search

Hackmanit / Web-Cache-Vulnerability-Scanner

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
Other
879 stars 129 forks source link

-bash: wcvs: command not found. #19

Closed tyloren0a closed 9 months ago

tyloren0a commented 10 months ago

Hi, go install -v github.com/Hackmanit/Web-Cache-Vulnerability-Scanner@latest -> installs all packages but does not work.

m10x commented 10 months ago

Hello @tyloren0a, Have you added GOPATH/bin to your PATH?
Depending on your OS and Golang Configuration $HOME/go/bin/Web-Cache-Vulnerability-Scanner or %USERPROFILE%\go\bin\Web-Cache-Vulnerability-Scanner might work

tyloren0a commented 10 months ago

Hi @m10x , I set GOPATH and other go tools work (subfinder for example) but this tool does not work despite downloading all packages.

m10x commented 10 months ago

Can you please provide more information:

tyloren0a commented 10 months ago

Hi @m10x , I am using wsl2 (Kali Linux) on windows 11. My go version : go version go1.21.6 linux/amd64 Since it has already downloaded the tool's packages, it does not give an output at the moment.

m10x commented 10 months ago

Hm ok. Can you please show the output of: go install -n github.com/Hackmanit/Web-Cache-Vulnerability-Scanner@latest This returns, in my case, the output: touch /home/m10x/go/bin/Web-Cache-Vulnerability-Scanner

Further, can you please provide the output of: go env

tyloren0a commented 10 months ago

Hi @m10x , go install -n github.com/Hackmanit/Web-Cache-Vulnerability-Scanner@latest output : touch /home/tyloren/go/bin/Web-Cache-Vulnerability-Scanner

❯ go env GO111MODULE='auto' GOARCH='amd64' GOBIN='' GOCACHE='/home/tyloren/.cache/go-build' GOENV='/home/tyloren/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFLAGS='' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMODCACHE='/home/tyloren/go/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/home/tyloren/go' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.21.6' GCCGO='gccgo' GOAMD64='v1' AR='ar' CC='gcc' CXX='g++' CGO_ENABLED='1' GOMOD='' GOWORK='' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' PKG_CONFIG='pkg-config' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2816589105=/tmp/go-build -gno-record-gcc-switches'

m10x commented 10 months ago

Are you able to run /home/tyloren/go/bin/Web-Cache-Vulnerability-Scanner?

If not, does it exist and what does file /home/tyloren/go/bin/Web-Cache-Vulnerability-Scanner return?

tyloren0a commented 10 months ago

Hi @m10x , I think the command works but the file name is "Web-Cache-Vulnerability-Scanner". WCVS v1.1.2 started at 2024-02-01_03-45-14 [ERR] The specified header file path wordlists/headers couldn't be found: open wordlists/headers: no such file or directory Use the flag "-hw path/to/wordlist" to specify the path to a header wordlist

m10x commented 9 months ago

Ok great. Here are the recommended header/parameter wordlists: https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner/tree/master/wordlists Or you can also skip the header / parameter tests with --skiptest 'headers,parameters'