search

Ostorlab / oxo

OXO is a security scanning orchestrator for the modern age.
https://oxo.ostorlab.co
Apache License 2.0
520 stars 52 forks source link

Scan on mobile apps with existing agents shows no findings #302

Closed RabsonJ closed 5 months ago

RabsonJ commented 2 years ago

Describe the bug Running a scan of mobile apps with existing agents reports no findings even if the apps are vulnerable.

To Reproduce Steps to reproduce the behavior:

  1. Run a scan with

Expected behavior ostorlab vulnz list -s [scan_id] should list the vulnerabilities of the mobile apps.

Screenshots image001

Link to the apps https://www.linkedin.com/pulse/10-vulnerable-android-applications-beginners-learn-hacking-anugrah-sr

amine3 commented 2 years ago

Hi, Which command did you use to run the scan?

Jasonchenya commented 2 years ago

hi Amine,

Please check the following command: ostorlab scan run --agent agent/ostorlab/nmap --agent agent/ostorlab/openvas --agent agent/ostorlab/tsunami --agent agent/ostorlab/nuclei android-apk dvba_v1.1.0.apk

Jasonchenya commented 2 years ago

and below is the error for me to run the scan with 4 agents for single ip address: Exception in thread Thread-2: Traceback (most recent call last): File "/app/agent/tracker_agent.py", line 61, in start self.timeout_queues_checking(self.postscane_done_timeout_sec) File "/app/agent/tracker_agent.py", line 90, in timeout_queues_checking raise TimeoutError() TimeoutError

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/aiormq/base.py", line 25, in __inner return await self.task asyncio.exceptions.CancelledError

The above exception was the direct cause of the following exception:

Traceback (most recent call last): File "/usr/local/lib/python3.8/threading.py", line 932, in _bootstrap_inner self.run() File "/usr/local/lib/python3.8/threading.py", line 870, in run self._target(*self._args, self._kwargs) File "/app/agent/tracker_agent.py", line 64, in start self.emit('v3.report.event.post_scan.timeout', {}) File "/usr/local/lib/python3.8/site-packages/ostorlab/agent/agent.py", line 223, in emit self.emit_raw(selector, message.raw) File "/usr/local/lib/python3.8/site-packages/ostorlab/agent/agent.py", line 246, in emit_raw self.mq_send_message(selector, raw) File "/usr/local/lib/python3.8/site-packages/ostorlab/agent/mixins/agent_mq_mixin.py", line 136, in mq_send_message self._loop.run_until_complete(self.async_mq_send_message(key, message, message_priority)) File "/usr/local/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete return future.result() File "/usr/local/lib/python3.8/asyncio/tasks.py", line 695, in _wrap_awaitable return (yield from awaitable.await()) File "/usr/local/lib/python3.8/site-packages/aiormq/base.py", line 27, in __inner raise self.exception from e File "/usr/local/lib/python3.8/site-packages/aiormq/base.py", line 168, in wrap return await self.create_task(func(self, *args, *kwargs)) File "/usr/local/lib/python3.8/site-packages/aiormq/base.py", line 27, in __inner raise self.exception from e File "/usr/local/lib/python3.8/site-packages/ostorlab/agent/mixins/agent_mq_mixin.py", line 123, in async_mq_send_message exchange = await self._get_exchange(channel) File "/usr/local/lib/python3.8/site-packages/ostorlab/agent/mixins/agent_mq_mixin.py", line 55, in _get_exchange return await channel.declare_exchange(self._topic, File "/usr/local/lib/python3.8/site-packages/aio_pika/robust_channel.py", line 125, in declare_exchange exchange = await super().declare_exchange( File "/usr/local/lib/python3.8/site-packages/aio_pika/channel.py", line 246, in declare_exchange await exchange.declare(timeout=timeout) File "/usr/local/lib/python3.8/site-packages/aio_pika/exchange.py", line 81, in declare return await asyncio.wait_for( File "/usr/local/lib/python3.8/asyncio/tasks.py", line 455, in wait_for return await fut File "/usr/local/lib/python3.8/site-packages/aiormq/channel.py", line 591, in exchange_declare return await self.rpc( File "/usr/local/lib/python3.8/site-packages/aiormq/base.py", line 168, in wrap return await self.create_task(func(self, args, kwargs)) File "/usr/local/lib/python3.8/site-packages/aiormq/base.py", line 27, in inner raise self.exception from e File "/usr/local/lib/python3.8/asyncio/tasks.py", line 695, in _wrap_awaitable return (yield from awaitable.await()) File "/usr/local/lib/python3.8/site-packages/aiormq/base.py", line 27, in inner raise self.exception from e File "/usr/local/lib/python3.8/asyncio/tasks.py", line 695, in _wrap_awaitable return (yield from awaitable.await()) File "/usr/local/lib/python3.8/site-packages/aiormq/base.py", line 27, in inner raise self.exception from e File "/usr/local/lib/python3.8/site-packages/aiormq/connection.py", line 423, in close_writer await writer.wait_closed() File "/usr/local/lib/python3.8/asyncio/streams.py", line 359, in wait_closed await self._protocol._get_close_waiter(self) File "/usr/local/lib/python3.8/site-packages/aiormq/connection.py", line 375, in reader weight, channel, frame = await self.receive_frame() File "/usr/local/lib/python3.8/site-packages/aiormq/connection.py", line 327, in __receive_frame frame_header = await self.reader.readexactly(1) File "/usr/local/lib/python3.8/asyncio/streams.py", line 723, in readexactly await self._wait_for_data('readexactly') File "/usr/local/lib/python3.8/asyncio/streams.py", line 517, in _wait_for_data await self._waiter File "/usr/local/lib/python3.8/asyncio/selector_events.py", line 910, in write n = self._sock.send(data) ConnectionResetError: [Errno 104] Connection reset by peer

amine3 commented 2 years ago

Hi Chen, It is expected to have empty results for the mobile application since all the agents you are using for the scan do not detect vulnerabilities in mobile applications. Nmap is used to scan open ports in a domain or an IP address. Tsunami, Openvas, and nuclei are used in either web scans or network scans. Currently, the Open-source market store does not have agents for the mobile analysis. If you would like to scan a mobile application, you need to use the community scanner via the UI.

Jasonchenya commented 2 years ago

Hi Amine, Noted with thanks! Is there any plan to release any agents that support the mobile analysis? Also could you help check the Connection reset issue for the network scan with single ip address?

deadly-panda commented 2 years ago

We have created an issue for the connection reset bug, and have one of the team working on a fix. Yes, we are working on open-sourcing all of our scanning agents, web and mobile among others.