search

SamJoan / droopescan

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
GNU Affero General Public License v3.0
1.22k stars 246 forks source link

Droopescan can't find cement dependency unless ran with python3 #51

Closed pr0b3r7 closed 3 years ago

pr0b3r7 commented 3 years ago

root@kali$:./droopescan scan --help 11:05:57 Traceback (most recent call last): File "./droopescan", line 3, in from dscan import droopescan File "/opt/droopescan/dscan/droopescan.py", line 4, in from cement.core import backend, foundation, controller, handler ImportError: No module named cement.core

image

root@kali /opt/droopescan master ❯ python ./droopescan scan --help 11:07:31 Traceback (most recent call last): File "./droopescan", line 3, in from dscan import droopescan File "/opt/droopescan/dscan/droopescan.py", line 4, in from cement.core import backend, foundation, controller, handler ImportError: No module named cement.core root@kali /opt/droopescan master ❯ python ./droopescan scan --help --debug-requests 11:13:40 Traceback (most recent call last): File "./droopescan", line 3, in from dscan import droopescan File "/opt/droopescan/dscan/droopescan.py", line 4, in from cement.core import backend, foundation, controller, handler ImportError: No module named cement.core

Linux kali 5.10.0-kali6-amd64 #1 SMP Debian 5.10.26-1kali2 (2021-04-01) x86_64 GNU/Linux

install method pip

However, when running with python3 and renaming the script to .py - it works.

image

Thank you, Robert

SamJoan commented 3 years ago

Hi Robert,

Sorry for taking a little while in getting back to you on this one. It is a little bit mysterious because it seems to install properly but then it seems that it's not found.

I generally run my unit tests with Python 2 and 3, but haven't done a fresh install of droopescan in a while. I wonder if it is related to the deprecation of Python 2. I am unsure whether there are a lot of people still using Python 2 out there and if to continue supporting it. What do you think about this?

Is Kali still on Python 2?

Thanks, Pedro

NorthShad0w commented 3 years ago

kali use command python3 to execute python version 3 script. And use command python to execute python version 2 script. For kali user: just edit first line in droopescan from #!/usr/bin/env python to #!/usr/bin/env python3

SamJoan commented 3 years ago

Hmm. I feel like this will be a breaking change in the sense that it will break support with Python 2 users.

But Kali is one of the biggest users of droopescan. I'll have a think.

SamJoan commented 3 years ago

Hi @NorthShad0w @pr0b3r7

I released a new version which solves this.

Can you please confirm the fix? You can update by running pip install -U droopescan

SamJoan commented 3 years ago

I'm going to reopen the issue until you have confirmed the fix. I'm concerned that I may have introduced issues with this change, but I can't see any problems on my end.

NorthShad0w commented 3 years ago

It works fine in my computer.

SamJoan commented 3 years ago

Sweet, thank you! I appreciate it.