/
kubernetes.rb
66 lines (66 loc) · 2.2 KB
/
kubernetes.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
module Intrigue
module Ident
module Check
class Kubernetes < Intrigue::Ident::Check::Base
def generate_checks(url)
[
{
type: 'fingerprint',
category: 'application',
tags: %w[Cloud CI/CD Development],
vendor: 'Kubernetes',
product: 'Kubernetes',
website: 'https://kubernetes.io/',
description: 'Audit-id header',
version: nil,
match_logic: :all,
matches: [
{
match_type: :content_headers,
match_content: /Audit-Id: [a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89aAbB][a-f0-9]{3}-[a-f0-9]{12}/,
}
],
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false
},
{
type: 'fingerprint',
category: 'application',
tags: %w[Cloud CI/CD Development],
vendor: 'Kubernetes',
product: 'Kubernetes',
website: 'https://kubernetes.io/',
description: "Kubernetes - Body Match",
version: nil,
match_logic: :any,
matches: [
{
match_type: :content_body,
match_content: %r{groupVersion":"apiregistration.k8s.io/v1beta1},
},
{
match_type: :content_body,
match_content: /forbidden: User \\"system:anonymous\\" cannot get path/,
},
{
match_type: :content_body,
match_content: /serverAddressByClientCIDRs/,
},
{
match_type: :content_body,
match_content: /^default backend - 404$/,
},
{ # specific to github?
match_type: :content_headers,
match_content: /^x-github-backend: Kubernetes$/,
}
],
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false
},
]
end
end
end
end
end