Shulou(Shulou.com)05/31 Report--

Editor to share with you what kind of tool Kubebot is, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Kubebot

Today, we introduce a security test Slackbot called Kubebot, which is based on the Google cloud platform and provides a Kubernetes backend.

Project architecture

Tool demo video data stream

The 1.API request is initiated by Slackbot and sent to the API server. The API server runs as a Docker container in the Kubernetes (K8s) cluster and can be resized as needed.

The 2.API server forwards the request to PubSub ToolTopic as a message.

3. The message is posted to Tool Subscription.

4.Subscription Worker runs as a Docker container on the K8s cluster, processing messages from Tool Subscription, and the number of Worker can be adjusted as needed.

5. Based on the tool, target, and option information passed by the end user, the tool initializes a specific Tool Worker on the same K8s cluster, and the analysis results are temporarily stored in the container's local directory.

6. The tool detects whether the generated result file exists, and if it does not, it push it to GitHub, if it does, it compares the files, and push the new file to GitHub.

7.Tool Worker sends the changes back to Slack and deletes the Tool Worker because they have done their job.

Note: before deploying the K8s cluster, download all API server Docker images, SubscriptionWorker, and Tool Worker from Google Container Registry.

The list of tools currently integrated by Kubebot is as follows (ongoing updates … ):

Custom Enumall

Git-all-secrets

Gitrob.

Gitrob-server

Git-secrets

Gobuster

Nmap

Subbrute

Sublist3r

TruffleHog

The automated workflow for Kubebot integration is as follows (continuously updating … ):

Wfuzz basic authentication bruteforcing

Sample Slash commands in Slack:

/ runtoolnmap |-Pn-p 1-1000 | google.com/runtoolsublist3r |-t 50 | test.com/runtoolgobuster |-m dns-w fierce_hostlist.txt-t 10-fw | google.com/runtoolenumall |-s shodan-api-key | test.com/runtoolsubbrute |-s subfiles/names.txt-v | kubebot.io (This takes a long time) / runtoolgitrob | analyze-- no-banner-- no-server | test,abc/runtooltrufflehog | | https://github.com/KingAsius/iaquest.git/runtoolgitsecrets||https://github.com/pmyagkov/slack-emoji-bots.git/runtoolgitallsecrets|-user|secretuser1, Secretuser2/runtoolgitallsecrets |-toolName repo-supervisor-org | secretorg123/runtoolgitallsecrets |-repoURL | https://github.com/anshumanbh/docker-lair.git/runtoolgitallsecrets|-gistURL|https://gist.github.com/anshumanbh/f48dc1d9d8b2158252f716a3719bf8e6/runautomationwfuzzbasicauthbrute|. Optional dictionary file: bitquark_20160227_subdomains_popular_1000000.txtdeepmagic.com_top500prefixes.txtfierce_hostlist.txtnamelist.txtnames.txtsorted_knock_dnsrecon_fierce_recon-ng.txtsubdomains-top1mil-110000.txt

The above is all the content of this article "what is Kubebot?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.