Ekultek / Zeus-Scanner

Advanced reconnaissance utility
960 stars 247 forks source link

Unhandled exception (GmJOoRg) #214

Closed ZeusIssueReporter closed 6 years ago

ZeusIssueReporter commented 6 years ago

Zeus version: 1.3.12.ade2d5

Firefox version: (57, 0)

Geckodriver version: geckodriver-v0.19.0-linux64.tar.gz

Error info:

  File "zeus.py", line 408, in <module>
    __run_attacks_main()
  File "zeus.py", line 305, in __run_attacks_main
    threads=opt.amountOfThreads
  File "/home/baal/bin/python/zeus-scanner/lib/core/settings.py", line 1008, in run_attacks
    agent=agent, tamper=tamper_script, batch=batch,
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 190, in main_xss
    result = scan_xss(url, proxy=proxy, agent=agent)
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 117, in scan_xss
    xss_request = requests.get(url, proxies=config_proxy, headers=config_headers)
  File "/home/baal/.local/lib/python2.7/site-packages/requests/api.py", line 72, in get
    return request('get', url, params=params, **kwargs)
  File "/home/baal/.local/lib/python2.7/site-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/home/baal/.local/lib/python2.7/site-packages/requests/sessions.py", line 508, in request
    resp = self.send(prep, **send_kwargs)
  File "/home/baal/.local/lib/python2.7/site-packages/requests/sessions.py", line 658, in send
    r.content
  File "/home/baal/.local/lib/python2.7/site-packages/requests/models.py", line 823, in content
    self._content = bytes().join(self.iter_content(CONTENT_CHUNK_SIZE)) or bytes()
  File "/home/baal/.local/lib/python2.7/site-packages/requests/models.py", line 748, in generate
    raise ChunkedEncodingError(e)
ChunkedEncodingError: ('Connection broken: IncompleteRead(0 bytes read)', IncompleteRead(0 bytes read))

Running details: Linux-4.10.0-40-generic-x86_64-with-Ubuntu-17.04-zesty

Commands used: zeus.py -d allintitle: restricted filetype :mail --verbose --batch -x --x-forward --random-agent --proxy socks5://127.0.0.1:9050 --tamper=enclosebrackets -M -L 10

Log file info:

2017-12-01 16:38:10,072;zeus-log;INFO;tampering payloads with 'enclosebrackets'...
2017-12-01 16:38:10,072;zeus-log;INFO;loading payloads...
2017-12-01 16:38:10,088;zeus-log;DEBUG;a total of 296 payloads loaded...
2017-12-01 16:38:10,088;zeus-log;INFO;payloads will be written to a temporary file and read from there...
2017-12-01 16:38:10,105;zeus-log;DEBUG;tampering payload with 'enclosebrackets'...
2017-12-01 16:38:10,118;zeus-log;WARNING;enclosing brackets is meant to be used as an obfuscation against an already valid vulnerable site...
2017-12-01 16:38:10,147;zeus-log;INFO;loaded URL's have been saved to '/tmp/tmpqq_1lU'...
2017-12-01 16:38:10,148;zeus-log;INFO;testing for XSS vulnerabilities on host 'https://link.springer.com/content/pdf/10.1007/s00784-013-0965-8.pdf'...
2017-12-01 16:38:10,148;zeus-log;INFO;using proxy 'socks5://127.0.0.1:9050'...
2017-12-01 16:38:10,979;zeus-log;INFO;trying payload '/content/pdf/10.1007/s00784-013-0965-8.pdf\x['3']c'...
2017-12-01 16:38:10,979;zeus-log;DEBUG;host 'https://link.springer.com/content/pdf/10.1007/s00784-013-0965-8.pdf' does not appear to be vulnerable to XSS attacks with payload '/content/pdf/10.1007/s00784-013-0965-8.pdf\x['3']c'...
2017-12-01 16:38:11,527;zeus-log;INFO;trying payload '/content/pdf/10.1007/s00784-013-0965-8.pdf\x['3']C'...
2017-12-01 16:38:11,528;zeus-log;DEBUG;host 'https://link.springer.com/content/pdf/10.1007/s00784-013-0965-8.pdf' does not appear to be vulnerable to XSS attacks with payload '/content/pdf/10.1007/s00784-013-0965-8.pdf\x['3']C'...
2017-12-01 16:38:12,071;zeus-log;INFO;trying payload '/content/pdf/10.1007/s00784-013-0965-8.pdf\u['0']['0']['3']c'...
2017-12-01 16:38:12,071;zeus-log;DEBUG;host 'https://link.springer.com/content/pdf/10.1007/s00784-013-0965-8.pdf' does not appear to be vulnerable to XSS attacks with payload '/content/pdf/10.1007/s00784-013-0965-8.pdf\u['0']['0']['3']c'...
2017-12-01 16:38:12,628;zeus-log;INFO;trying payload '/content/pdf/10.1007/s00784-013-0965-8.pdf\u['0']['0']['3']C'...
2017-12-01 16:38:12,628;zeus-log;DEBUG;host 'https://link.springer.com/content/pdf/10.1007/s00784-013-0965-8.pdf' does not appear to be vulnerable to XSS attacks with payload '/content/pdf/10.1007/s00784-013-0965-8.pdf\u['0']['0']['3']C'...
2017-12-01 16:38:13,161;zeus-log;INFO;trying payload '/content/pdf/10.1007/s00784-013-0965-8.pdf&lt'...
2017-12-01 16:38:13,161;zeus-log;DEBUG;host 'https://link.springer.com/content/pdf/10.1007/s00784-013-0965-8.pdf' does not appear to be vulnerable to XSS attacks with payload '/content/pdf/10.1007/s00784-013-0965-8.pdf&lt'...
2017-12-01 16:38:13,416;zeus-log;ERROR;Zeus has hit an unexpected error and cannot continue, error code '('Connection broken: IncompleteRead(0 bytes read)', IncompleteRead(0 bytes read))'...
Traceback (most recent call last):
  File "zeus.py", line 408, in <module>
    __run_attacks_main()
  File "zeus.py", line 305, in __run_attacks_main
    threads=opt.amountOfThreads
  File "/home/baal/bin/python/zeus-scanner/lib/core/settings.py", line 1008, in run_attacks
    agent=agent, tamper=tamper_script, batch=batch,
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 190, in main_xss
    result = scan_xss(url, proxy=proxy, agent=agent)
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 117, in scan_xss
    xss_request = requests.get(url, proxies=config_proxy, headers=config_headers)
  File "/home/baal/.local/lib/python2.7/site-packages/requests/api.py", line 72, in get
    return request('get', url, params=params, **kwargs)
  File "/home/baal/.local/lib/python2.7/site-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/home/baal/.local/lib/python2.7/site-packages/requests/sessions.py", line 508, in request
    resp = self.send(prep, **send_kwargs)
  File "/home/baal/.local/lib/python2.7/site-packages/requests/sessions.py", line 658, in send
    r.content
  File "/home/baal/.local/lib/python2.7/site-packages/requests/models.py", line 823, in content
    self._content = bytes().join(self.iter_content(CONTENT_CHUNK_SIZE)) or bytes()
  File "/home/baal/.local/lib/python2.7/site-packages/requests/models.py", line 748, in generate
    raise ChunkedEncodingError(e)
ChunkedEncodingError: ('Connection broken: IncompleteRead(0 bytes read)', IncompleteRead(0 bytes read))

2017-12-01 16:38:13,710;zeus-log;INFO;Zeus got an unexpected error and will automatically create an issue for this error, please wait...
2017-12-01 16:38:13,710;zeus-log;INFO;getting authorization...
2017-12-01 16:38:13,737;zeus-log;INFO;extracting traceback from log file...
2017-12-01 16:38:13,737;zeus-log;INFO;attempting to get firefox browser version...
Ekultek commented 6 years ago

patched via https://github.com/Ekultek/Zeus-Scanner/commit/54dd5d47f5309b5a2019b82ef947ab10ecd7628e