Remove scapy usage (#500)

* removed arp and dns hunters usage due to it's violations of the scapy GPL2 license * added installation of arp and dns hunters to Dockerfile * added explicit new version to plugins in dockerfile installation * ignore B020 flake8
aquasecurity · May 7, 2022 · e6a3c12 · e6a3c12
1 parent 2a70206
commit e6a3c12
Show file tree

Hide file tree

Showing 8 changed files with 4 additions and 173 deletions.
diff --git a/.flake8 b/.flake8
@@ -1,5 +1,5 @@
 [flake8]
-ignore = E203, E266, E501, W503, B903, T499
+ignore = E203, E266, E501, W503, B903, T499, B020
 max-line-length = 120
 max-complexity = 18
 select = B,C,E,F,W,B9,T4

diff --git a/Dockerfile b/Dockerfile
@@ -26,4 +26,7 @@ RUN apk add --no-cache \
 COPY --from=builder /usr/local/lib/python3.8/site-packages /usr/local/lib/python3.8/site-packages
 COPY --from=builder /usr/local/bin/kube-hunter /usr/local/bin/kube-hunter
 
+# Add default plugins: https://github.com/aquasecurity/kube-hunter-plugins 
+RUN pip install kube-hunter-arp-spoof>=0.0.3 kube-hunter-dns-spoof>=0.0.3
+
 ENTRYPOINT ["kube-hunter"]
diff --git a/kube_hunter/conf/logging.py b/kube_hunter/conf/logging.py
@@ -4,10 +4,6 @@
 DEFAULT_LEVEL_NAME = logging.getLevelName(DEFAULT_LEVEL)
 LOG_FORMAT = "%(asctime)s %(levelname)s %(name)s %(message)s"
 
-# Suppress logging from scapy
-logging.getLogger("scapy.runtime").setLevel(logging.CRITICAL)
-logging.getLogger("scapy.loading").setLevel(logging.CRITICAL)
-
 
 def setup_logger(level_name, logfile):
     # Remove any existing handlers

diff --git a/kube_hunter/modules/hunting/__init__.py b/kube_hunter/modules/hunting/__init__.py
@@ -2,12 +2,10 @@
 from . import (
     aks,
     apiserver,
-    arp,
     capabilities,
     certificates,
     cves,
     dashboard,
-    dns,
     etcd,
     kubelet,
     mounts,

diff --git a/kube_hunter/modules/hunting/arp.py b/kube_hunter/modules/hunting/arp.py
diff --git a/kube_hunter/modules/hunting/dns.py b/kube_hunter/modules/hunting/dns.py
diff --git a/setup.cfg b/setup.cfg
@@ -32,7 +32,6 @@ packages = find:
 install_requires =
     netaddr
     netifaces
-    scapy>=2.4.3
     requests
     PrettyTable
     urllib3>=1.24.3

diff --git a/tests/core/test_handler.py b/tests/core/test_handler.py
@@ -20,14 +20,12 @@
     AccessApiServerActive,
     AccessApiServerWithToken,
 )
-from kube_hunter.modules.hunting.arp import ArpSpoofHunter
 from kube_hunter.modules.hunting.capabilities import PodCapabilitiesHunter
 from kube_hunter.modules.hunting.certificates import CertificateDiscovery
 
 from kube_hunter.modules.hunting.cves import K8sClusterCveHunter
 from kube_hunter.modules.hunting.cves import KubectlCVEHunter
 from kube_hunter.modules.hunting.dashboard import KubeDashboard
-from kube_hunter.modules.hunting.dns import DnsSpoofHunter
 from kube_hunter.modules.hunting.etcd import EtcdRemoteAccess, EtcdRemoteAccessActive
 from kube_hunter.modules.hunting.kubelet import (
     ProveAnonymousAuth,
@@ -76,8 +74,6 @@
 ACTIVE_HUNTERS = {
     ProveAzureSpnExposure,
     AccessApiServerActive,
-    ArpSpoofHunter,
-    DnsSpoofHunter,
     EtcdRemoteAccessActive,
     ProveRunHandler,
     ProveContainerLogsHandler,