Merge pull request #8 from Esonhugh/wildcard

Wildcard Support
Esonhugh · May 11, 2024 · 08b8e2f · 08b8e2f
2 parents 5097260 + 76ee0ec
commit 08b8e2f
Show file tree

Hide file tree

Showing 7 changed files with 98 additions and 29 deletions.
diff --git a/cmd/all/all.go b/cmd/all/all.go
@@ -27,6 +27,11 @@ var AllCmd = &cobra.Command{
 			log.Warn("cidr is required")
 			return
 		}
+		// Wildcard
+		records := scanner.DumpWildCard(command.Opts.Zone)
+		if records != nil {
+			printer.PrintResult(records, command.Opts.OutputFile)
+		}
 		// AXFR Dumping
 		records, err := scanner.DumpAXFR(dns.Fqdn(command.Opts.Zone), "ns.dns."+command.Opts.Zone+":53")
 		if err == nil {

diff --git a/cmd/wildcard/wildcard.go b/cmd/wildcard/wildcard.go
@@ -0,0 +1,30 @@
+package wildcard
+
+import (
+	command "github.com/esonhugh/k8spider/cmd"
+	"github.com/esonhugh/k8spider/pkg/printer"
+	"github.com/esonhugh/k8spider/pkg/scanner"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	command.RootCmd.AddCommand(WildCardCmd)
+}
+
+var WildCardCmd = &cobra.Command{
+	Use:   "wild",
+	Short: "wild is a tool to abuse wildcard feature in kubernetes service discovery",
+	Run: func(cmd *cobra.Command, args []string) {
+		if command.Opts.Zone == "" {
+			log.Warn("zone can't empty")
+			return
+		}
+		record := scanner.DumpWildCard(command.Opts.Zone)
+		if record == nil || len(record) == 0 {
+			log.Warnf("DumpWildCard Found Nothing")
+			return
+		}
+		printer.PrintResult(record, command.Opts.OutputFile)
+	},
+}
diff --git a/main.go b/main.go
@@ -6,6 +6,7 @@ import (
 	_ "github.com/esonhugh/k8spider/cmd/axfr"
 	_ "github.com/esonhugh/k8spider/cmd/service"
 	_ "github.com/esonhugh/k8spider/cmd/subnet"
+	_ "github.com/esonhugh/k8spider/cmd/wildcard"
 )
 
 func main() {

diff --git a/pkg/mutli/subnet.go b/pkg/mutli/subnet.go
@@ -36,7 +36,6 @@ func (s *SubnetScanner) ScanSubnet(subnet *net.IPNet) <-chan []define.Record {
 	}
 	out := make(chan []define.Record, 100)
 	go func() {
-		log.Debugf("splitting subnet into 16 pices")
 		// if subnets, err := pkg.SubnetShift(subnet, 4); err != nil {
 		if subnets, err := pkg.SubnetInto(subnet, s.count); err != nil {
 			log.Errorf("Subnet split into %v failed, fallback to single mode, reason: %v", s.count, err)

diff --git a/pkg/scanner/axfr.go b/pkg/scanner/axfr.go
@@ -0,0 +1,35 @@
+package scanner
+
+import (
+	"strings"
+
+	"github.com/esonhugh/k8spider/define"
+	"github.com/miekg/dns"
+	log "github.com/sirupsen/logrus"
+)
+
+// default target should be zone
+func DumpAXFR(target string, dnsServer string) ([]define.Record, error) {
+	t := new(dns.Transfer)
+	m := new(dns.Msg)
+	m.SetAxfr(target)
+	ch, err := t.In(m, dnsServer)
+	if err != nil {
+		return nil, err
+	}
+	var records []define.Record
+	for rr := range ch {
+		if rr.Error != nil {
+			log.Debugf("Error: %v", rr.Error)
+			return records, rr.Error
+		}
+		for _, r := range rr.RR {
+			records = append(records, define.Record{
+				SvcDomain: r.Header().Name,
+				Extra:     strings.Join(strings.Split(r.String(), "\t"), " "),
+			})
+		}
+		log.Debugf("Record: %v", rr.RR)
+	}
+	return records, nil
+}
diff --git a/pkg/scanner/scanner.go b/pkg/scanner/scanner.go
@@ -2,11 +2,9 @@ package scanner
 
 import (
 	"net"
-	"strings"
 
 	"github.com/esonhugh/k8spider/define"
 	"github.com/esonhugh/k8spider/pkg"
-	"github.com/miekg/dns"
 	log "github.com/sirupsen/logrus"
 )
 
@@ -65,29 +63,3 @@ func ScanSvcForPorts(records []define.Record) []define.Record {
 	}
 	return records
 }
-
-// default target should be zone
-func DumpAXFR(target string, dnsServer string) ([]define.Record, error) {
-	t := new(dns.Transfer)
-	m := new(dns.Msg)
-	m.SetAxfr(target)
-	ch, err := t.In(m, dnsServer)
-	if err != nil {
-		return nil, err
-	}
-	var records []define.Record
-	for rr := range ch {
-		if rr.Error != nil {
-			log.Debugf("Error: %v", rr.Error)
-			continue
-		}
-		for _, r := range rr.RR {
-			records = append(records, define.Record{
-				SvcDomain: r.Header().Name,
-				Extra:     strings.Join(strings.Split(r.String(), "\t"), " "),
-			})
-		}
-		log.Debugf("Record: %v", rr.RR)
-	}
-	return records, nil
-}
diff --git a/pkg/scanner/wildcard.go b/pkg/scanner/wildcard.go
@@ -0,0 +1,27 @@
+package scanner
+
+import (
+	"github.com/esonhugh/k8spider/define"
+	"github.com/esonhugh/k8spider/pkg"
+	"github.com/miekg/dns"
+	log "github.com/sirupsen/logrus"
+)
+
+func DumpWildCard(zone string) []define.Record {
+	searchDNS := []string{
+		dns.Fqdn("any.any.svc." + zone),
+		dns.Fqdn("any.any.any.svc." + zone),
+	}
+	var records []define.Record
+	for _, dns := range searchDNS {
+		_, srv, err := pkg.SRVRecord(dns)
+		if err != nil {
+			log.Warnf("wildcard dns query to %v failed: %v", dns, err)
+			continue
+		}
+		r := define.Record{}
+		r.SetSrvRecord(dns, srv)
+		records = append(records, r)
+	}
+	return records
+}