kube-hunter: Final hook is hanging

Hi,

Thanks for the tool!

When running aquasec/kube-hunter with --pod and --log=info inside of a GKE cluster I get this output:

...
~ Started
~ Discovering Open Kubernetes Services...
Event <class 'src.modules.discovery.hosts.HostScanEvent'> got published with <src.modules.discovery.hosts.HostScanEvent object at 0x7fc91436ced0>
Starting new HTTP connection (1): 169.254.169.254:80
http://169.254.169.254:80 "GET /metadata/instance?api-version=2017-08-01 HTTP/1.1" 403 56
Starting new HTTP connection (1): canhazip.com:80
http://canhazip.com:80 "GET / HTTP/1.1" 200 14
Starting new HTTP connection (1): www.azurespeed.com:80
http://www.azurespeed.com:80 "GET /api/region?ipOrUrl=x.x.x.x%0A HTTP/1.1" 200 None
Cannot read wireshark manuf database

It eventually stops with Kube Hunter couldn't find any clusters (\o/ us), but I am wondering what if the manuf db was available for scapy (?). Maybe something to look into.

About this issue

Original URL
State: closed
Created 6 years ago
Reactions: 3
Comments: 18 (6 by maintainers)

Commits related to this issue

docs: resize demo GIF (#35) — committed to py-go/kube-hunter by lizrice 4 years ago

Most upvoted comments

Any update on this? We are also facing the same issue while running on EKS

aryak007 on Apr 16, 2019

I’m running it in EKS.

On Sun, Sep 16, 2018, 08:00 Liz Rice notifications@github.com wrote:

Thank you @JPLachance https://github.com/JPLachance, we will check that out, it’s a good thought. My immediate thought is wondering if it’s something to do with security groups that don’t allow traffic on these ports.

@Joeyn414 https://github.com/Joeyn414 @rtoma https://github.com/rtoma what are your environments? I think the log itself is a red herring but that the idea that something blocks kube-hunter is very plausible.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/aquasecurity/kube-hunter/issues/35#issuecomment-421753400, or mute the thread https://github.com/notifications/unsubscribe-auth/AD9_1l9sX3R7UHFDTbk8E6VPuW0sAp3Sks5ubj1mgaJpZM4WNWcp .

Joeyn414 on Sep 16, 2018

I dont get that much output I’m currently only seeing this: ~ Started ~ Discovering Open Kubernetes Services... Cannot read wireshark manuf database

I did not modify the job.yaml file at all when running it as a job in kubernetes. It just sits there and doesnt do anything else. You state its a benign error but it doesnt move on past this. What can I do to fix whatever is wrong with my setup?

Joeyn414 on Sep 11, 2018

Any update on this? We are also facing the same issue while running on EKS

@aryak93 @dylancaponi - I will setup an EKS cluster this week and see if I can reproduce what you are both seeing.

gramidt on Jun 12, 2019

~ Started
~ Discovering Open Kubernetes Services...
|
| Accessed to pod's secrets:
|   type: vulnerability
|   host: None:None
|   description:
|     Accessing the pod's secrets within a
|     compromised pod might disclose valuable data to a
|_    potential attacker
Cannot read wireshark manuf database

Same error I am facing on EKS. Any idea?

ImPurshu on Mar 7, 2019