search

Security-Tools-Alliance / rengine-ng

reNgine-ng is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.
GNU General Public License v3.0
12 stars 6 forks source link

bug(screenshot): screenshot scan fails with errors #110

Closed zinwelzl closed 2 weeks ago

zinwelzl commented 3 weeks ago

Current Behavior

Scan screenshot fail, EyeWitness TERM environment variable not set

screenshot fail with this log.

Logs for scan

python3 /usr/src/github/EyeWitness/Python/EyeWitness.py -f /usr/src/scan_results/ginandjuice.shop/scans/81defeee-2bbd-11ef-91bc-0242ac130004/endpoints_alive.txt -d /usr/src/scan_results/ginandjuice.shop/scans/81defeee-2bbd-11ef-91bc-0242ac130004/screenshots --no-prompt --timeout 10 --threads 40

TERM environment variable not set. ################################################################################

EyeWitness

################################################################################

Red Siege Information Security - https://www.redsiege.com

################################################################################

Starting Web Requests (1 Hosts) Attempting to screenshot https://ginandjuice.shop Finished in 34.07110023498535 seconds

Expected Behavior

.

Steps To Reproduce

.

Environment

eNgine: https://github.com/Security-Tools-Alliance/rengine-ng
OS: WattOS 13
Browser: Firefox

Anything else?

No response

Acknowledgements

psyray commented 2 weeks ago

Can I have the content of the files in the command line ?

zinwelzl commented 2 weeks ago

I deleted this version and VM and will install v2.1.0 this weekend. Sorry.

psyray commented 2 weeks ago

I deleted this version and VM and will install v2.1.0 this weekend. Sorry.

Tried to reproduce with no success. Did you try anothet target ? Waiting for your feedback on the new setup

psyray commented 2 weeks ago

After more tests, I'm able to reproduce the error It appears that EyeWitness doesn't work anymore, maybe due to the recent EyeWitness modification on bad URL https://github.com/Security-Tools-Alliance/rengine-ng/issues/15 https://github.com/Security-Tools-Alliance/rengine-ng/pull/98

Current error is

celery-1       | run_command                        | INFO | python3 /usr/src/github/EyeWitness/Python/EyeWitness.py -f /usr/src/scan_results/domain.com/scans/a5c50400-2e17-11ef-9f19-0242ac170004/endpoints_alive.txt -d /usr/src/scan_results/domain.com/scans/a5c50400-2e17-11ef-9f19-0242ac170004/screenshots --no-prompt --timeout 10 --threads 40
celery-1       | screenshot                         | ERROR | too many values to unpack (expected 6)
celery-1       | Traceback (most recent call last):
celery-1       |   File "/usr/src/app/reNgine/celery_custom_task.py", line 129, in __call__
celery-1       |     self.result = self.run(*args, **kwargs)
celery-1       |   File "/usr/src/app/reNgine/tasks.py", line 1196, in screenshot
celery-1       |     protocol, port, subdomain_name, status, screenshot_path, source_path = tuple(row)
celery-1       | ValueError: too many values to unpack (expected 6)
celery-1       | screenshot                         | WARNING | Task screenshot status is FAILED | Error: ValueError('too many values to unpack (expected 6)')

It seems the format returned has changed and need to be fixed ASAP

zinwelzl commented 2 weeks ago

I also get ######################################################################### Installing Docker...

Executing docker install script, commit: 6d9743e9656cc56f699a64800b098d5ea5a60020

psyray commented 2 weeks ago

@zinwelzl Fixed Could you test by doing a git checkout of the https://github.com/Security-Tools-Alliance/rengine-ng/tree/fix-110-screenshot-error branch