-
Notifications
You must be signed in to change notification settings - Fork 544
Exploit: service probe
cdxy edited this page Nov 27, 2020
·
2 revisions
扫描指定网段的端口识别敏感服务如kubelet, K8s dashboard, docker API以及其他服务,便于发现后续攻击点。
如果想要自定义扫描参数,请参考 https://github.com/Xyntax/CDK/wiki/Tool:-probe
Scan targeted subnet IP/Port in order to find service like kubelet, K8s dashboard, docker and other APIs for further exploiting.
If you want to customize scan task, see https://github.com/Xyntax/CDK/wiki/Tool:-probe
cdk run service-probe <ip-range>
Valid input is an IP range like 1.1.1.1-255
or just a single IP like 1.1.1.1
.
// find K8s api-server addr
env | grep KUBE
// scan its open service
./cdk run service-probe 172.21.0.1-255
edit this pre-defined sensitive PORTs in https://github.com/Xyntax/CDK/blob/main/conf/scanner_conf.go then rebuild CDK.
var TCPScannerConf = TCPScannerConfS{
Timeout: 500 * time.Millisecond,
MaxParallel: 50,
PortList: map[string]string{
//"test": "1-3",
"http": "80",
"https": "443",
"ssh": "22",
"docker-api": "2375",
"http-1": "8080",
"https-1": "8443",
"k8s-api-server": "6443",
"kubelet-auth": "10250",
"kubelet-read": "10255",
"nodeport-service": "30000-32767", //default NodePort service port range:30000-32767。
},
}