2018-07-05 22:39:14 +02:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"encoding/json"
|
|
|
|
"errors"
|
2018-07-09 17:40:45 +02:00
|
|
|
"flag"
|
2018-07-05 22:39:14 +02:00
|
|
|
"fmt"
|
|
|
|
"io/ioutil"
|
2018-07-05 22:58:35 +02:00
|
|
|
"log"
|
2018-07-05 22:39:14 +02:00
|
|
|
"net"
|
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
"os/signal"
|
2018-07-13 23:56:53 +02:00
|
|
|
"strconv"
|
2018-07-05 22:39:14 +02:00
|
|
|
"strings"
|
|
|
|
"sync"
|
|
|
|
"syscall"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/Sirupsen/logrus"
|
2018-07-09 17:40:45 +02:00
|
|
|
mailgun "github.com/mailgun/mailgun-go"
|
2018-07-05 22:39:14 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2018-07-09 17:40:45 +02:00
|
|
|
defaultCIDR = "0.0.0.0/0"
|
2018-07-05 22:39:14 +02:00
|
|
|
|
|
|
|
arinAPIEndpoint = "http://whois.arin.net/rest/ip/%s"
|
2018-07-09 17:40:45 +02:00
|
|
|
|
|
|
|
emailSender = "k8scan@jessfraz.com"
|
2018-07-05 22:39:14 +02:00
|
|
|
)
|
|
|
|
|
2018-07-08 14:16:11 +02:00
|
|
|
var (
|
2018-07-09 17:40:45 +02:00
|
|
|
timeoutPing time.Duration
|
|
|
|
timeoutGet time.Duration
|
|
|
|
|
|
|
|
cidr string
|
|
|
|
|
2018-07-14 00:15:51 +02:00
|
|
|
defaultPorts = intSlice{80, 443, 8001, 9001}
|
2018-07-13 23:56:53 +02:00
|
|
|
ports intSlice
|
2018-07-09 17:40:45 +02:00
|
|
|
|
|
|
|
mailgunDomain string
|
|
|
|
mailgunAPIKey string
|
|
|
|
emailRecipient string
|
|
|
|
|
|
|
|
debug bool
|
2018-07-08 14:16:11 +02:00
|
|
|
)
|
|
|
|
|
2018-07-13 23:56:53 +02:00
|
|
|
// intSlice is a slice of ints
|
|
|
|
type intSlice []int
|
|
|
|
|
|
|
|
// implement the flag interface for intSlice
|
|
|
|
func (i *intSlice) String() (out string) {
|
|
|
|
for k, v := range *i {
|
|
|
|
if k < len(*i)-1 {
|
2018-07-14 00:15:51 +02:00
|
|
|
out += fmt.Sprintf("%d,", v)
|
2018-07-13 23:56:53 +02:00
|
|
|
} else {
|
|
|
|
out += fmt.Sprintf("%d", v)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return out
|
|
|
|
}
|
|
|
|
|
|
|
|
func (i *intSlice) Set(value string) error {
|
|
|
|
// Set the default if nothing was given.
|
|
|
|
if len(value) <= 0 {
|
|
|
|
*i = defaultPorts
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Split on "," for individual ports and ranges.
|
|
|
|
r := strings.Split(value, ",")
|
|
|
|
for _, pr := range r {
|
|
|
|
// Split on "-" to denote a range.
|
|
|
|
if strings.Contains(pr, "-") {
|
|
|
|
p := strings.SplitN(pr, "-", 2)
|
|
|
|
begin, err := strconv.Atoi(p[0])
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
end, err := strconv.Atoi(p[1])
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if begin > end {
|
|
|
|
return fmt.Errorf("end port can not be greater than the beginning port: %d > %d", end, begin)
|
|
|
|
}
|
|
|
|
for port := begin; port <= end; port++ {
|
|
|
|
*i = append(*i, port)
|
|
|
|
}
|
|
|
|
|
2018-07-14 00:15:51 +02:00
|
|
|
continue
|
2018-07-13 23:56:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// It is not a range just parse the port
|
|
|
|
port, err := strconv.Atoi(pr)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
*i = append(*i, port)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-07-09 17:40:45 +02:00
|
|
|
func init() {
|
|
|
|
flag.DurationVar(&timeoutPing, "timeout-ping", 2*time.Second, "Timeout for checking that the port is open")
|
|
|
|
flag.DurationVar(&timeoutGet, "timeout-get", 10*time.Second, "Timeout for getting the contents of the URL")
|
|
|
|
|
|
|
|
flag.StringVar(&cidr, "cidr", defaultCIDR, "IP CIDR to scan")
|
2018-07-13 23:56:53 +02:00
|
|
|
flag.Var(&ports, "ports", fmt.Sprintf("Ports to scan (ex. 80-443 or 80,443,8080 or 1-20,22,80-443) (default: %s)", defaultPorts.String()))
|
2018-07-09 17:40:45 +02:00
|
|
|
|
|
|
|
flag.StringVar(&mailgunAPIKey, "mailgun-api-key", "", "Mailgun API Key to use for sending email (optional)")
|
|
|
|
flag.StringVar(&mailgunDomain, "mailgun-domain", "", "Mailgun Domain to use for sending email (optional)")
|
|
|
|
flag.StringVar(&emailRecipient, "email-recipient", "", "Recipient for email notifications (optional)")
|
|
|
|
|
|
|
|
flag.BoolVar(&debug, "d", false, "Run in debug mode")
|
|
|
|
|
|
|
|
flag.Usage = func() {
|
|
|
|
flag.PrintDefaults()
|
|
|
|
}
|
|
|
|
|
|
|
|
flag.Parse()
|
|
|
|
|
|
|
|
// set log level
|
|
|
|
if debug {
|
|
|
|
logrus.SetLevel(logrus.DebugLevel)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-07-05 22:39:14 +02:00
|
|
|
func main() {
|
|
|
|
// On ^C, or SIGTERM handle exit.
|
|
|
|
c := make(chan os.Signal, 1)
|
|
|
|
signal.Notify(c, os.Interrupt)
|
|
|
|
signal.Notify(c, syscall.SIGTERM)
|
|
|
|
go func() {
|
|
|
|
for sig := range c {
|
|
|
|
logrus.Infof("Received %s, exiting.", sig.String())
|
|
|
|
os.Exit(0)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
2018-07-05 22:58:35 +02:00
|
|
|
// Set the logger to nil so we ignore messages from the Dial that don't matter.
|
|
|
|
// See: https://github.com/golang/go/issues/19895#issuecomment-292793756
|
|
|
|
log.SetFlags(0)
|
|
|
|
log.SetOutput(ioutil.Discard)
|
|
|
|
|
2018-07-08 14:16:11 +02:00
|
|
|
logrus.Infof("Scanning for Kubernetes Dashboards and API Servers on %s over port range %#v", cidr, ports)
|
2018-07-09 17:40:45 +02:00
|
|
|
if len(mailgunDomain) > 0 && len(mailgunAPIKey) > 0 && len(emailRecipient) > 0 {
|
|
|
|
logrus.Infof("Using Mailgun Domain %s, API Key %s to send emails to %s", mailgunDomain, mailgunAPIKey, emailRecipient)
|
|
|
|
}
|
2018-07-05 22:39:14 +02:00
|
|
|
logrus.Infof("This may take a bit...")
|
|
|
|
|
2018-07-05 22:58:35 +02:00
|
|
|
startTime := time.Now()
|
|
|
|
|
2018-07-05 22:39:14 +02:00
|
|
|
ip, ipnet, err := net.ParseCIDR(cidr)
|
|
|
|
if err != nil {
|
|
|
|
logrus.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var wg sync.WaitGroup
|
|
|
|
for ip := ip.Mask(ipnet.Mask); ipnet.Contains(ip); inc(ip) {
|
2018-07-08 14:16:11 +02:00
|
|
|
for _, port := range ports {
|
2018-07-06 19:37:39 +02:00
|
|
|
wg.Add(1)
|
|
|
|
go func(ip string, port int) {
|
|
|
|
defer wg.Done()
|
2018-07-05 22:39:14 +02:00
|
|
|
|
2018-07-06 19:37:39 +02:00
|
|
|
scanIP(ip, port)
|
|
|
|
|
|
|
|
}(ip.String(), port)
|
|
|
|
}
|
2018-07-05 22:39:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
wg.Wait()
|
2018-07-05 22:58:35 +02:00
|
|
|
|
|
|
|
since := time.Since(startTime)
|
|
|
|
logrus.Infof("Scan took: %s", since.String())
|
2018-07-05 22:39:14 +02:00
|
|
|
}
|
|
|
|
|
2018-07-06 19:37:39 +02:00
|
|
|
func scanIP(ip string, port int) {
|
|
|
|
// Check if the port is open.
|
|
|
|
ok := portOpen(ip, port)
|
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
2018-07-06 15:48:28 +02:00
|
|
|
|
2018-07-06 19:37:39 +02:00
|
|
|
// Check if it's a kubernetes dashboard.
|
2018-07-09 17:40:45 +02:00
|
|
|
ok, uri := isKubernetesDashboard(ip, port)
|
2018-07-06 19:37:39 +02:00
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
2018-07-06 15:48:28 +02:00
|
|
|
|
2018-07-06 19:37:39 +02:00
|
|
|
// Get the info for the ip address.
|
|
|
|
info, err := getIPInfo(ip)
|
|
|
|
if err != nil {
|
|
|
|
logrus.Warnf("ip info err: %v", err)
|
2018-07-06 15:48:28 +02:00
|
|
|
}
|
2018-07-09 17:40:45 +02:00
|
|
|
|
2018-07-06 19:37:39 +02:00
|
|
|
fmt.Printf("%s:%d\t%s\t%s\t%s\n",
|
|
|
|
ip, port,
|
|
|
|
info.Net.Organization.Handle, info.Net.Organization.Name, info.Net.Organization.Reference)
|
2018-07-09 17:40:45 +02:00
|
|
|
|
|
|
|
// send an email
|
|
|
|
if len(mailgunDomain) > 0 && len(mailgunAPIKey) > 0 && len(emailRecipient) > 0 {
|
|
|
|
if err := sendEmail(uri, ip, port, info); err != nil {
|
|
|
|
logrus.Warn(err)
|
|
|
|
}
|
|
|
|
}
|
2018-07-06 15:48:28 +02:00
|
|
|
}
|
|
|
|
|
2018-07-05 22:39:14 +02:00
|
|
|
func portOpen(ip string, port int) bool {
|
2018-07-09 17:40:45 +02:00
|
|
|
c, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", ip, port), timeoutPing)
|
2018-07-05 22:39:14 +02:00
|
|
|
if err != nil {
|
|
|
|
// logrus.Warnf("listen at %s:%s failed: %v", ip, port, err)
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
defer c.Close()
|
|
|
|
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2018-07-09 17:40:45 +02:00
|
|
|
func isKubernetesDashboard(ip string, port int) (bool, string) {
|
2018-07-05 22:39:14 +02:00
|
|
|
client := &http.Client{
|
2018-07-09 17:40:45 +02:00
|
|
|
Timeout: timeoutGet,
|
2018-07-05 22:39:14 +02:00
|
|
|
Transport: &http.Transport{
|
|
|
|
TLSClientConfig: &tls.Config{
|
|
|
|
InsecureSkipVerify: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
tryAddrs := []string{
|
|
|
|
fmt.Sprintf("http://%s:%d", ip, port),
|
|
|
|
fmt.Sprintf("https://%s:%d", ip, port),
|
|
|
|
fmt.Sprintf("http://%s:%d/api/", ip, port),
|
|
|
|
fmt.Sprintf("https://%s:%d/api/", ip, port),
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
resp *http.Response
|
|
|
|
err = errors.New("not yet run")
|
|
|
|
uri string
|
|
|
|
)
|
|
|
|
|
|
|
|
for i := 0; i < len(tryAddrs) && err != nil; i++ {
|
|
|
|
uri = tryAddrs[i]
|
|
|
|
resp, err = client.Get(uri)
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
//logrus.Warnf("getting %s:%s failed: %v", ip, port, err)
|
2018-07-09 17:40:45 +02:00
|
|
|
return false, ""
|
2018-07-05 22:39:14 +02:00
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
|
|
b, err := ioutil.ReadAll(resp.Body)
|
|
|
|
if err != nil {
|
2018-07-09 17:40:45 +02:00
|
|
|
return false, ""
|
2018-07-05 22:39:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
body := strings.ToLower(string(b))
|
2018-07-06 16:10:20 +02:00
|
|
|
if (strings.Contains(body, "kubernetes") && strings.Contains(body, "dashboard")) ||
|
|
|
|
(strings.Contains(body, `"versions"`) && strings.Contains(body, `"serverAddress`)) ||
|
|
|
|
(strings.Contains(body, `"paths"`) && strings.Contains(body, `"/api"`)) {
|
2018-07-09 17:40:45 +02:00
|
|
|
return true, uri
|
2018-07-05 22:39:14 +02:00
|
|
|
}
|
|
|
|
|
2018-07-09 17:40:45 +02:00
|
|
|
return false, ""
|
2018-07-05 22:39:14 +02:00
|
|
|
}
|
|
|
|
|
2018-07-13 23:56:53 +02:00
|
|
|
// ARINResponse describes the data struct that holds the response from ARIN.
|
2018-07-05 22:39:14 +02:00
|
|
|
type ARINResponse struct {
|
2018-07-05 23:33:35 +02:00
|
|
|
Net NetJSON `json:"net,omitempty"`
|
|
|
|
}
|
|
|
|
|
2018-07-14 00:15:51 +02:00
|
|
|
// NetJSON holds the net data from the ARIN response.
|
2018-07-05 23:33:35 +02:00
|
|
|
type NetJSON struct {
|
2018-07-06 00:18:31 +02:00
|
|
|
Organization OrganizationJSON `json:"orgRef,omitempty"`
|
2018-07-05 22:39:14 +02:00
|
|
|
}
|
|
|
|
|
2018-07-13 23:56:53 +02:00
|
|
|
// OrganizationJSON holds the organization data from the ARIN response.
|
2018-07-05 22:39:14 +02:00
|
|
|
type OrganizationJSON struct {
|
|
|
|
Handle string `json:"@handle,omitempty"`
|
|
|
|
Name string `json:"@name,omitempty"`
|
|
|
|
Reference string `json:"$,omitempty"`
|
|
|
|
}
|
|
|
|
|
|
|
|
func getIPInfo(ip string) (b ARINResponse, err error) {
|
|
|
|
req, err := http.NewRequest(http.MethodGet, fmt.Sprintf(arinAPIEndpoint, ip), nil)
|
|
|
|
if err != nil {
|
|
|
|
return b, err
|
|
|
|
}
|
|
|
|
req.Header.Set("Accept", "application/json")
|
|
|
|
|
|
|
|
resp, err := http.DefaultClient.Do(req)
|
|
|
|
if err != nil {
|
|
|
|
return b, err
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
|
|
if err := json.NewDecoder(resp.Body).Decode(&b); err != nil {
|
|
|
|
return b, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return b, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func inc(ip net.IP) {
|
|
|
|
for j := len(ip) - 1; j >= 0; j-- {
|
|
|
|
ip[j]++
|
|
|
|
if ip[j] > 0 {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2018-07-09 17:40:45 +02:00
|
|
|
|
|
|
|
func sendEmail(uri, ip string, port int, arinInfo ARINResponse) error {
|
|
|
|
mailgunClient := mailgun.NewMailgun(mailgunDomain, mailgunAPIKey, "")
|
|
|
|
|
|
|
|
msg, _, err := mailgunClient.Send(mailgunClient.NewMessage(
|
|
|
|
/* From */ fmt.Sprintf("%s <%s>", emailSender, emailSender),
|
|
|
|
/* Subject */ fmt.Sprintf("[k8scan]: found dashboard %s", uri),
|
|
|
|
/* Body */ fmt.Sprintf(`Time: %s
|
|
|
|
|
|
|
|
IP: %s:%d
|
|
|
|
URL: %s
|
|
|
|
|
|
|
|
ARIN: %s
|
|
|
|
%s
|
|
|
|
%s
|
|
|
|
`,
|
|
|
|
time.Now().Format(time.UnixDate),
|
2018-07-10 18:45:03 +02:00
|
|
|
ip,
|
|
|
|
port,
|
|
|
|
uri,
|
2018-07-09 17:40:45 +02:00
|
|
|
arinInfo.Net.Organization.Handle,
|
|
|
|
arinInfo.Net.Organization.Name,
|
|
|
|
arinInfo.Net.Organization.Reference,
|
|
|
|
),
|
|
|
|
/* To */ emailRecipient,
|
|
|
|
))
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("sending Mailgun message failed: response: %#v error: %v", msg, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|