SolomonSklash / chomp-scan

A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.
https://www.solomonsklash.io/chomp-scan-update.html
GNU General Public License v3.0
394 stars 76 forks source link

Config file not working #24

Closed gopinath6 closed 5 years ago

gopinath6 commented 5 years ago

image

above config doesnt work

image

SolomonSklash commented 5 years ago

Do you have sublist3r installed? The problem is it is looking for it and can't find it. The config file is OK. Try running ls ~/bounty/tools/sublist3r and see if you get any output.

SolomonSklash commented 5 years ago

Also, I have added a check for Kali to use the sublist3r package if the Github repo is not available. Try running git pull in the chomp-scan directory and re-run the scan.

gopinath6 commented 5 years ago

Yes sublistr was there. i have kept all source in root . i pull latest from chomp. Now it is showing error in dnscan. am already having dnscan installed.

image

SolomonSklash commented 5 years ago

Where are you keeping the tools? If they are not in ~/bounty/tools, you will keep getting these errors. Did you use the installer.sh script to install Chomp Scan? It will automatically create and install the tools to ~/bounty/tools. One option is to change the path variables in chomp-scan.sh to match where you have the tools installed, but it is probably simpler to just create and move them to ~/bounty/tools.

gopinath6 commented 5 years ago

Till yesterday it was working fine. i kept all tool in the root only. In the installer i change the installation path to root and ran installer.sh

root@kali:~/chomp-scan# ./installer.sh Installing for Kali. Reading package lists... Done Building dependency tree
Reading state information... Done build-essential is already the newest version (12.5). chromium is already the newest version (72.0.3626.109-1). curl is already the newest version (7.64.0-1). git is already the newest version (1:2.20.1-2). gobuster is already the newest version (2.0.1-1). libnet-ssleay-perl is already the newest version (1.85-2+b1). masscan is already the newest version (2:1.0.5+ds1-2). nmap is already the newest version (7.70+dfsg1-6kali1). openssl is already the newest version (1.1.1a-1). openssl set to manually installed. p7zip-full is already the newest version (16.02+dfsg-6). python-pip is already the newest version (18.1-4). python3-pip is already the newest version (18.1-4). sublist3r is already the newest version (1.0+git20170719-0kali1). wafw00f is already the newest version (0.9.5-1). wget is already the newest version (1.20.1-1). whatweb is already the newest version (0.4.9-2). nikto is already the newest version (1:2.1.6+git20150709-0kali1). The following packages were automatically installed and are no longer required: golang-1.10 golang-1.10-doc golang-1.10-go golang-1.10-src libopencv-core3.2 libopencv-imgproc3.2 libpython3.6-dev libre2-4 libtbb2 libunbound2 php7.2 php7.2-curl python-nassl python3.6-dev ruby-terminal-table ruby-unicode-display-width Use 'sudo apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 1630 not upgraded. 1 not fully installed or removed. After this operation, 0 B of additional disk space will be used. /usr/share/apt-listchanges/apt_listchanges.py:540: FutureWarning: Possible nested set at position 25 emailre = re.compile(r'([a-zA-Z0-9+-.]+)@(([[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.)|(([a-zA-Z0-9-]+.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(]?)') Setting up mariadb-server-10.1 (1:10.1.35-1) ... dpkg: error processing package mariadb-server-10.1 (--configure): installed mariadb-server-10.1 package post-installation script subprocess returned error exit status 1 Errors were encountered while processing: mariadb-server-10.1 E: Sub-process /usr/bin/dpkg returned an error code (1) Installing requirements for Python 2 and Python 3. Requirement already satisfied: tldextract in /usr/local/lib/python2.7/dist-packages (from -r requirements2.txt (line 1)) (2.2.0) Requirement already satisfied: argparse in /usr/lib/python2.7 (from -r requirements2.txt (line 2)) (1.2.1) Requirement already satisfied: termcolor in /usr/local/lib/python2.7/dist-packages (from -r requirements2.txt (line 3)) (1.1.0) Requirement already satisfied: dnspython in /usr/local/lib/python2.7/dist-packages (from -r requirements2.txt (line 4)) (1.12.0) Requirement already satisfied: requests in /usr/local/lib/python2.7/dist-packages (from -r requirements2.txt (line 5)) (2.21.0) Requirement already satisfied: colorama in /usr/lib/python2.7/dist-packages (from -r requirements2.txt (line 6)) (0.3.7) Requirement already satisfied: awscli in /usr/local/lib/python2.7/dist-packages (from -r requirements2.txt (line 7)) (1.16.120) Requirement already satisfied: sh in /usr/local/lib/python2.7/dist-packages (from -r requirements2.txt (line 8)) (1.12.14) Requirement already satisfied: pytest-xdist in /usr/local/lib/python2.7/dist-packages (from -r requirements2.txt (line 9)) (1.26.1) Requirement already satisfied: coloredlogs in /usr/local/lib/python2.7/dist-packages (from -r requirements2.txt (line 10)) (10.0) Requirement already satisfied: boto3 in /usr/local/lib/python2.7/dist-packages (from -r requirements2.txt (line 11)) (1.9.110) Requirement already satisfied: requests-file>=1.4 in /usr/local/lib/python2.7/dist-packages (from tldextract->-r requirements2.txt (line 1)) (1.4.3) Requirement already satisfied: idna in /usr/local/lib/python2.7/dist-packages (from tldextract->-r requirements2.txt (line 1)) (2.8) Requirement already satisfied: setuptools in /usr/local/lib/python2.7/dist-packages (from tldextract->-r requirements2.txt (line 1)) (39.1.0) Requirement already satisfied: urllib3<1.25,>=1.21.1 in /usr/local/lib/python2.7/dist-packages (from requests->-r requirements2.txt (line 5)) (1.24.1) Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/dist-packages (from requests->-r requirements2.txt (line 5)) (3.0.4) Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python2.7/dist-packages (from requests->-r requirements2.txt (line 5)) (2018.8.13) Requirement already satisfied: PyYAML<=3.13,>=3.10 in /usr/lib/python2.7/dist-packages (from awscli->-r requirements2.txt (line 7)) (3.12) Requirement already satisfied: rsa<=3.5.0,>=3.1.2 in /usr/local/lib/python2.7/dist-packages/rsa-3.4.2-py2.7.egg (from awscli->-r requirements2.txt (line 7)) (3.4.2) Requirement already satisfied: botocore==1.12.110 in /usr/local/lib/python2.7/dist-packages (from awscli->-r requirements2.txt (line 7)) (1.12.110) Requirement already satisfied: s3transfer<0.3.0,>=0.2.0 in /usr/local/lib/python2.7/dist-packages (from awscli->-r requirements2.txt (line 7)) (0.2.0) Requirement already satisfied: docutils>=0.10 in /usr/lib/python2.7/dist-packages (from awscli->-r requirements2.txt (line 7)) (0.14) Requirement already satisfied: execnet>=1.1 in /usr/local/lib/python2.7/dist-packages (from pytest-xdist->-r requirements2.txt (line 9)) (1.5.0) Requirement already satisfied: six in /usr/local/lib/python2.7/dist-packages (from pytest-xdist->-r requirements2.txt (line 9)) (1.12.0) Requirement already satisfied: pytest-forked in /usr/local/lib/python2.7/dist-packages (from pytest-xdist->-r requirements2.txt (line 9)) (1.0.2) Requirement already satisfied: pytest>=3.6.0 in /usr/lib/python2.7/dist-packages (from pytest-xdist->-r requirements2.txt (line 9)) (3.6.4) Requirement already satisfied: humanfriendly>=4.7 in /usr/local/lib/python2.7/dist-packages (from coloredlogs->-r requirements2.txt (line 10)) (4.17) Requirement already satisfied: jmespath<1.0.0,>=0.7.1 in /usr/local/lib/python2.7/dist-packages (from boto3->-r requirements2.txt (line 11)) (0.9.4) Requirement already satisfied: pyasn1>=0.1.3 in /usr/local/lib/python2.7/dist-packages (from rsa<=3.5.0,>=3.1.2->awscli->-r requirements2.txt (line 7)) (0.4.5) Requirement already satisfied: python-dateutil<3.0.0,>=2.1; python_version >= "2.7" in /usr/lib/python2.7/dist-packages (from botocore==1.12.110->awscli->-r requirements2.txt (line 7)) (2.6.1) Requirement already satisfied: futures<4.0.0,>=2.2.0; python_version == "2.6" or python_version == "2.7" in /usr/lib/python2.7/dist-packages (from s3transfer<0.3.0,>=0.2.0->awscli->-r requirements2.txt (line 7)) (3.2.0) Requirement already satisfied: apipkg>=1.4 in /usr/local/lib/python2.7/dist-packages (from execnet>=1.1->pytest-xdist->-r requirements2.txt (line 9)) (1.5) Requirement already satisfied: funcsigs in /usr/lib/python2.7/dist-packages (from pytest>=3.6.0->pytest-xdist->-r requirements2.txt (line 9)) (1.0.2) Requirement already satisfied: monotonic; python_version == "2.6" or python_version == "2.7" or python_version == "3.0" or python_version == "3.1" or python_version == "3.2" in /usr/local/lib/python2.7/dist-packages (from humanfriendly>=4.7->coloredlogs->-r requirements2.txt (line 10)) (1.5) Requirement already satisfied: dnspython in /usr/lib/python3/dist-packages (from -r requirements3.txt (line 1)) (1.15.0) Requirement already satisfied: colorama in /usr/lib/python3/dist-packages (from -r requirements3.txt (line 2)) (0.3.7) Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from -r requirements3.txt (line 3)) (2.18.4) Requirement already satisfied: argparse in /usr/local/lib/python3.7/dist-packages (from -r requirements3.txt (line 5)) (1.4.0) Requirement already satisfied: awscli in /usr/lib/python3/dist-packages (from -r requirements3.txt (line 6)) (1.15.79) Requirement already satisfied: sh in /usr/local/lib/python3.7/dist-packages (from -r requirements3.txt (line 7)) (1.12.14) Requirement already satisfied: pytest-xdist in /usr/local/lib/python3.7/dist-packages (from -r requirements3.txt (line 8)) (1.26.1) Requirement already satisfied: coloredlogs in /usr/local/lib/python3.7/dist-packages (from -r requirements3.txt (line 9)) (10.0) Requirement already satisfied: boto3 in /usr/local/lib/python3.7/dist-packages (from -r requirements3.txt (line 10)) (1.9.110) Requirement already satisfied: pytest-forked in /usr/local/lib/python3.7/dist-packages (from pytest-xdist->-r requirements3.txt (line 8)) (1.0.2) Requirement already satisfied: six in /usr/lib/python3/dist-packages (from pytest-xdist->-r requirements3.txt (line 8)) (1.11.0) Requirement already satisfied: pytest>=3.6.0 in /usr/local/lib/python3.7/dist-packages (from pytest-xdist->-r requirements3.txt (line 8)) (4.3.0) Requirement already satisfied: execnet>=1.1 in /usr/local/lib/python3.7/dist-packages (from pytest-xdist->-r requirements3.txt (line 8)) (1.5.0) Requirement already satisfied: humanfriendly>=4.7 in /usr/local/lib/python3.7/dist-packages (from coloredlogs->-r requirements3.txt (line 9)) (4.18) Requirement already satisfied: botocore<1.13.0,>=1.12.110 in /usr/local/lib/python3.7/dist-packages (from boto3->-r requirements3.txt (line 10)) (1.12.110) Requirement already satisfied: jmespath<1.0.0,>=0.7.1 in /usr/lib/python3/dist-packages (from boto3->-r requirements3.txt (line 10)) (0.9.3) Requirement already satisfied: s3transfer<0.3.0,>=0.2.0 in /usr/local/lib/python3.7/dist-packages (from boto3->-r requirements3.txt (line 10)) (0.2.0) Requirement already satisfied: py>=1.5.0 in /usr/local/lib/python3.7/dist-packages (from pytest>=3.6.0->pytest-xdist->-r requirements3.txt (line 8)) (1.8.0) Requirement already satisfied: more-itertools>=4.0.0; python_version > "2.7" in /usr/local/lib/python3.7/dist-packages (from pytest>=3.6.0->pytest-xdist->-r requirements3.txt (line 8)) (6.0.0) Requirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from pytest>=3.6.0->pytest-xdist->-r requirements3.txt (line 8)) (39.2.0) Requirement already satisfied: attrs>=17.4.0 in /usr/local/lib/python3.7/dist-packages (from pytest>=3.6.0->pytest-xdist->-r requirements3.txt (line 8)) (19.1.0) Requirement already satisfied: pluggy>=0.7 in /usr/local/lib/python3.7/dist-packages (from pytest>=3.6.0->pytest-xdist->-r requirements3.txt (line 8)) (0.9.0) Requirement already satisfied: atomicwrites>=1.0 in /usr/local/lib/python3.7/dist-packages (from pytest>=3.6.0->pytest-xdist->-r requirements3.txt (line 8)) (1.3.0) Requirement already satisfied: apipkg>=1.4 in /usr/local/lib/python3.7/dist-packages (from execnet>=1.1->pytest-xdist->-r requirements3.txt (line 8)) (1.5) Requirement already satisfied: python-dateutil<3.0.0,>=2.1; python_version >= "2.7" in /usr/lib/python3/dist-packages (from botocore<1.13.0,>=1.12.110->boto3->-r requirements3.txt (line 10)) (2.6.1) Requirement already satisfied: docutils>=0.10 in /usr/lib/python3/dist-packages (from botocore<1.13.0,>=1.12.110->boto3->-r requirements3.txt (line 10)) (0.14) Requirement already satisfied: urllib3<1.25,>=1.20; python_version >= "3.4" in /usr/lib/python3/dist-packages (from botocore<1.13.0,>=1.12.110->boto3->-r requirements3.txt (line 10)) (1.22) Installing dnscan from Github. fatal: destination path '/root/dnscan' already exists and is not an empty directory. Installing altdns from Github. fatal: destination path '/root/altdns' already exists and is not an empty directory. Installing bfac from Github. fatal: destination path '/root/bfac' already exists and is not an empty directory. Installing massdns from Github. fatal: destination path '/root/massdns' already exists and is not an empty directory. Compiling massdns from source. mkdir -p bin cc -O3 -std=c11 -DHAVE_EPOLL -DHAVE_SYSINFO -Wall -fstack-protector-strong main.c -o bin/massdns /root/chomp-scan Installing aquatone from Github. --2019-03-08 23:58:44-- https://github.com/michenriksen/aquatone/releases/download/v1.4.3/aquatone_linux_amd64_1.4.3.zip Resolving github.com (github.com)... 192.30.253.113, 192.30.253.112 Connecting to github.com (github.com)|192.30.253.113|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/46488106/8614c800-10d8-11e9-96f2-1a557758997e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190308%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190308T182846Z&X-Amz-Expires=300&X-Amz-Signature=38e54cec095f3ce92ea4d96b2c88d23d58e93c44cde7508b033f784640e40fe6&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Daquatone_linux_amd64_1.4.3.zip&response-content-type=application%2Foctet-stream [following] --2019-03-08 23:58:46-- https://github-production-release-asset-2e65be.s3.amazonaws.com/46488106/8614c800-10d8-11e9-96f2-1a557758997e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190308%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190308T182846Z&X-Amz-Expires=300&X-Amz-Signature=38e54cec095f3ce92ea4d96b2c88d23d58e93c44cde7508b033f784640e40fe6&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Daquatone_linux_amd64_1.4.3.zip&response-content-type=application%2Foctet-stream Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.81.8 Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.81.8|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 3835224 (3.7M) [application/octet-stream] Saving to: ‘/root/aquatone/aquatone.zip’

/root/aquatone/aquatone.zip 100%[=====================================================================================================================>] 3.66M 1.76MB/s in 2.1s

2019-03-08 23:58:50 (1.76 MB/s) - ‘/root/aquatone/aquatone.zip’ saved [3835224/3835224]

Archive: /root/aquatone/aquatone.zip replace /root/aquatone/aquatone? [y]es, [n]o, [A]ll, [N]one, [r]ename: A inflating: /root/aquatone/aquatone
inflating: /root/aquatone/README.md
inflating: /root/aquatone/LICENSE.txt
Installing sublist3r from Github. fatal: destination path '/root/Sublist3r' already exists and is not an empty directory. Installing CORStest from Github. fatal: destination path '/root/CORStest' already exists and is not an empty directory. Installing S3Scanner from Github. fatal: destination path '/root/S3Scanner' already exists and is not an empty directory. Installing Go tools from Github. Installing subfinder from Github. Installing subjack from Github. Installing ffuf from Github. Installing gobuster from Github. Installing inception from Github. Installing waybackurls from Github. Please run 'source ~/.profile' to add the Go binary path to your $PATH variable, then run Chomp Scan. Note: In order to use S3Scanner, you must configure your personal AWS credentials in the aws CLI tool. See https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html for details. root@kali:~/chomp-scan#

SolomonSklash commented 5 years ago

Just changing the installation path in the installer.sh script is not enough. You will need to change the path variables at the top of chomp-scan.sh to match your new install location. These are the variables you'll need to change:

   SUBLIST3R=~/bounty/tools/Sublist3r/sublist3r.py;
   DNSCAN=~/bounty/tools/dnscan/dnscan.py;
   ALTDNS=~/bounty/tools/altdns/altdns.py;
   MASSDNS_BIN=~/bounty/tools/massdns/bin/massdns;
   MASSDNS_RESOLVERS=resolvers.txt;
   AQUATONE=~/bounty/tools/aquatone/aquatone;
   BFAC=~/bounty/tools/bfac/bfac;
   DIRSEARCH=~/bounty/tools/dirsearch/dirsearch.py;
   SNALLY=~/bounty/tools/snallygaster/snallygaster;
   CORSTEST=~/bounty/tools/CORStest/corstest.py;
   S3SCANNER=~/bounty/tools/S3Scanner/s3scanner.py;

To something like this:

    SUBLIST3R=~/root/Sublist3r/sublist3r.py;
    DNSCAN=~/root/dnscan/dnscan.py;
    ALTDNS=~/root/altdns/altdns.py;
    MASSDNS_BIN=~/root/massdns/bin/massdns;
    MASSDNS_RESOLVERS=resolvers.txt;
    AQUATONE=~/root/aquatone/aquatone;
    BFAC=~/root/bfac/bfac;
    DIRSEARCH=~/root/dirsearch/dirsearch.py;
    SNALLY=~/root/snallygaster/snallygaster;
    CORSTEST=~/root/CORStest/corstest.py;
    S3SCANNER=~/root/S3Scanner/s3scanner.py;    
gopinath6 commented 5 years ago

Thanks, i missed to change this time after pull, every time i would update my path. Is it possible to move out this config out of .sh file?Otherwise ok, i will update manually.

SolomonSklash commented 5 years ago

Let me see if I can come up with a tool path option to make this easier.