search

madhuakula / hacker-container

The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Containers, Kubernetes Clusters, and Cloud Native workloads.
MIT License
261 stars 61 forks source link

Add Kube-Hunter and Kubeletctl to the Hacker-Container #3

Closed santikris2003 closed 3 years ago

santikris2003 commented 3 years ago

Add Kube-Hunter and Kubeletctl to the Hacker-Container

madhuakula commented 3 years ago

Thanks, @santikris2003 for the suggestions :pray:

I have added both kube-hunter and kubeletctl to the Hacker Container.

For now kube-hunter added as using k8s manifests and if required we have to use it via python virtual environment. In the future will update with the proper package manager.

Thank you!

santikris2003 commented 3 years ago

thanks for adding those , I tried on the latest hacker-container , Im getting kubeletctl not found I installed the updated hacker-container using kubectl run -it hacker-container --image=madhuakula/hacker-container (root) /usr/bin # uname -a Linux hacker-container 5.4.0-1045-aws #47-Ubuntu SMP Tue Apr 13 07:02:25 UTC 2021 x86_64 GNU/Linux (root) /usr/bin # kube kube-bench kubeaudit kubectl kubectl-who-can kubeletctl kubesec (root) /usr/bin # kubeletctl /bin/sh: kubeletctl: not found (root) /usr/bin # not sure if Im missing anything

santikris2003 commented 3 years ago

I also tried to run the kube-hunter , getting these errors , executed from pythin3 venv (root) ~ # ls bin docker-bench-security include kube-hunter lib lib64 lynis pwnchart pyvenv.cfg unix-privesc-check (root) ~ # cd ./kube-hunter/ (root) ~/kube-hunter # pip install -r requirements.txt Obtaining file:///root/kube-hunter (from -r requirements.txt (line 1)) Installing build dependencies ... done Getting requirements to build wheel ... done Installing backend dependencies ... done Preparing wheel metadata ... done Collecting PrettyTable Downloading prettytable-2.1.0-py3-none-any.whl (22 kB) Collecting ruamel.yaml Downloading ruamel.yaml-0.17.4-py3-none-any.whl (101 kB) |████████████████████████████████| 101 kB 8.9 MB/s Collecting netifaces Downloading netifaces-0.10.9.tar.gz (28 kB) Collecting netaddr Downloading netaddr-0.8.0-py2.py3-none-any.whl (1.9 MB) |████████████████████████████████| 1.9 MB 28.4 MB/s Collecting future Downloading future-0.18.2.tar.gz (829 kB) |████████████████████████████████| 829 kB 29.3 MB/s Collecting urllib3>=1.24.3 Downloading urllib3-1.26.4-py2.py3-none-any.whl (153 kB) |████████████████████████████████| 153 kB 30.1 MB/s Collecting packaging Downloading packaging-20.9-py2.py3-none-any.whl (40 kB) |████████████████████████████████| 40 kB 8.9 MB/s Collecting dataclasses Downloading dataclasses-0.6-py3-none-any.whl (14 kB) Collecting requests Downloading requests-2.25.1-py2.py3-none-any.whl (61 kB) |████████████████████████████████| 61 kB 8.9 MB/s Collecting scapy>=2.4.3 Downloading scapy-2.4.5.tar.gz (1.1 MB) |████████████████████████████████| 1.1 MB 30.0 MB/s Collecting pluggy Downloading pluggy-0.13.1-py2.py3-none-any.whl (18 kB) Collecting pyparsing>=2.0.2 Downloading pyparsing-2.4.7-py2.py3-none-any.whl (67 kB) |████████████████████████████████| 67 kB 9.0 MB/s Collecting wcwidth Downloading wcwidth-0.2.5-py2.py3-none-any.whl (30 kB) Collecting chardet<5,>=3.0.2 Downloading chardet-4.0.0-py2.py3-none-any.whl (178 kB) |████████████████████████████████| 178 kB 38.6 MB/s Collecting certifi>=2017.4.17 Downloading certifi-2020.12.5-py2.py3-none-any.whl (147 kB) |████████████████████████████████| 147 kB 38.8 MB/s Collecting idna<3,>=2.5 Downloading idna-2.10-py2.py3-none-any.whl (58 kB) |████████████████████████████████| 58 kB 8.5 MB/s Collecting ruamel.yaml.clib>=0.1.2 Downloading ruamel.yaml.clib-0.2.2.tar.gz (179 kB) |████████████████████████████████| 179 kB 37.4 MB/s Using legacy 'setup.py install' for scapy, since package 'wheel' is not installed. Using legacy 'setup.py install' for future, since package 'wheel' is not installed. Using legacy 'setup.py install' for netifaces, since package 'wheel' is not installed. Using legacy 'setup.py install' for ruamel.yaml.clib, since package 'wheel' is not installed. Installing collected packages: wcwidth, urllib3, ruamel.yaml.clib, pyparsing, idna, chardet, certifi, scapy, ruamel.yaml, requests, PrettyTable, pluggy, packaging, netifaces, netaddr, future, dataclasses, kube-hunter Running setup.py install for ruamel.yaml.clib ... done Running setup.py install for scapy ... done Running setup.py install for netifaces ... error ERROR: Command errored out with exit status 1: command: /root/bin/python3 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-zkpsiahw/netifaces_c74b3c6e92f541dda5c56ea7c1c4a32a/setup.py'"'"'; file='"'"'/tmp/pip-install-zkpsiahw/netifaces_c74b3c6e92f541dda5c56ea7c1c4a32a/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(file) if os.path.exists(file) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record /tmp/pip-record-40jii5fm/install-record.txt --single-version-externally-managed --compile --install-headers /root/include/site/python3.8/netifaces cwd: /tmp/pip-install-zkpsiahw/netifaces_c74b3c6e92f541dda5c56ea7c1c4a32a/ Complete output (16 lines): running install running build running build_ext checking for getifaddrs...not found. checking for getnameinfo...not found. checking for socket IOCTLs...not found. checking for optional header files...none found. checking whether struct sockaddr has a length field...no. checking which sockaddr_xxx structs are defined...none! checking for routing socket support...no. checking for sysctl(CTL_NET...) support...no. checking for netlink support...no. building 'netifaces' extension gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fomit-frame-pointer -g -fno-semantic-interposition -fomit-frame-pointer -g -fno-semantic-interposition -fomit-frame-pointer -g -fno-semantic-interposition -DTHREAD_STACK_SIZE=0x100000 -fPIC -DNETIFACES_VERSION=0.10.9 -I/root/include -I/usr/include/python3.8 -c netifaces.c -o build/temp.linux-x86_64-3.8/netifaces.o unable to execute 'gcc': No such file or directory error: command 'gcc' failed with exit status 1

ERROR: Command errored out with exit status 1: /root/bin/python3 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-zkpsiahw/netifaces_c74b3c6e92f541dda5c56ea7c1c4a32a/setup.py'"'"'; file='"'"'/tmp/pip-install-zkpsiahw/netifaces_c74b3c6e92f541dda5c56ea7c1c4a32a/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(file) if os.path.exists(file) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record /tmp/pip-record-40jii5fm/install-record.txt --single-version-externally-managed --compile --install-headers /root/include/site/python3.8/netifaces Check the logs for full command output. (root) ~/kube-hunter #

madhuakula commented 3 years ago

Sorry about that. Looks like some issue with kubeletctl when it's downloading from the official release. Fixed by building from multi-stage build container.

Regarding the kube-hunter currently, it only works using YAML manifests. Due to the python environment with dependencies were breaking.

Thank you so much once again!