Hadoop的攻击框架库hadoop-attack-library

匿名者  466天前

https://github.com/wavestone-cdt/hadoop-attack-library

Hadoop Attack Library

Desc ription

A collection of pentest tools and resources targeting Hadoop environments

Outline

This repository is composed of two kind of information and organised accordingly:

  • Tools, Techniques and Procedures to attack an Hadoop environment, in the Tools Techniques and Proceduresfolder
  • Key vulnerabilities on Hadoop components (Hadoop Common, HDFS, YARN etc.), in the Hadoop components vulnerabilities folder
  • Key vulnerabilities in third-party components often used in Hadoop environments, in the Third-party modules vulnerabilities folder

Practical hands-on

If you quickly want to get your hands into the resources provided here, you might read the following resources in that specific order:

  1. Set up an Hadoop attack environment
  2. Get the target environment configuration
  3. Map the infrastructure
  4. Browse the HDFS datalake
  5. Execute remote commands

Copyright and license

All product names, logos, and brands are property of their respective owners.
All resources published in the Hadoop Attack Library are free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. See the GNU General Public License for more details.

Disclaimer

Resources provided here are the result of security research and should not be used for illegal purposes.
Wavestone and CERT-W cannot be held responsible for any misuse or damage from any material provided here.

Contact

  • Thomas Debize < thomas.debize at wavestone d0t com >
  • Mahdi Braik < mahdi.braik at wavestone d0t com >
  • CERT-W < cert at wavestone d0t com >

------- 演讲材料 ------

Hadoop safari: Hunting for vulnerabilities  HITB Singapore 2017 – CommSec Track – August, 24th

https://gsec.hitb.org/materials/sg2017/COMMSEC%20D1%20-%20Thomas%20Debize%20and%20Mahdi%20Braik%20-%20Hadoop%20Safari%20-%20Hunting%20for%20Vulnerabilities.pdf

翻译:http://www.freebuf.com/column/162089.html

挖掘分布式系统——Hadoop的漏洞

最新评论

昵称
邮箱
提交评论

友情链接:FOFA FOEYE BCSEC BAIMAOHUI 安全客 i春秋

nosec.org All Rights Reserved 京ICP备15042518号