Applies To
Scans initiated in Docker-based HawkScan implementations.
Issue
When running HawkScan against a configured host, the scan terminates with an error along the lines of:
Error: Unable to access http://localhost:3333.
Check if the web server is listening on the specified port.
At the same time, tests connections to the destination host via telnet, nc, or wget may be succeeding, or the destination application may be running on the same Docker host that the scanner is running on.
Cause
Connectivity issue between the docker container that HawkScan is running in and the destination host.
In a Docker context, the most common cause is that the container running HawkScan is unable to reach the endpoint based on the docker networking configuration.
Other possibilities include:
Endpoint is not running or is not listening on the configured destination port
Endpoint application is not reachable from the Docker host (routing issue, destination port is blocked by a firewall, etc)
Solution
Validate that the destination app is indeed listening on the configured host:port combination of the target application.
Validate that the destination
host:portcan be reached from the Docker host from which HawkScan runs.Add
--network hostto the Docker command that is being used to initiate the scanthe scan container will then run using the Docker host's network rather than other Docker networks (e.g., bridge or overlay networks) to reach the endpoint application
Additional Information
Example docker command which includes --network host
See Docker Command Deep Dive for details on the various other options
The StackHawk CLI option runs locally and is not subject to Docker networking configuration issues
Similar Issue
When encountering a similar error as above, except that it references https://null instead of an IP:PORT, see 'Unable to access https://null' error when running Docker-based HawkScan.
โ