File "zeus.py", line 419, in <module>
auto=opt.autoStartSqlmap, verbose=opt.runInVerbose, batch=opt.runInBatch
File "zeus.py", line 380, in __run_attacks
main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use, tamper=opt.tamperXssPayloads)
File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 109, in main_xss
filename = create_urls(start_url, payloads, tamper=tamper)
File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 60, in create_urls
payload = __tamper_payload(payload, tamper_type=tamper, warning=True)
File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 40, in __tamper_payload
return tamper_script.tamper(payload, warning=warning)
File "/home/baal/bin/python/zeus-scanner/lib/attacks/tamper_scripts/randomcase_encode.py", line 15, in tamper
if random.choice(random_int) == 1:
File "/usr/lib/python2.7/random.py", line 275, in choice
return seq[int(self.random() * len(seq))] # raises IndexError if seq is empty
TypeError: object of type 'int' has no len()
2017-10-02 10:40:03,991;zeus-log;DEBUG;verifying operating system...
2017-10-02 10:40:03,991;zeus-log;DEBUG;already ran, skipping...
2017-10-02 10:40:03,992;zeus-log;DEBUG;running with options '{'runInVerbose': True, 'useRandomAgent': True, 'runXssScan': True, 'dorkToUse': 'incontent:data_files', 'tamperXssPayloads': 'randomcase'}'...
2017-10-02 10:40:03,993;zeus-log;INFO;log file being saved to '/home/baal/bin/python/zeus-scanner/log/zeus-log-161.log'...
2017-10-02 10:40:03,994;zeus-log;DEBUG;grabbing random user-agent from '/home/baal/bin/python/zeus-scanner/etc/agents.txt'...
2017-10-02 10:40:03,995;zeus-log;DEBUG;using default search engine (Google)...
2017-10-02 10:40:03,995;zeus-log;INFO;using default search engine...
2017-10-02 10:40:03,995;zeus-log;INFO;starting dork scan with query 'incontent:data_files'...
2017-10-02 10:40:03,996;zeus-log;DEBUG;checking for user-agent and proxy configuration...
2017-10-02 10:40:03,996;zeus-log;INFO;attempting to gather query URL...
2017-10-02 10:40:03,996;zeus-log;DEBUG;setting up the virtual display to hide the browser...
2017-10-02 10:40:04,272;zeus-log;INFO;firefox browser display will be hidden while it performs the query...
2017-10-02 10:40:04,273;zeus-log;WARNING;your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
2017-10-02 10:40:04,273;zeus-log;DEBUG;running selenium-webdriver and launching browser...
2017-10-02 10:40:04,273;zeus-log;DEBUG;adjusting selenium-webdriver user-agent to 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10'...
2017-10-02 10:40:57,241;zeus-log;INFO;browser will open shortly...
2017-10-02 10:41:00,940;zeus-log;DEBUG;searching search engine for the 'q' element (search button)...
2017-10-02 10:41:01,585;zeus-log;INFO;searching 'http://google.com' using query 'incontent:data_files'...
2017-10-02 10:41:05,678;zeus-log;DEBUG;obtaining URL from selenium...
2017-10-02 10:41:10,525;zeus-log;DEBUG;found current URL from selenium browser...
2017-10-02 10:41:10,526;zeus-log;INFO;closing the browser and continuing process..
2017-10-02 10:41:13,915;zeus-log;INFO;URL successfully gathered, searching for GET parameters...
2017-10-02 10:41:13,916;zeus-log;INFO;no proxy configuration detected...
2017-10-02 10:41:14,860;zeus-log;INFO;adjusting user-agent header to Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10...
2017-10-02 10:41:15,031;zeus-log;DEBUG;found 'http://www.youtube.com/results?gl=US&tab=w1'...
2017-10-02 10:41:15,032;zeus-log;DEBUG;found 'http://apps.who.int/healthinfo/systems/surveydata/index.php/catalog/65/datafile/F9/?limit=100&offset=1600'...
2017-10-02 10:41:15,033;zeus-log;INFO;found a total of 2 URL's with a GET parameter...
2017-10-02 10:41:15,033;zeus-log;INFO;saving found URL's under '/home/baal/bin/python/zeus-scanner/log/url-log/url-log-57.log'...
2017-10-02 10:42:04,394;zeus-log;INFO;tampering payloads with 'randomcase'...
2017-10-02 10:42:04,394;zeus-log;INFO;loading payloads...
2017-10-02 10:42:04,615;zeus-log;DEBUG;a total of 298 payloads loaded...
2017-10-02 10:42:04,615;zeus-log;INFO;payloads will be written to a temporary file and read from there...
2017-10-02 10:42:04,709;zeus-log;ERROR;[7;31;31mran into exception 'object of type 'int' has no len()' exception has been saved to log file...
Traceback (most recent call last):
File "zeus.py", line 419, in <module>
auto=opt.autoStartSqlmap, verbose=opt.runInVerbose, batch=opt.runInBatch
File "zeus.py", line 380, in __run_attacks
main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use, tamper=opt.tamperXssPayloads)
File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 109, in main_xss
filename = create_urls(start_url, payloads, tamper=tamper)
File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 60, in create_urls
payload = __tamper_payload(payload, tamper_type=tamper, warning=True)
File "/home/baal/bin/python/zeus-scanner/lib/attacks/xss_scan/__init__.py", line 40, in __tamper_payload
return tamper_script.tamper(payload, warning=warning)
File "/home/baal/bin/python/zeus-scanner/lib/attacks/tamper_scripts/randomcase_encode.py", line 15, in tamper
if random.choice(random_int) == 1:
File "/usr/lib/python2.7/random.py", line 275, in choice
return seq[int(self.random() * len(seq))] # raises IndexError if seq is empty
TypeError: object of type 'int' has no len()
2017-10-02 10:42:04,829;zeus-log;INFO;[32mZeus got an unexpected error and will automatically create an issue for this error, please wait...[0m
2017-10-02 10:42:04,830;zeus-log;INFO;[32mgetting authorization...[0m
2017-10-02 10:42:04,910;zeus-log;INFO;[32mextracting traceback from log file...[0m
Error info:
Running details:
Linux-4.10.0-33-generic-x86_64-with-Ubuntu-17.04-zesty
Commands used:
zeus.py -d incontent:data_files -x --tamper randomcase --random-agent --verbose
Log file info: