Error during a scan - Githubissues

CLincat / vulcat

vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞，发现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模式，可以持续利用漏洞

GNU General Public License v3.0

124 stars 17 forks source link

Error during a scan #4

Closed Teicu closed 1 year ago

Teicu commented 1 year ago

Hi,

Do you have any idea why I get these errors and how they can be fixed? I am using the latest version and the system is macbook

_[15:24:49] [INFO] Start scanning target https://website.com [15:24:50] [INFO] The WAF detection for the current URL starts [15:24:51] [INFO] Not found the WAF [15:24:51] [INFO] Fingerprint identification the current URL, please wait... Exception in thread Thread-76: Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/threading.py", line 932, in _bootstrap_inner self.run() File "/Users/pentest/vulcat/lib/tool/thread.py", line 19, in run self.result = self.target(self.clients) File "/Users/pentest/vulcat/payloads/Spring/cve_2022_22965.py", line 72, in cve_2022_22965_scan if ((res2.status_code == 200) and (randomStr in res2.text)): AttributeError: 'NoneType' object has no attribute 'statuscode'

Teicu commented 1 year ago

_AttributeError: 'NoneType' object has no attribute 'text' 60%|████████▍ | 6/10 [00:06<00:04, 1.01s/it]Exception in thread Thread-432: Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/threading.py", line 932, in _bootstrap_inner self.run() File "/Users/pentest/vulcat/lib/tool/thread.py", line 19, in run self.result = self.target(self.clients) File "/Users/pentest/vulcat/payloads/ApacheHadoop/new_unauth.py", line 36, in apache_hadoop_unauthorizedscan 'parseHadoopID' in res.text AttributeError: 'NoneType' object has no attribute 'text

CLincat commented 1 year ago

Thank you for your question. I just checked and fixed the Bug. You can try again.

谢谢你的提问，我刚刚检查并修复了错误，您可以重新试试。

Teicu commented 1 year ago

Hi,

I just updated the tool and there is some errors again.

python3 vulcat.py -f Desktop/urls.txt

              ___                   _____

| | [_] | \ / /| | | | | | u_u/ ) / ] | | \ \/ / | (/ | | |･･}(__ ( [] | | | \/ (___ ]/[] ___) _• •)/ []

Traceback (most recent call last): File "vulcat.py", line 18, in from lib.core.coreScan import corescan # * 导入核心扫描模块 File "/Users/pentest/vulcat/lib/core/coreScan.py", line 20, in from payloads.ApacheDruid.main import apachedruid File "/Users/pentest/vulcat/payloads/ApacheDruid/main.py", line 23, in from payloads.ApacheDruid.cve_2021_25646 import cve_2021_25646_scan File "/Users/pentest/vulcat/payloads/ApacheDruid/cve_2021_25646.py", line 4, in from lib.api.dns import dns File "/Users/pentest/vulcat/lib/api/dns.py", line 81, in dns = DNS() File "/Users/pentest/vulcat/lib/api/dns.py", line 40, in init self.dnslog_pw_domain = self.pw_random_prefix + '.' + config.get('dnslog_pw_domain') TypeError: can only concatenate str (not "NoneType") to str

CLincat commented 1 year ago

Sorry very much. I just checked and fixed the Bug. You can try again. Thank you for your issues.

非常抱歉，我刚刚检查并修复了错误，您可以重新试试，谢谢你的issues。

Teicu commented 1 year ago

It works now, but sometimes during scanning I also get this error. Can you fix that too please?

_23%|███▏ | 8/35 [00:08<00:27, 1.01s/it]Exception in thread Thread-233: Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/threading.py", line 932, in _bootstrap_inner self.run() File "/Users/pentest/vulcat/lib/tool/thread.py", line 19, in run self.result = self.target(self.clients) File "/Users/pentest/vulcat/payloads/ElasticSearch/cve_2015_5531.py", line 65, in cve_2015_5531scan if (('114, 111, 111, 116' in res3.text) AttributeError: 'NoneType' object has no attribute 'text'

CLincat commented 1 year ago

Sorry again, You can try again. Thank you for your issues.

再次抱歉，您可以重新试试，谢谢你的issues。

Teicu commented 1 year ago

works fine! thanks again

Teicu commented 1 year ago

Hi again @CLincat , just found another error:

_python3 vulcat.py -u http://testaspnet.vulnweb.com

              ___                   _____

| | [_] | \ / /| | | | | | u_u/ ) / ] | | \ \/ / | (/ | | |･･}(__ ( [] | | | \/ (___ ]/[] ___) _• •)/ []

[11:27:47] [INFO] Start scanning target http://testaspnet.vulnweb.com [11:27:49] [INFO] The WAF detection for the current URL starts [11:27:50] [INFO] Not found the WAF [11:27:50] [INFO] Fingerprint identification the current URL, please wait... [11:27:59] [INFO] No identification framework, all vulnerabilities will be scanned 100%|█████████████| 35/35 [00:35<00:00, 1.01s/it] [11:28:36] [INFO] Wait for all threads to finish. Please wait... [11:29:46] [INFO] Analyzing the results. Please wait... [11:29:46] [-] The target does not seem vulnerable. A total of 461 HTTP(s) requests [11:29:46] [INFO] Scan is completed, Take 119 seconds pentest@pentest-2 vulcat % /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/multiprocessing/resource_tracker.py:216: UserWarning: resource_tracker: There appear to be 1 leaked semaphore objects to clean up at shutdown warnings.warn('resource_tracker: There appear to be %d '_

CLincat commented 1 year ago

Hello, it's not vulcat's error, I looked up some information. It was found to be a Python warning message: https://bugs.python.org/issue38842

Generally does not affect normal work.

If the error recurs, you can try the following:

Update the Python version

Set the following environment variables in the operating system

# Linux
export PYTHONWARNINGS="ignore:semaphore_tracker:UserWarning"

您好，这不是 vulcat 的错误，我查找了一些信息。发现这是一条 Python 警告消息：https://bugs.python.org/issue38842 一般不影响正常工作。

如果错误再次出现，您可以尝试以下操作：

更新蟒蛇版本
在操作系统中设置以下环境变量
```
# Linux
```

export PYTHONWARNINGS="ignore:semaphore_tracker:UserWarning"