Ekultek / Zeus-Scanner

Advanced reconnaissance utility
956 stars 248 forks source link

TypeError: object of type 'int' has no len() #39

Closed ZeusIssueReporter closed 7 years ago

ZeusIssueReporter commented 7 years ago

Error info:

  File "zeus.py", line 419, in <module>
    auto=opt.autoStartSqlmap, verbose=opt.runInVerbose, batch=opt.runInBatch
  File "zeus.py", line 380, in __run_attacks
    main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use, tamper=opt.tamperXssPayloads)
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 109, in main_xss
    filename = create_urls(start_url, payloads, tamper=tamper)
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 60, in create_urls
    payload = __tamper_payload(payload, tamper_type=tamper, warning=True)
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 40, in __tamper_payload
    return tamper_script.tamper(payload, warning=warning)
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/tamper_scripts/randomcase_encode.py", line 15, in tamper
    if random.choice(random_int) == 1:
  File "/usr/lib/python2.7/random.py", line 275, in choice
    return seq[int(self.random() * len(seq))]  # raises IndexError if seq is empty
TypeError: object of type 'int' has no len()

Running details: Linux-4.10.0-33-generic-x86_64-with-Ubuntu-17.04-zesty

Commands used: zeus.py -d incontent:data_files -x --tamper randomcase --random-agent --verbose

Log file info:

2017-10-02 10:40:03,991;zeus-log;DEBUG;verifying operating system...
2017-10-02 10:40:03,991;zeus-log;DEBUG;already ran, skipping...
2017-10-02 10:40:03,992;zeus-log;DEBUG;running with options '{'runInVerbose': True, 'useRandomAgent': True, 'runXssScan': True, 'dorkToUse': 'incontent:data_files', 'tamperXssPayloads': 'randomcase'}'...
2017-10-02 10:40:03,993;zeus-log;INFO;log file being saved to '/home/baal/bin/python/zeus-scanner/log/zeus-log-161.log'...
2017-10-02 10:40:03,994;zeus-log;DEBUG;grabbing random user-agent from '/home/baal/bin/python/zeus-scanner/etc/agents.txt'...
2017-10-02 10:40:03,995;zeus-log;DEBUG;using default search engine (Google)...
2017-10-02 10:40:03,995;zeus-log;INFO;using default search engine...
2017-10-02 10:40:03,995;zeus-log;INFO;starting dork scan with query 'incontent:data_files'...
2017-10-02 10:40:03,996;zeus-log;DEBUG;checking for user-agent and proxy configuration...
2017-10-02 10:40:03,996;zeus-log;INFO;attempting to gather query URL...
2017-10-02 10:40:03,996;zeus-log;DEBUG;setting up the virtual display to hide the browser...
2017-10-02 10:40:04,272;zeus-log;INFO;firefox browser display will be hidden while it performs the query...
2017-10-02 10:40:04,273;zeus-log;WARNING;your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
2017-10-02 10:40:04,273;zeus-log;DEBUG;running selenium-webdriver and launching browser...
2017-10-02 10:40:04,273;zeus-log;DEBUG;adjusting selenium-webdriver user-agent to 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10'...
2017-10-02 10:40:57,241;zeus-log;INFO;browser will open shortly...
2017-10-02 10:41:00,940;zeus-log;DEBUG;searching search engine for the 'q' element (search button)...
2017-10-02 10:41:01,585;zeus-log;INFO;searching 'http://google.com' using query 'incontent:data_files'...
2017-10-02 10:41:05,678;zeus-log;DEBUG;obtaining URL from selenium...
2017-10-02 10:41:10,525;zeus-log;DEBUG;found current URL from selenium browser...
2017-10-02 10:41:10,526;zeus-log;INFO;closing the browser and continuing process..
2017-10-02 10:41:13,915;zeus-log;INFO;URL successfully gathered, searching for GET parameters...
2017-10-02 10:41:13,916;zeus-log;INFO;no proxy configuration detected...
2017-10-02 10:41:14,860;zeus-log;INFO;adjusting user-agent header to Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10...
2017-10-02 10:41:15,031;zeus-log;DEBUG;found 'http://www.youtube.com/results?gl=US&tab=w1'...
2017-10-02 10:41:15,032;zeus-log;DEBUG;found 'http://apps.who.int/healthinfo/systems/surveydata/index.php/catalog/65/datafile/F9/?limit=100&offset=1600'...
2017-10-02 10:41:15,033;zeus-log;INFO;found a total of 2 URL's with a GET parameter...
2017-10-02 10:41:15,033;zeus-log;INFO;saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-57.log'...
2017-10-02 10:42:04,394;zeus-log;INFO;tampering payloads with 'randomcase'...
2017-10-02 10:42:04,394;zeus-log;INFO;loading payloads...
2017-10-02 10:42:04,615;zeus-log;DEBUG;a total of 298 payloads loaded...
2017-10-02 10:42:04,615;zeus-log;INFO;payloads will be written to a temporary file and read from there...
2017-10-02 10:42:04,709;zeus-log;ERROR;ran into exception 'object of type 'int' has no len()' exception has been saved to log file...
Traceback (most recent call last):
  File "zeus.py", line 419, in <module>
    auto=opt.autoStartSqlmap, verbose=opt.runInVerbose, batch=opt.runInBatch
  File "zeus.py", line 380, in __run_attacks
    main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use, tamper=opt.tamperXssPayloads)
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 109, in main_xss
    filename = create_urls(start_url, payloads, tamper=tamper)
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 60, in create_urls
    payload = __tamper_payload(payload, tamper_type=tamper, warning=True)
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 40, in __tamper_payload
    return tamper_script.tamper(payload, warning=warning)
  File "/home/baal/bin/python/zeus-scanner/lib/attacks/tamper_scripts/randomcase_encode.py", line 15, in tamper
    if random.choice(random_int) == 1:
  File "/usr/lib/python2.7/random.py", line 275, in choice
    return seq[int(self.random() * len(seq))]  # raises IndexError if seq is empty
TypeError: object of type 'int' has no len()

2017-10-02 10:42:04,829;zeus-log;INFO;Zeus got an unexpected error and will automatically create an issue for this error, please wait...
2017-10-02 10:42:04,830;zeus-log;INFO;getting authorization...
2017-10-02 10:42:04,910;zeus-log;INFO;extracting traceback from log file...
Ekultek commented 7 years ago

Creating new tamper script, forgot to turn off auto creation