Comments (15)
Thanks for raising. Just noting that the incorrect padding error may well come from base64 decoding. Needs investigation
from kube-hunter.
Thanks for replying.
Do we need to do something on our side ?
from kube-hunter.
Hi @lizrice
Any update ?
Regards
from kube-hunter.
experencing the same error. sometimes getting the same error, but only in same cases. In most of the run it just works
from kube-hunter.
no paddng problem - but can't find any cluster here either:
~ Started
~ Discovering Open Kubernetes Services...
|
| Accessed to pod's secrets:
| type: vulnerability
| host: None:None
| description:
| Accessing the pod's secrets within a
| compromised pod might disclose valuable data to a
|_ potential attacker
----------
Kube Hunter couldn't find any clusters
Using this chart: https://github.com/helm/charts/tree/master/stable/kube-hunter
from kube-hunter.
~ Started
~ Discovering Open Kubernetes Services...
|
| Accessed to pod's secrets:
| type: vulnerability
| host: None:None
| description:
| Accessing the pod's secrets within a
| compromised pod might disclose valuable data to a
|_ potential attacker
Cannot read wireshark manuf database
Same error I am facing.
Any idea?
from kube-hunter.
same here, kubectl create -f job.yml
, then the logs:
~ Started
~ Discovering Open Kubernetes Services...
|
| Accessed to pod's secrets:
| type: vulnerability
| host: None:None
| description:
| Accessing the pod's secrets within a
| compromised pod might disclose valuable data to a
|_ potential attacker
----------
Kube Hunter couldn't find any clusters
from kube-hunter.
Hi Guys,
Facing the same issue here with kube-hunter pod batch job.
`
~ Started
~ Discovering Open Kubernetes Services...
|
| Read access to pod's service account token:
| type: vulnerability
| host: None:None
| description:
| Accessing the pod service account token
| gives an attacker the option to use the
|_ server API
|
| Access to pod's secrets:
| type: vulnerability
| host: None:None
| description:
| Accessing the pod's secrets within a
| compromised pod might disclose valuable data to a
|_ potential attacker
Cannot read wireshark manuf database
Kube Hunter couldn't find any clusters
`
Kindly help me with this issue.
from kube-hunter.
i Guys,
Facing the same issue here with kube-hunter remote scanning
~ Started
~ Discovering Open Kubernetes Services...
Kube Hunter couldn't find any clusters
from kube-hunter.
What is the correct format kube-hunter is expecting?
from kube-hunter.
Any update on this bug , i want to run kube hunter in my cluster.
from kube-hunter.
Facing the same Issue, I tried this on the AKS cluster today
~ Started
~ Discovering Open Kubernetes Services...
|
| Accessed to pod's secrets:
| type: vulnerability
| host: None:None
| description:
| Accessing the pod's secrets within a
| compromised pod might disclose valuable data to a
|_ potential attacker
from kube-hunter.
Is this project dead?
from kube-hunter.
Far from it! Note that not being able to find any clusters is a perfectly plausible response - for example if the cluster is not accessible over the network from where kube-hunter is run.
Please run with logging turned on @sachsachdeva so we can get some clues. Also @danielsagi to re-test on AKS when you have a chance.
from kube-hunter.
@sachsachdeva @aakarshit-batchu @davidkarlsen please see #140.
This fixes the issue in your case of not printing the vulnerabilities found from running with job.yaml.
@lmeyemezu After: #137 exceptions are now logged correctly, so if you would run now, we can debug and see the origin of the "incorrect padding" error you got, also, there has been multiple PR's regarding the exceptions, from when this issue was posted, so theres a good chance it was fixed.
if the problem consists in reproduction, please open a new issue, with the output of the debug messages of "incorrect padding"
from kube-hunter.
Related Issues (20)
- With release: "error while loading shared libraries: libz.so.1: failed to map segment from shared object" HOT 2
- Please provide more information about running `kube-hunter` with a `ServiceAccount` for remote access (if it is possible) and describe more of the kube-hunter API (e.g. what arguments can be passed when starting a job)
- Kube hunter is not working as expected when using --kubeconfig
- The URL in ReadMe is invalid.
- How to get version of kube-hunter HOT 1
- The correct number of nodes in the k8s cluster cannot be listed.
- Kube-hunter report viewer not available?
- Add flag to hide sensitive data in results output
- Severity mismatch for KHV002 vulnerability HOT 1
- The opnfv/functest-kubernetes-security:v1.23 using kube_hunter test suite is not applicable on K8S cluster where strict PSP defined
- faulty kubectl verification
- build binary from source code HOT 1
- Enhanced logging for kube-hunter
- packaging issue: deployment of tests HOT 1
- Proposal: RBAC and Network Policy Misconfiguration
- Difference between scanning cluster using CLI and running it as a pod within the cluster
- Broken link to Trivy HOT 1
- critical vulnerabilities present in kube-hunter:0.6.8
- False Positive in KHV036 HOT 1
- kube-hunter results display different severity values for the same checks
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kube-hunter.