search

GoVanguard / legion

Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.
GNU General Public License v3.0
1.02k stars 171 forks source link

Legion 0.43 crashes after nmap stage 3 - cve import #247

Open kutmasterk opened 10 months ago

kutmasterk commented 10 months ago

Legion 0.43 on Kali 2023.4 crashes after the cve db import at stage 3 with the following error message:

Traceback (most recent call last):
  File "/usr/share/legion/app/importers/NmapImporter.py", line 330, in run
    db_script.output = scr.output
    ^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'output'
sscottgvit commented 10 months ago

@kutmasterk Interesting. Thanks for the report. Can you give me a list of the options you used during the scan? Are you using a default config? Would it be possible to email me the tmp folders that have the scan details? Don't post any non-anonymized data here, if you're permitted and would, could you email them tar'd/zip'd up to sscott@gotham-security.com?

kutmasterk commented 10 months ago

@sscottgvit I am using the default settings on fresh kali 2023.4 install probing our apache webserver.

i sent you the contents of the tmp folder via email.

sscottgvit commented 10 months ago

@kutmasterk Would it be possible for you to run a manual nmap scan against that host and send me the xml to my email? I want to verify the condition is addressed before I push the change.

richard31337 commented 5 months ago

@sscottgvit Hi. I'm experiencing this same exact error. Is there a fix for this? Thanks

micheleselea commented 5 months ago

same issue for me: just add an host with standard configuration

EpicPilgrim commented 5 months ago

I also am having this with 0.4.3 on Kali. No nmap or legion updates available. @sscottgvit , do you still need nmap output to help diagnose this?

ethhack commented 5 months ago

Has this been resolved yet (not seeing a Close on it)? I'm having this issue on the latest Kali build.

bernardyip commented 4 months ago

I fixed this issue by modifying /usr/share/legion/app/importers/NmapImporter.py at line 330.

                     for scr in p.getScripts():
                         db_script = session.query(l1ScriptObj).filter_by(scriptId=scr.scriptId) \
                             .filter_by(portId=db_port.id).first()

+                         if not db_script:
+                             db_script = l1ScriptObj(scr.scriptId, scr.output, db_port.id, db_host.id)
+ 
                         if not scr.output == '' and scr.output != None:
                             db_script.output = scr.output

Not sure if it causes any issues with the import but this stopped it from crashing.

ethhack commented 4 months ago

I’d been considering doing similar. I’ll look at it in the morning and test the same.

Thanks.

On Mon, May 27, 2024 at 1:15 PM Bernard Yip @.***> wrote:

I fixed this issue by modifying /usr/share/legion/app/importers/NmapImporter.py at line 330.

                 for scr in p.getScripts():
                     db_script = session.query(l1ScriptObj).filter_by(scriptId=scr.scriptId) \
                         .filter_by(portId=db_port.id).first()
  • if not db_script:+ db_script = l1ScriptObj(scr.scriptId, scr.output, db_port.id, db_host.id)+ if not scr.output == '' and scr.output != None: db_script.output = scr.output

Not sure if it causes any issues with the import but this stopped it from crashing.

— Reply to this email directly, view it on GitHub https://github.com/GoVanguard/legion/issues/247#issuecomment-2133850605, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACOCZYFCUTMMIVYAJBPA2R3ZENS4BAVCNFSM6AAAAABAK573GOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZTHA2TANRQGU . You are receiving this because you commented.Message ID: @.***>

bikusta commented 3 months ago

The fix of @bernardyip also worked for me.

Kali-Lucy commented 1 month ago

Thank you :)