mirror of
https://github.com/lunchcat/sif.git
synced 2026-07-05 04:07:03 -07:00
12cab935ec
add two recon modules detecting anon-by-design big-data control surfaces that leak operational topology: - zookeeper-admin-exposure (medium): probes /commands/monitor on a zookeeper adminserver and matches the command/monitor envelope plus server_state; the adminserver has no auth on reads, so an open one discloses the version, ensemble role, connection counts and data size, while a firewalled or disabled adminserver is not reachable; extracts the version - hadoop-namenode-exposure (medium): probes /jmx for the NameNodeInfo bean and matches the bean name plus LiveNodes/DeadNodes; the namenode jmx is unauthenticated unless kerberos spnego is set, so an open one discloses the hdfs version and every datanode internal hostname, while a kerberos-secured namenode returns 401; extracts the software version trino/presto were dropped: /v1/info is ResourceSecurity(PUBLIC) so it answers on secured clusters too and would be a fingerprint, not an exposure. both modules carry hard-test coverage with N-1 anchor traps (a non-monitor zookeeper command and a non-NameNodeInfo hadoop bean stay quiet), cross false-positive guards both ways and a secured-instance status case.