Closed righettod closed 1 year ago
Hi there - thanks for the kind words!
I wasn't able to reproduce the issue on the Kali docker rolling image.
This is what I did:
βββ(rootγΏ8fdcd133af09)-[/]
ββ# apt update && apt install wafw00f
Get:1 http://ftp.halifax.rwth-aachen.de/kali kali-rolling InRelease [30.6 kB]
Get:2 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 Packages [18.7 MB]
Get:3 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/non-free amd64 Packages [234 kB]
Get:4 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/contrib amd64 Packages [111 kB]
Fetched 19.1 MB in 2s (7897 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
2 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
ca-certificates krb5-locales libexpat1 libgpm2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libmpdec3 libncursesw6 libnsl2 libpython3-stdlib libpython3.10-minimal libpython3.10-stdlib
libreadline8 libsqlite3-0 libssl3 libtirpc-common libtirpc3 media-types openssl python3 python3-certifi python3-chardet python3-charset-normalizer python3-idna python3-minimal python3-pkg-resources
python3-pluginbase python3-requests python3-six python3-urllib3 python3.10 python3.10-minimal readline-common
Suggested packages:
gpm krb5-doc krb5-user python3-doc python3-tk python3-venv python3-setuptools python3-cryptography python3-openssl python3-socks python-requests-doc python3-brotli python3.10-venv python3.10-doc binutils
binfmt-support readline-doc
The following NEW packages will be installed:
ca-certificates krb5-locales libexpat1 libgpm2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libmpdec3 libncursesw6 libnsl2 libpython3-stdlib libpython3.10-minimal libpython3.10-stdlib
libreadline8 libsqlite3-0 libssl3 libtirpc-common libtirpc3 media-types openssl python3 python3-certifi python3-chardet python3-charset-normalizer python3-idna python3-minimal python3-pkg-resources
python3-pluginbase python3-requests python3-six python3-urllib3 python3.10 python3.10-minimal readline-common wafw00f
0 upgraded, 37 newly installed, 0 to remove and 2 not upgraded.
Need to get 11.9 MB of archives.
After this operation, 39.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 libssl3 amd64 3.0.5-4 [2031 kB]
Get:2 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 libpython3.10-minimal amd64 3.10.7-2 [828 kB]
Get:3 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 libexpat1 amd64 2.4.9-1 [105 kB]
Get:4 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 python3.10-minimal amd64 3.10.7-2 [1994 kB]
Get:5 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 python3-minimal amd64 3.10.6-1 [38.7 kB]
Get:6 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 media-types all 8.0.0 [33.4 kB]
Get:7 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 libmpdec3 amd64 2.5.1-2 [87.8 kB]
Get:8 http://http.kali.org/kali kali-rolling/main amd64 libncursesw6 amd64 6.3+20220423-2 [133 kB]
Get:9 http://http.kali.org/kali kali-rolling/main amd64 libkrb5support0 amd64 1.20-1+b1 [32.2 kB]
...
Setting up wafw00f (2.2.0-1) ...
Processing triggers for libc-bin (2.35-3) ...
Processing triggers for ca-certificates (20211016) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Then:
βββ(rootγΏ8fdcd133af09)-[/]
ββ# wafw00f -vv righettod.eu
______
/ \
( W00f! )
\ ____/
,, __ 404 Hack Not Found
|`-.__ / / __ __
/" _/ /_/ \ \ / /
*===* / \ \_/ / 405 Not Allowed
/ )__// \ /
/| / /---` 403 Forbidden
\\/` \ | / _ \
`\ /_\\_ 502 Bad Gateway / / \ \ 500 Internal Error
`_____``-` /_/ \_\
~ WAFW00F : v2.2.0 ~
The Web Application Firewall Fingerprinting Toolkit
INFO:wafw00f:The url righettod.eu should start with http:// or https:// .. fixing (might make this unusable)
[*] Checking https://righettod.eu
INFO:wafw00f:starting wafw00f on https://righettod.eu
INFO:wafw00f:Request Succeeded
...
INFO:wafw00f:Identified WAF: []
[+] Generic Detection results:
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Server returned a different response when a XSS attack vector was tried.
INFO:wafw00f:Generic Detection: The server returns a different response code when an attack string is used.
Normal response code is "200", while the response code to cross-site scripting attack is "403"
[*] The site https://righettod.eu seems to be behind a WAF or some sort of security solution
[~] Reason: The server returns a different response code when an attack string is used.
Normal response code is "200", while the response code to cross-site scripting attack is "403"
[~] Number of requests: 5
INFO:wafw00f:Found: 1 matches.
Closing the issue.
Do add a comment and reopen if you can still reproduce the issue.
Do note that we do not maintain the packages for Kali so since what you're facing seems to be a dependency issue, it might need to be fixed there.
But here's a tip - might it be that you're using an outdated docker image that references broken packages?
OK thank you very much for the quick feedback.
I will prefer the installation via apt instead of git clone the master.
Describe the bug
When running the last version of wafw00f then the following error occur:
pkg_resources.DistributionNotFound: The 'pluginbase' distribution was not found and is required by wafw00f
.To Reproduce
Just install tool and run it with
wafw00f [target]
.Expected behavior
No error and normal processing of wafw00f.
Screenshots
Desktop (please complete the following information):
Debug output
Additional context
Fix found here:
pip3 install pluginbase
Thank you very much your tool β€
Thank you very much in advance for your feedback π