nil { - return nil, err - } - var records []define.Record - for rr := range ch { - if rr.Error != nil { - log.Debugf("Error: %v", rr.Error) - continue - } - for _, r := range rr.RR { - records = append(records, define.Record{ - SvcDomain: r.Header().Name, - Extra: strings.Join(strings.Split(r.String(), "\t"), " "), - }) - } - log.Debugf("Record: %v", rr.RR) - } - return records, nil -} diff --git a/pkg/scanner/wildcard.go b/pkg/scanner/wildcard.go new file mode 100644 index 0000000..f6159e5 --- /dev/null +++ b/pkg/scanner/wildcard.go @@ -0,0 +1,27 @@ +package scanner + +import ( + "github.com/esonhugh/k8spider/define" + "github.com/esonhugh/k8spider/pkg" + "github.com/miekg/dns" + log "github.com/sirupsen/logrus" +) + +func DumpWildCard(zone string) []define.Record { + searchDNS := []string{ + dns.Fqdn("any.any.svc." + zone), + dns.Fqdn("any.any.any.svc." + zone), + } + var records []define.Record + for _, dns := range searchDNS { + _, srv, err := pkg.SRVRecord(dns) + if err != nil { + log.Warnf("wildcard dns query to %v failed: %v", dns, err) + continue + } + r := define.Record{} + r.SetSrvRecord(dns, srv) + records = append(records, r) + } + return records +}