Esonhugh
diff --git a/‎cmd/admission/admission.go‎
Lines changed: 103 additions & 0 deletions b/‎cmd/admission/admission.go‎
Lines changed: 103 additions & 0 deletions
diff --git a/‎cmd/all/all.go‎
Lines changed: 5 additions & 0 deletions b/‎cmd/all/all.go‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎cmd/root.go‎
Lines changed: 2 additions & 2 deletions b/‎cmd/root.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎go.mod‎
Lines changed: 45 additions & 5 deletions b/‎go.mod‎
Lines changed: 45 additions & 5 deletions
@@ -0,0 +1,103 @@
+package admission
+
+import (
+	"errors"
+	"fmt"
+	command "github.com/esonhugh/k8spider/cmd"
+	"github.com/esonhugh/k8spider/pkg/admission-webhook/reviewer"
+	"github.com/guonaihong/gout"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	v1 "k8s.io/api/admission/v1"
+	"os"
+)
+
+var Opts = struct {
+	As                 string
+	Group              []string
+	Indent             int
+	Action             string
+	SendToController   bool
+	ControllerEndpoint string
+
+	FileContent [][]byte
+}{}
+
+func init() {
+	AdmitCmd.Flags().StringVarP(&Opts.As, "as", "a", "", "as username ")
+	AdmitCmd.Flags().StringSliceVarP(&Opts.Group, "group", "g", []string{}, "group")
+	AdmitCmd.Flags().IntVarP(&Opts.Indent, "indent", "I", 2, "indent")
+	AdmitCmd.Flags().StringVarP(&Opts.Action, "action", "A", "create", "action")
+	AdmitCmd.Flags().BoolVarP(&Opts.SendToController, "send-to-controller", "s", false, "send to controller")
+	AdmitCmd.Flags().StringVarP(&Opts.ControllerEndpoint, "controller-endpoint", "e", "", "controller endpoint")
+	command.RootCmd.AddCommand(AdmitCmd)
+}
+
+var AdmitCmd = &cobra.Command{
+	Use:   "admit [file]",
+	Short: "admit is a tool to testing kubernetes admission controllers",
+	Long:  "admit is a tool to testing kubernetes admission controllers",
+	PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+		if Opts.SendToController {
+			if Opts.ControllerEndpoint == "" {
+				return errors.New("if send to controller is ture, controller-endpoint can't be empty")
+			}
+		}
+		if len(args) == 0 {
+			return errors.New("file args can't be empty")
+		}
+		for _, file := range args {
+			f, err := os.ReadFile(file)
+			if err != nil {
+				return err
+			}
+			Opts.FileContent = append(Opts.FileContent, f)
+		}
+		return nil
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		for _, input := range Opts.FileContent {
+			content, err := reviewer.CreateAdmissionReviewRequest(input, Opts.Action, Opts.As, Opts.Group, Opts.Indent)
+			if err != nil {
+				log.Errorf("create admission review request failed: %v", err)
+				return
+			}
+			log.Debugf("admission review request: %v", string(content))
+			if Opts.SendToController {
+				log.Tracef("sending to the controller: %v", Opts.ControllerEndpoint)
+				gp := gout.POST(Opts.ControllerEndpoint).SetJSON(content)
+				if command.Opts.Verbose > 0 {
+					gp.Debug(true)
+				}
+				var resp v1.AdmissionReview
+				err := gp.BindJSON(&resp).Do()
+				if err != nil {
+					log.Errorf("send to controller failed: %v", err)
+				}
+				if resp.Response == nil {
+					log.Errorf("get empty admission reviewed response")
+				}
+				log.Infof("get admission reviewed response")
+				log.Infof("Allowed: %v", resp.Response.Allowed)
+				log.Infof("UID: %v", resp.Response.UID)
+				log.Infof("PatchType: %v", *resp.Response.PatchType)
+				log.Infof("Patch: %v", string(resp.Response.Patch))
+				for k, v := range resp.Response.AuditAnnotations {
+					log.Infof("AuditAnnotation[%v]: %v", k, v)
+				}
+				for _, w := range resp.Response.Warnings {
+					log.Infof("Warning: %v", w)
+				}
+				return
+			} else {
+				fmt.Println(string(content))
+				if command.Opts.OutputFile != "" {
+					err := os.WriteFile(command.Opts.OutputFile, content, 0644)
+					if err != nil {
+						log.Errorf("write to file failed: %v", err)
+					}
+				}
+			}
+		}
+	},
+}
@@ -153,6 +153,11 @@ func PostRun(finalRecord define.Records, file string) {
 					log.Warnf("Checkout service %v, which maybe contains apps metrics information", svc)
 				}
 			}
+			if strings.Contains(svc, "ingress-nginx-controller-admission") ||
+				(strings.Contains(svc, "admission") &&
+					(strings.Contains(svc, "nginx-ingress") || strings.Contains(svc, "ingress-nginx"))) {
+				log.Warnf("Checkout service %v, which maybe effects CVE-2025-1974 nginx ingress controllor ", svc)
+			}
 			log.Infof("Service: %s", svc)
 			writeString("// \t\t" + svc + "\n")
 		}
 
@@ -77,15 +77,15 @@ func init() {
 	RootCmd.PersistentFlags().StringSliceVarP(&Opts.FilterStrings, "filter-strings", "f", []string{}, "filter contained strings")
 
 	RootCmd.PersistentFlags().IntVarP(&Opts.Latency, "latency", "l", 0, "Latency control while each dns query in ms, default 0ms")
+	// Set Log Levels
+	SetLogLevel(Opts.Verbose)
 }
 
 var RootCmd = &cobra.Command{
 	Use:   "k8spider",
 	Short: "k8spider is a tool to discover k8s services",
 	Long:  "k8spider is Powerful+Fast+Low Privilege Kubernetes service discovery tools via kubernetes DNS service. Currently supported service ip-port BruteForcing / AXFR Domain Transfer Dump / Coredns WildCard Dump / Pod Verified IP discovery\n\nTopics\n",
 	PersistentPreRun: func(cmd *cobra.Command, args []string) {
-		// Set Log Levels
-		SetLogLevel(Opts.Verbose)
 		// Set pkg global config
 		pkg.Zone = Opts.Zone
 
 
@@ -1,20 +1,60 @@
 module github.com/esonhugh/k8spider
 
-go 1.21.0
+go 1.23.0
+
+toolchain go1.23.4
 
 require (
 	github.com/elastic/go-grok v0.3.1
+	github.com/guonaihong/gout v0.3.10
 	github.com/miekg/dns v1.1.58
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.5.0
+	k8s.io/api v0.32.3
+	k8s.io/apimachinery v0.32.3
+	k8s.io/client-go v0.32.3
 )
 
 require (
+	github.com/andybalholm/brotli v1.0.4 // indirect
+	github.com/bytedance/sonic v1.7.0 // indirect
+	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-playground/locales v0.13.0 // indirect
+	github.com/go-playground/universal-translator v0.17.0 // indirect
+	github.com/go-playground/validator/v10 v10.4.1 // indirect
+	github.com/goccy/go-json v0.10.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/cpuid/v2 v2.0.9 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/leodido/go-urn v1.2.0 // indirect
 	github.com/magefile/mage v1.15.0 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/net v0.20.0 // indirect
-	golang.org/x/sys v0.16.0 // indirect
-	golang.org/x/tools v0.17.0 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	golang.org/x/arch v0.0.0-20210923205945-b76863e36670 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/mod v0.21.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/tools v0.26.0 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
+	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )
Original file line number	Diff line number	Diff line change
`@@ -153,6 +153,11 @@ func PostRun(finalRecord define.Records, file string) {`
`153`	`153`	`log.Warnf("Checkout service %v, which maybe contains apps metrics information", svc)`
`154`	`154`	`}`
`155`	`155`	`}`
	`156`	`+ if strings.Contains(svc, "ingress-nginx-controller-admission") \|\|`
	`157`	`+ (strings.Contains(svc, "admission") &&`
	`158`	`+ (strings.Contains(svc, "nginx-ingress") \|\| strings.Contains(svc, "ingress-nginx"))) {`
	`159`	`+ log.Warnf("Checkout service %v, which maybe effects CVE-2025-1974 nginx ingress controllor ", svc)`
	`160`	`+ }`
`156`	`161`	`log.Infof("Service: %s", svc)`
`157`	`162`	`writeString("// \t\t" + svc + "\n")`
`158`	`163`	`}`