search

Ekultek / Zeus-Scanner

Advanced reconnaissance utility
952 stars 246 forks source link

2017-10-18 21:20:10,243;zeus-log;INFO;getting authorization... #111

Closed ZeusIssueReporter closed 6 years ago

ZeusIssueReporter commented 6 years ago

Zeus version: 1.0.56

Firefox version: (56, 0)

Geckodriver version: geckodriver-v0.19.0-linux64.tar.gz

Error info:

  File "zeus.py", line 496, in <module>
    __run_attacks_main()
  File "zeus.py", line 467, in __run_attacks_main
    batch=opt.runInBatch, auto_start=opt.autoStartSqlmap
  File "zeus.py", line 423, in __run_attacks
    agent=agent_to_use, tamper=opt.tamperXssPayloads
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 160, in main_xss
    result = scan_xss(url, proxy=proxy, agent=agent)
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 120, in scan_xss
    if query in html_data:
TypeError: 'in <string>' requires string as left operand, not tuple
2017-10-18 21:20:10,242;zeus-log;INFO;Zeus got an unexpected error and will automatically create an issue for this error, please wait...
2017-10-18 21:20:10,243;zeus-log;INFO;getting authorization...

Running details: Linux-4.10.0-35-generic-x86_64-with-Ubuntu-17.04-zesty

Commands used: zeus.py -d inurl:php?id= --verbose -x

Log file info:

2017-10-18 21:19:46,390;zeus-log;DEBUG;verifying operating system...
2017-10-18 21:19:46,406;zeus-log;DEBUG;already ran, skipping...
2017-10-18 21:19:46,407;zeus-log;DEBUG;running with options '{'runInVerbose': True, 'runXssScan': True, 'dorkToUse': 'inurl:php?id='}'...
2017-10-18 21:19:46,407;zeus-log;INFO;log file being saved to '/home/baal/bin/python/zeus-scanner/log/zeus-log-56.log'...
2017-10-18 21:19:46,408;zeus-log;DEBUG;using default search engine (Google)...
2017-10-18 21:19:46,408;zeus-log;INFO;using default search engine...
2017-10-18 21:19:46,408;zeus-log;INFO;starting dork scan with query 'inurl:php?id='...
2017-10-18 21:19:46,408;zeus-log;DEBUG;checking for user-agent and proxy configuration...
2017-10-18 21:19:46,408;zeus-log;WARNING;will not parse webcache URLs...
2017-10-18 21:19:46,409;zeus-log;WARNING;only pulling URLs with GET(query) parameters...
2017-10-18 21:19:46,409;zeus-log;INFO;attempting to gather query URL...
2017-10-18 21:19:46,409;zeus-log;DEBUG;setting up the virtual display to hide the browser...
2017-10-18 21:19:46,579;zeus-log;INFO;firefox browser display will be hidden while it performs the query...
2017-10-18 21:19:46,580;zeus-log;WARNING;your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
2017-10-18 21:19:46,580;zeus-log;DEBUG;running selenium-webdriver and launching browser...
2017-10-18 21:19:46,580;zeus-log;DEBUG;adjusting selenium-webdriver user-agent to 'Zeus-Scanner(v1.0.56)::Python->v2.7'...
2017-10-18 21:19:56,550;zeus-log;INFO;browser will open shortly...
2017-10-18 21:19:59,008;zeus-log;DEBUG;searching search engine for the 'q' element (search button)...
2017-10-18 21:19:59,051;zeus-log;INFO;searching 'http://google.com' using query 'inurl:php?id='...
2017-10-18 21:20:02,350;zeus-log;DEBUG;obtaining URL from selenium...
2017-10-18 21:20:02,357;zeus-log;DEBUG;found current URL from selenium browser...
2017-10-18 21:20:02,357;zeus-log;INFO;closing the browser and continuing process..
2017-10-18 21:20:03,073;zeus-log;INFO;URL successfully gathered, searching for GET parameters...
2017-10-18 21:20:03,073;zeus-log;INFO;no proxy configuration detected...
2017-10-18 21:20:03,498;zeus-log;INFO;adjusting user-agent header to default user agent 'Zeus-Scanner(v1.0.56)::Python->v2.7'...
2017-10-18 21:20:03,511;zeus-log;DEBUG;found 'http://www.bible-history.com/subcat.php?id=2'...
2017-10-18 21:20:03,512;zeus-log;DEBUG;found 'http://webcache.googleusercontent.com/search?q=cache:8D0htsUIoGkJ:http://www.bible-history.com/subcat.php?id%3D2%2Binurl:php?id%3D&hl=en&gbv=1&ct=clnk'...
2017-10-18 21:20:03,516;zeus-log;DEBUG;found 'http://www.tunesoman.com/product.php?id=200'...
2017-10-18 21:20:03,517;zeus-log;DEBUG;found 'http://webcache.googleusercontent.com/search?q=cache:Erxy5u7-G_AJ:http://www.tunesoman.com/product.php?id%3D200%2Binurl:php?id%3D&hl=en&gbv=1&ct=clnk'...
2017-10-18 21:20:03,517;zeus-log;DEBUG;found 'http://surfnature.ctfc.cat/det_project.php?id=36'...
2017-10-18 21:20:03,517;zeus-log;DEBUG;found 'http://webcache.googleusercontent.com/search?q=cache:Q0uwAgu_XjsJ:http://surfnature.ctfc.cat/det_project.php?id%3D36%2Binurl:php?id%3D&hl=en&gbv=1&ct=clnk'...
2017-10-18 21:20:03,518;zeus-log;DEBUG;found 'https://www.finvent.com/details.php?id=20'...
2017-10-18 21:20:03,518;zeus-log;DEBUG;found 'https://www.finvent.com/details.<b'...
2017-10-18 21:20:03,518;zeus-log;DEBUG;found 'http://webcache.googleusercontent.com/search?q=cache:ERXmP10XYmEJ:https://www.finvent.com/details.php?id%3D20%2Binurl:php?id%3D&hl=en&gbv=1&ct=clnk'...
2017-10-18 21:20:03,519;zeus-log;DEBUG;found 'http://www.interaliaproject.com/news.php?id=115'...
2017-10-18 21:20:03,519;zeus-log;DEBUG;found 'http://webcache.googleusercontent.com/search?q=cache:RTzm8P0427sJ:http://www.interaliaproject.com/news.php?id%3D115%2Binurl:php?id%3D&hl=en&gbv=1&ct=clnk'...
2017-10-18 21:20:03,519;zeus-log;DEBUG;found 'http://www.cinguitars.com/brand.php?id=45'...
2017-10-18 21:20:03,520;zeus-log;DEBUG;found 'http://webcache.googleusercontent.com/search?q=cache:Y2Y6rhAc7icJ:http://www.cinguitars.com/brand.php?id%3D45%2Binurl:php?id%3D&hl=en&gbv=1&ct=clnk'...
2017-10-18 21:20:03,520;zeus-log;DEBUG;found 'http://www.webscantest.com/datastore/search_get_by_id.php?id=4'...
2017-10-18 21:20:03,521;zeus-log;DEBUG;found 'http://webcache.googleusercontent.com/search?q=cache:_XzPjBVFOhAJ:http://www.webscantest.com/datastore/search_get_by_id.php?id%3D4%2Binurl:php?id%3D&hl=en&gbv=1&ct=clnk'...
2017-10-18 21:20:03,521;zeus-log;DEBUG;found 'http://www.katoombagroup.org/details.php?id=56'...
2017-10-18 21:20:03,521;zeus-log;DEBUG;found 'http://webcache.googleusercontent.com/search?q=cache:yU_pMVDpmakJ:http://www.katoombagroup.org/details.php?id%3D56%2Binurl:php?id%3D&hl=en&gbv=1&ct=clnk'...
2017-10-18 21:20:03,522;zeus-log;DEBUG;found 'http://alphaonenow.org/info.php?id=131'...
2017-10-18 21:20:03,522;zeus-log;DEBUG;found 'http://webcache.googleusercontent.com/search?q=cache:BfSZ1lfSo0gJ:http://alphaonenow.org/info.php?id%3D131%2Binurl:php?id%3D&hl=en&gbv=1&ct=clnk'...
2017-10-18 21:20:03,523;zeus-log;DEBUG;found 'http://www.icdcprague.org/index.php?id=10'...
2017-10-18 21:20:03,523;zeus-log;DEBUG;found 'http://webcache.googleusercontent.com/search?q=cache:r1Vp6iF0AqUJ:http://www.icdcprague.org/index.php?id%3D10%2Binurl:php?id%3D&hl=en&gbv=1&ct=clnk'...
2017-10-18 21:20:03,524;zeus-log;INFO;successfully wrote found items to '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-30.log'...
2017-10-18 21:20:03,536;zeus-log;INFO;found a total of 21 URLs with given query 'inurl:php?id='...
2017-10-18 21:20:04,688;zeus-log;INFO;loading payloads...
2017-10-18 21:20:04,918;zeus-log;DEBUG;a total of 298 payloads loaded...
2017-10-18 21:20:04,918;zeus-log;INFO;payloads will be written to a temporary file and read from there...
2017-10-18 21:20:04,919;zeus-log;INFO;loaded URL's have been saved to '/tmp/tmppZ08Vr'...
2017-10-18 21:20:04,919;zeus-log;INFO;testing for XSS vulnerabilities on host 'https://www.finvent.com/details.php?id=20'...
2017-10-18 21:20:06,527;zeus-log;ERROR;ran into exception ''in <string>' requires string as left operand, not tuple' exception has been saved to log file...
Traceback (most recent call last):
  File "zeus.py", line 496, in <module>
    __run_attacks_main()
  File "zeus.py", line 467, in __run_attacks_main
    batch=opt.runInBatch, auto_start=opt.autoStartSqlmap
  File "zeus.py", line 423, in __run_attacks
    agent=agent_to_use, tamper=opt.tamperXssPayloads
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 160, in main_xss
    result = scan_xss(url, proxy=proxy, agent=agent)
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 120, in scan_xss
    if query in html_data:
TypeError: 'in <string>' requires string as left operand, not tuple
2017-10-18 21:20:10,242;zeus-log;INFO;Zeus got an unexpected error and will automatically create an issue for this error, please wait...
2017-10-18 21:20:10,243;zeus-log;INFO;getting authorization...

2017-10-18 21:20:10,267;zeus-log;INFO;extracting traceback from log file...
2017-10-18 21:20:10,267;zeus-log;INFO;attempting to get firefox browser version...
Ekultek commented 6 years ago

testing