Add Kube-Hunter and Kubeletctl to the Hacker-Container
santikris2003 opened this issue Β· comments
Add Kube-Hunter and Kubeletctl to the Hacker-Container
Thanks, @santikris2003 for the suggestions π
I have added both kube-hunter and kubeletctl to the Hacker Container.
For now kube-hunter added as using k8s manifests and if required we have to use it via python virtual environment. In the future will update with the proper package manager.
Thank you!
thanks for adding those , I tried on the latest hacker-container , Im getting kubeletctl not found
I installed the updated hacker-container using kubectl run -it hacker-container --image=madhuakula/hacker-container
(root) /usr/bin # uname -a
Linux hacker-container 5.4.0-1045-aws #47-Ubuntu SMP Tue Apr 13 07:02:25 UTC 2021 x86_64 GNU/Linux
(root) /usr/bin # kube
kube-bench kubeaudit kubectl kubectl-who-can kubeletctl kubesec
(root) /usr/bin # kubeletctl
/bin/sh: kubeletctl: not found
(root) /usr/bin #
not sure if Im missing anything
I also tried to run the kube-hunter , getting these errors , executed from pythin3 venv
(root) ~ # ls
bin docker-bench-security include kube-hunter lib lib64 lynis pwnchart pyvenv.cfg unix-privesc-check
(root) ~ # cd ./kube-hunter/
(root) ~/kube-hunter # pip install -r requirements.txt
Obtaining file:///root/kube-hunter (from -r requirements.txt (line 1))
Installing build dependencies ... done
Getting requirements to build wheel ... done
Installing backend dependencies ... done
Preparing wheel metadata ... done
Collecting PrettyTable
Downloading prettytable-2.1.0-py3-none-any.whl (22 kB)
Collecting ruamel.yaml
Downloading ruamel.yaml-0.17.4-py3-none-any.whl (101 kB)
|ββββββββββββββββββββββββββββββββ| 101 kB 8.9 MB/s
Collecting netifaces
Downloading netifaces-0.10.9.tar.gz (28 kB)
Collecting netaddr
Downloading netaddr-0.8.0-py2.py3-none-any.whl (1.9 MB)
|ββββββββββββββββββββββββββββββββ| 1.9 MB 28.4 MB/s
Collecting future
Downloading future-0.18.2.tar.gz (829 kB)
|ββββββββββββββββββββββββββββββββ| 829 kB 29.3 MB/s
Collecting urllib3>=1.24.3
Downloading urllib3-1.26.4-py2.py3-none-any.whl (153 kB)
|ββββββββββββββββββββββββββββββββ| 153 kB 30.1 MB/s
Collecting packaging
Downloading packaging-20.9-py2.py3-none-any.whl (40 kB)
|ββββββββββββββββββββββββββββββββ| 40 kB 8.9 MB/s
Collecting dataclasses
Downloading dataclasses-0.6-py3-none-any.whl (14 kB)
Collecting requests
Downloading requests-2.25.1-py2.py3-none-any.whl (61 kB)
|ββββββββββββββββββββββββββββββββ| 61 kB 8.9 MB/s
Collecting scapy>=2.4.3
Downloading scapy-2.4.5.tar.gz (1.1 MB)
|ββββββββββββββββββββββββββββββββ| 1.1 MB 30.0 MB/s
Collecting pluggy
Downloading pluggy-0.13.1-py2.py3-none-any.whl (18 kB)
Collecting pyparsing>=2.0.2
Downloading pyparsing-2.4.7-py2.py3-none-any.whl (67 kB)
|ββββββββββββββββββββββββββββββββ| 67 kB 9.0 MB/s
Collecting wcwidth
Downloading wcwidth-0.2.5-py2.py3-none-any.whl (30 kB)
Collecting chardet<5,>=3.0.2
Downloading chardet-4.0.0-py2.py3-none-any.whl (178 kB)
|ββββββββββββββββββββββββββββββββ| 178 kB 38.6 MB/s
Collecting certifi>=2017.4.17
Downloading certifi-2020.12.5-py2.py3-none-any.whl (147 kB)
|ββββββββββββββββββββββββββββββββ| 147 kB 38.8 MB/s
Collecting idna<3,>=2.5
Downloading idna-2.10-py2.py3-none-any.whl (58 kB)
|ββββββββββββββββββββββββββββββββ| 58 kB 8.5 MB/s
Collecting ruamel.yaml.clib>=0.1.2
Downloading ruamel.yaml.clib-0.2.2.tar.gz (179 kB)
|ββββββββββββββββββββββββββββββββ| 179 kB 37.4 MB/s
Using legacy 'setup.py install' for scapy, since package 'wheel' is not installed.
Using legacy 'setup.py install' for future, since package 'wheel' is not installed.
Using legacy 'setup.py install' for netifaces, since package 'wheel' is not installed.
Using legacy 'setup.py install' for ruamel.yaml.clib, since package 'wheel' is not installed.
Installing collected packages: wcwidth, urllib3, ruamel.yaml.clib, pyparsing, idna, chardet, certifi, scapy, ruamel.yaml, requests, PrettyTable, pluggy, packaging, netifaces, netaddr, future, dataclasses, kube-hunter
Running setup.py install for ruamel.yaml.clib ... done
Running setup.py install for scapy ... done
Running setup.py install for netifaces ... error
ERROR: Command errored out with exit status 1:
command: /root/bin/python3 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-zkpsiahw/netifaces_c74b3c6e92f541dda5c56ea7c1c4a32a/setup.py'"'"'; file='"'"'/tmp/pip-install-zkpsiahw/netifaces_c74b3c6e92f541dda5c56ea7c1c4a32a/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(file) if os.path.exists(file) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record /tmp/pip-record-40jii5fm/install-record.txt --single-version-externally-managed --compile --install-headers /root/include/site/python3.8/netifaces
cwd: /tmp/pip-install-zkpsiahw/netifaces_c74b3c6e92f541dda5c56ea7c1c4a32a/
Complete output (16 lines):
running install
running build
running build_ext
checking for getifaddrs...not found.
checking for getnameinfo...not found.
checking for socket IOCTLs...not found.
checking for optional header files...none found.
checking whether struct sockaddr has a length field...no.
checking which sockaddr_xxx structs are defined...none!
checking for routing socket support...no.
checking for sysctl(CTL_NET...) support...no.
checking for netlink support...no.
building 'netifaces' extension
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fomit-frame-pointer -g -fno-semantic-interposition -fomit-frame-pointer -g -fno-semantic-interposition -fomit-frame-pointer -g -fno-semantic-interposition -DTHREAD_STACK_SIZE=0x100000 -fPIC -DNETIFACES_VERSION=0.10.9 -I/root/include -I/usr/include/python3.8 -c netifaces.c -o build/temp.linux-x86_64-3.8/netifaces.o
unable to execute 'gcc': No such file or directory
error: command 'gcc' failed with exit status 1
----------------------------------------
ERROR: Command errored out with exit status 1: /root/bin/python3 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-zkpsiahw/netifaces_c74b3c6e92f541dda5c56ea7c1c4a32a/setup.py'"'"'; file='"'"'/tmp/pip-install-zkpsiahw/netifaces_c74b3c6e92f541dda5c56ea7c1c4a32a/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(file) if os.path.exists(file) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record /tmp/pip-record-40jii5fm/install-record.txt --single-version-externally-managed --compile --install-headers /root/include/site/python3.8/netifaces Check the logs for full command output.
(root) ~/kube-hunter #
Sorry about that. Looks like some issue with kubeletctl when it's downloading from the official release. Fixed by building from multi-stage build container.
Regarding the kube-hunter currently, it only works using YAML manifests. Due to the python environment with dependencies were breaking.
Thank you so much once again!