Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/wavestone-cdt/hadoop-attack-library

A collection of pentest tools and resources targeting Hadoop environments
https://github.com/wavestone-cdt/hadoop-attack-library

bigdata hadoop pentest

Last synced: 3 months ago
JSON representation

A collection of pentest tools and resources targeting Hadoop environments

Host: GitHub
URL: https://github.com/wavestone-cdt/hadoop-attack-library
Owner: wavestone-cdt
Created: 2017-02-28T12:46:45.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2021-09-09T07:21:41.000Z (about 3 years ago)
Last Synced: 2024-04-06T21:39:03.812Z (7 months ago)
Topics: bigdata, hadoop, pentest
Language: Python
Size: 65.8 MB
Stars: 256
Watchers: 18
Forks: 73
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-security-collection - **184**星

README

Hadoop Attack Library
=====================

Description
-----------
A collection of pentest tools and resources targeting Hadoop environments

Outline
-------
This repository is composed of two kind of information and organised accordingly:
* **Tools, Techniques and Procedures** to attack an Hadoop environment, in the `Tools Techniques and Procedures` folder
* **Key vulnerabilities on Hadoop components (Hadoop Common, HDFS, YARN etc.)**, in the `Hadoop components vulnerabilities` folder
* **Key vulnerabilities in third-party components** often used in Hadoop environments, in the `Third-party modules vulnerabilities` folder

Practical hands-on
------------------
If you quickly want to get your hands into the resources provided here, you might read the **following resources in that specific order:**
1. [Set up an Hadoop attack environment](Tools%20Techniques%20and%20Procedures%2fSetting%20up%20an%20Hadoop%20attack%20environment)
2. [Get the target environment configuration](Tools%20Techniques%20and%20Procedures%2fGetting%20the%20target%20environment%20configuration)
3. [Map the infrastructure](Tools%20Techniques%20and%20Procedures%2fMapping%20the%20infrastructure)
4. [Browse the HDFS datalake](Tools%20Techniques%20and%20Procedures%2fBrowsing%20the%20HDFS%20datalake)
5. [Execute remote commands](Tools%20Techniques%20and%20Procedures%2fExecuting%20remote%20commands)

Copyright and license
---------------------
All product names, logos, and brands are property of their respective owners.
All resources published in the Hadoop Attack Library are free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
See the GNU General Public License for more details.

Disclaimer
----------
Resources provided here are the result of security research and should not be used for illegal purposes.
Wavestone and CERT-W cannot be held responsible for any misuse or damage from any material provided here.

Contact
-------
* Thomas Debize < thomas.debize at wavestone d0t com >
* Mahdi Braik < mahdi.braik at wavestone d0t com >
* CERT-W < cert at wavestone d0t com >