TypeError: unsupported operand type(s) for -: 'tuple' and 'int'

Mazars-Tech / AD_Miner

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses

GNU General Public License v3.0

1.18k stars 117 forks source link

TypeError: unsupported operand type(s) for -: 'tuple' and 'int' #194

Open obiwan420 opened 3 weeks ago

obiwan420 commented 3 weeks ago

Received this error when running AD-Miner v1.7 for the first time

System information

OS Kali 2024.4
Python v3.12.6

obiwan420 commented 3 weeks ago

I ran it a second time and got the same error, but this time I notice when AD-miner is finished gathering data and building the report when it loops back to the beginning?!?

snowpeacock commented 3 weeks ago

Hello, I guess you use the evolution flag ? How many json are you using ?

About the second screen, it's not looping back, it's just that we added logs for the python control generation as well.

obiwan420 commented 3 weeks ago

Ok that makes sense. I do have about 6 months' worth of evolution json files. I try without the evolution switch.

snowpeacock commented 3 weeks ago

Ok.

By any change have you tried modifying them manually before running AD Miner (to adjust numbers, ...) ?

obiwan420 commented 3 weeks ago

That will be my next test.

obiwan420 commented 3 weeks ago

No error when not using the evolution switch. Going to run it again with about a weeks of jsons and see what happens.

obiwan420 commented 3 weeks ago

Errored out when using evolution. I only had 5 json files in the evolution folder

obiwan420 commented 3 weeks ago

I ran AD Miner with just one json for evolution and it errored out the same.

snowpeacock commented 2 weeks ago

Hello @obiwan420, we finally identified the origin of the bug. We will release it soon with other small fixes.

snowpeacock commented 2 weeks ago

For those who might want the fix before the release:

find the file graph_path_objects_to_ou_handlers.py (maybe in your pipx folder, something like modules/controls/graph_path_objects_to_ou_handlers.py)

at the end of the file change this:

    self.data = (
        (len(self.compromise_paths_of_OUs) if self.compromise_paths_of_OUs else 0),
    )

to this:

self.data = len(self.compromise_paths_of_OUs) if self.compromise_paths_of_OUs else 0

obiwan420 commented 1 week ago

I just tested the code above and it worked without the mention error reported in this issue. However, no evolution data was included in the report when using the evolution switch.

obiwan420 commented 1 week ago

Looking at the report, it appears some the evolution data was included but is not being displayed. My oldest evolution json is from March 1st 2024 and in the AD Miner report under evolution I can see the chart dates back to March 1st 2024 but there is no data in the chart, all categories show zero issues for every data.

snowpeacock commented 1 week ago

Hello, The histogram view is indeed buggy (and will hopefully be fixed by https://github.com/Mazars-Tech/AD_Miner/commit/f9db36caf28749db89505f89351dab4ed1bac3f9). However, you should see evolution graphs for controls (when you click on "permissions", "kerberos", etc. on the main page and then on the evolution button).