diff --git a/enumerate_dns.go b/enumerate_dns.go index e2995eb..4119fb2 100644 --- a/enumerate_dns.go +++ b/enumerate_dns.go @@ -1,16 +1,20 @@ package peirates import ( + "fmt" "net" + "strconv" ) +// This is a workalike for @raesene's Ruby code: https://github.com/raesene/alpine-containertools/blob/master/scripts/k8s-dns-enum.rb + type serviceHostIPPort struct { hostName string IP string port uint16 } -// This routine pulls a list of all services via Core DNS -- +// This routine pulls a list of all services via Core DNS func getAllServicesViaDNS() (*[]serviceHostIPPort, error) { wildcardRecord := "any.any.svc.cluster.local" @@ -39,3 +43,40 @@ func getAllServicesViaDNS() (*[]serviceHostIPPort, error) { return &serviceHostIPPorts, nil } + +func enumerateDNS() { + + println("\nRequesting SRV record any.any.svc.cluster.local - thank @raesene:\n") + servicesSlicePointer, err := getAllServicesViaDNS() + + if err != nil { + println("no services returned or some kind of error") + } + // Print the services' DNS names, IP addresses and ports, but also create a unique set of IPs and ports to portscan: + names := make(map[string]bool) + nameList := "" + ports := make(map[uint16]bool) + portList := "" + + for _, svc := range *servicesSlicePointer { + fmt.Printf("Service: %s(%s):%d\n", svc.hostName, svc.IP, svc.port) + if _, present := names[svc.hostName]; !present { + names[svc.hostName] = true + nameList = nameList + " " + svc.hostName + } + if _, present := ports[svc.port]; !present { + ports[svc.port] = true + // Append the port to the portList, prepending with a , unless this is the first port. + if portList != "" { + portList = portList + "," + } + portList = portList + strconv.Itoa(int(svc.port)) + // portList = portList + strconv.FormatUint(uint16(svc.port), 10) + + } + } + + // Now print a list of names and ports + println("\nPortscan these services via:") + println("nmap -sTVC -v -n -p " + portList + nameList) +} diff --git a/peirates.go b/peirates.go index 013ce3b..1824288 100644 --- a/peirates.go +++ b/peirates.go @@ -2,8 +2,6 @@ package peirates // Peirates - an Attack tool for Kubernetes clusters // -// You need to use "package main" for executables -// // BTW always run `go fmt` before you check in code. go fmt is law. // @@ -17,7 +15,6 @@ import ( "os" "os/exec" "regexp" - "strconv" "strings" ) @@ -501,6 +498,15 @@ func Main() { continue } + // Handle enumerate-dns before the interactive menu + // const enumerateDNS = "enumerate-dns" + // if strings.HasPrefix(input, enumerateDNS) { + // // Run the DNS enumeration + // enumerateDNS() + // pauseToHitEnter(interactive) + // continue + // } + // Peirates MAIN MENU switch input { @@ -1186,39 +1192,7 @@ func Main() { case "94", "enumerate-dns": - println("Requesting SRV record any.any.svc.cluster.local - thank @raesene:") - servicesSlicePointer, err := getAllServicesViaDNS() - - if err != nil { - println("no services returned or some kind of error") - } - // Print the services' DNS names, IP addresses and ports, but also create a unique set of IPs and ports to portscan: - names := make(map[string]bool) - nameList := "" - ports := make(map[uint16]bool) - portList := "" - - for _, svc := range *servicesSlicePointer { - fmt.Printf("Service: %s(%s):%d\n", svc.hostName, svc.IP, svc.port) - if _, present := names[svc.hostName]; !present { - names[svc.hostName] = true - nameList = nameList + " " + svc.hostName - } - if _, present := ports[svc.port]; !present { - ports[svc.port] = true - // Append the port to the portList, prepending with a , unless this is the first port. - if portList != "" { - portList = portList + "," - } - portList = portList + strconv.Itoa(int(svc.port)) - // portList = portList + strconv.FormatUint(uint16(svc.port), 10) - - } - } - - // Now print a list of names and ports - println("\nPortscan these services via:") - println("nmap -sTVC -v -n -p " + portList + nameList) + enumerateDNS() default: fmt.Println("Command unrecognized.") @@ -1266,7 +1240,7 @@ func printBanner(interactive bool) { ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,`) } println(`________________________________________ - Peirates v1.1.6alpha by InGuardians + Peirates v1.1.7-alpha by InGuardians https://www.inguardians.com/peirates ----------------------------------------------------------------`) } @@ -1318,7 +1292,7 @@ Off-Menu + [91] Make an HTTP request (GET or POST) to a user-specified URL [curl] [92] Deactivate "auth can-i" checking before attempting actions [set-auth-can-i] [93] Run a simple all-ports TCP port scan against an IP address [tcpscan] -[94] Enumerate services via DNS [enumerate-dns] +[94] Enumerate services via DNS [enumerate-dns] * [] Run a shell command [shell ] [exit] Exit Peirates