Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/wavestone-cdt/hadoop-attack-library

A collection of pentest tools and resources targeting Hadoop environments
https://github.com/wavestone-cdt/hadoop-attack-library

bigdata hadoop pentest

Last synced: 24 days ago
JSON representation

A collection of pentest tools and resources targeting Hadoop environments

Awesome Lists containing this project

README

        

Hadoop Attack Library
=====================

Description
-----------
A collection of pentest tools and resources targeting Hadoop environments

Outline
-------
This repository is composed of two kind of information and organised accordingly:
* **Tools, Techniques and Procedures** to attack an Hadoop environment, in the `Tools Techniques and Procedures` folder
* **Key vulnerabilities on Hadoop components (Hadoop Common, HDFS, YARN etc.)**, in the `Hadoop components vulnerabilities` folder
* **Key vulnerabilities in third-party components** often used in Hadoop environments, in the `Third-party modules vulnerabilities` folder

Practical hands-on
------------------
If you quickly want to get your hands into the resources provided here, you might read the **following resources in that specific order:**
1. [Set up an Hadoop attack environment](Tools%20Techniques%20and%20Procedures%2fSetting%20up%20an%20Hadoop%20attack%20environment)
2. [Get the target environment configuration](Tools%20Techniques%20and%20Procedures%2fGetting%20the%20target%20environment%20configuration)
3. [Map the infrastructure](Tools%20Techniques%20and%20Procedures%2fMapping%20the%20infrastructure)
4. [Browse the HDFS datalake](Tools%20Techniques%20and%20Procedures%2fBrowsing%20the%20HDFS%20datalake)
5. [Execute remote commands](Tools%20Techniques%20and%20Procedures%2fExecuting%20remote%20commands)

Copyright and license
---------------------
All product names, logos, and brands are property of their respective owners.
All resources published in the Hadoop Attack Library are free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
See the GNU General Public License for more details.

Disclaimer
----------
Resources provided here are the result of security research and should not be used for illegal purposes.
Wavestone and CERT-W cannot be held responsible for any misuse or damage from any material provided here.

Contact
-------
* Thomas Debize < thomas.debize at wavestone d0t com >
* Mahdi Braik < mahdi.braik at wavestone d0t com >
* CERT-W < cert at wavestone d0t com >