[Error] directory error

[oldesec]

Hi.

After merging, An error occurs in relation to the file or directory.

I think this problem occurs in a single domain.

Files are stored in the root directory(/ ).

Error log:

root@oldesec:~/chomp-scan# ./chomp-scan.sh -L config
Beginning scan with config file options.
[i] Scanning example.com with dnscan.
[i] Command: /root/bounty/tools/dnscan/dnscan.py -d example.com -t 25 -o /dnscan_out.txt -w wordlists/subdomains-top1mil-20000.txt.
[*] Processing domain example.com
[*] Using system resolvers ['127.0.0.53']
[+] Getting nameservers
94.130.248.104 - ns2.schokokeks-dns.de
178.63.68.96 - ns1.schokokeks-dns.de
37.120.167.100 - ns3.schokokeks-dns.de
[-] Zone transfer failed

[+] IPv6 (AAAA) records found. Try running dnscan with the -6 option.
2a01:4f8:121:1ffe:1:1008:0:104b

[+] TXT records found
"v=spf1 a mx include:_spf.schokokeks-dns.de -all"

[+] MX records found, added to target list
100 zucker.schokokeks.org.

[*] Scanning example.com for A records
178.63.68.96 - example.com

[i] dnsscan took 2 seconds to run.
[!] dnscan found 1 IP/domain pairs.
[+] Found 1 unique IPs so far.
[+] Found 2 unique discovered domains so far.
[+] Found 0 unique resolvable domains so far.
./chomp-scan.sh: line 847: /tmp: Is a directory
mv: cannot overwrite non-directory '/all_discovered_domains.txt' with directory '/tmp'
[i] Scanning example.com with subfinder.
[i] Command: subfinder -d example.com -o /subfinder-domains.txt -t 25 -w wordlists/subdomains-top1mil-20000.txt.

[NOTE] Edit /root/.config/subfinder/config.json with your options !===============================================
-=Subfinder v1.1.3 github.com/subfinder/subfinder
===============================================

Running Source: Ask
Running Source: Archive.is
Running Source: Baidu
Running Source: Bing
Running Source: CertDB
Running Source: CertificateTransparency
Running Source: Certspotter
Running Source: Commoncrawl
Running Source: Crt.sh
Running Source: Dnsdb
Running Source: DNSDumpster
Running Source: DNSTable
Running Source: Dogpile
Running Source: Exalead
Running Source: Findsubdomains
Running Source: Googleter
Running Source: Hackertarget
Running Source: Ipv4Info
Running Source: PTRArchive
Running Source: Sitedossier
Running Source: Threatcrowd
Running Source: ThreatMiner
Running Source: WaybackArchive
Running Source: Yahoo

Running enumeration on example.com

waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.example.com/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL

dnsdb: Unexpected return status 503

ptrarchive: Get http://ptrarchive.com/tools/search3.htm?label=example.com&date=ALL: read tcp 206.189.223.157:36772->104.171.118.90:80: read: connection reset by peer

archiveis: Get http://archive.is/*.example.com: dial tcp 78.108.190.21:80: connect: connection timed out

Total 7 Unique subdomains found for example.com

.example.com
blog.example.com
bugs.example.com
crashes.example.com
files.example.com
flimp.example.com
www.example.com

[i] Subfinder took 132 seconds to run.
[!] Subfinder found 7 domains.
[+] Found 1 unique IPs so far.
[+] Found 9 unique discovered domains so far.
[+] Found 0 unique resolvable domains so far.
[i] Scanning example.com with sublist3r.
[i] Command: /root/bounty/tools/Sublist3r/sublist3r.py -d example.com -v -b -t 50 -o /sublist3r-output.txt.

                 ____        _     _ _     _   _____
                / ___| _   _| |__ | (_)___| |_|___ / _ __
                \___ \| | | | '_ \| | / __| __| |_ \| '__|
                 ___) | |_| | |_) | | \__ \ |_ ___) | |
                |____/ \__,_|_.__/|_|_|___/\__|____/|_|

                # Coded By Ahmed Aboul-Ela - @aboul3la

[-] Enumerating subdomains now for example.com
[-] verbosity is enabled, will show the subdomains results in realtime
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
ThreatCrowd: blog.example.com
Virustotal: blog.example.com
Virustotal: files.example.com
Virustotal: flimp.example.com
Virustotal: bugs.example.com
Virustotal: crashes.example.com
Virustotal: www.example.com
Bing: blog.example.com
Bing: crashes.example.com
Bing: flimp.example.com
Bing: files.example.com
Google: flimp.example.com
Google: crashes.example.com
Google: blog.example.com
Google: files.example.com
Yahoo: blog.example.com
Yahoo: flimp.example.com
DNSdumpster: crashes.example.com
SSL Certificates: files.example.com
SSL Certificates: crashes.example.com
SSL Certificates: flimp.example.com
SSL Certificates: blog.example.com
SSL Certificates: www.example.com
SSL Certificates: bugs.example.com
Yahoo: crashes.example.com
Yahoo: files.example.com
DNSdumpster: www.example.com
DNSdumpster: blog.example.com
DNSdumpster: files.example.com
DNSdumpster: flimp.example.com
DNSdumpster: bugs.example.com
[-] Starting bruteforce module now using subbrute..
example.com
^C
[!] Cancelling command.
./chomp-scan.sh: line 875: 14650 Killed                  "$SUBLIST3R" -d "$1" -v -b -t 50 -o "$WORKING_DIR"/sublist3r-output.txt
[+] Found 1 unique IPs so far.
[+] Found 9 unique discovered domains so far.
[+] Found 0 unique resolvable domains so far.
[i] Scanning example.com with amass.
[i] Command: amass -d example.com -w wordlists/subdomains-top1mil-20000.txt -ip -rf resolvers.txt -active -o /amass-output.txt -min-for-recursive 3 -bl blacklist.txt
bugs.example.com 178.63.68.96,2a01:4f8:121:1ffe:1:1008:0:1321
blog.example.com 178.63.68.96,2a01:4f8:121:1ffe:1:1008:0:104c
www.example.com 178.63.68.96,2a01:4f8:121:1ffe:1:1008:0:104b
flimp.example.com 178.63.68.96,2a01:4f8:121:1ffe:1:1008:0:145f
crashes.example.com 178.63.68.96,2a01:4f8:121:1ffe:1:1008:0:104d
example.com 178.63.68.96,2a01:4f8:121:1ffe:1:1008:0:104b
files.example.com 178.63.68.96,2a01:4f8:121:1ffe:1:1008:0:105b
autoconfig.example.com 178.63.68.96,2a01:4f8:121:1ffe:1:1285:0:676
Average DNS queries performed: 107/sec, DNS names remaining: 8
^C

OWASP Amass v2.9.11                               https://github.com/OWASP/Amass
--------------------------------------------------------------------------------
8 names discovered - scrape: 1, cert: 5, api: 1, dns: 1
--------------------------------------------------------------------------------
ASN: 24940 - HETZNER-AS, DE
        178.63.0.0/16           8    Subdomain Name(s)
        2a01:4f8::/29           8    Subdomain Name(s)

[!] Cancelling command.
[i] amass took 97 seconds to run.
[!] amass found 8 domains.
[+] Found 8 unique IPs so far.
[+] Found 11 unique discovered domains so far.
[+] Found 0 unique resolvable domains so far.
[i] Running goaltdns against all 11 unique discovered subdomains to generate domains for masscan to resolve.
[i] Command: goaltdns -l /all_discovered_domains.txt -w wordlists/altdns-words.txt -o /goaltdns-output.txt.
[i] Goaltdns took 0 seconds to run.
[i] Goaltdns generated 12343 subdomains.
[i] Scanning 11339 current unique example.com domains and IPs, goaltdns generated domains, and domain-appended wordlist with massdns (in quiet mode).
[i] Command: cat (all found domains and IPs) | /root/bounty/tools/massdns/bin/massdns -r resolvers.txt -q -t A -o S -w /massdns-result.txt.
[i] Massdns took 25 seconds to run.
[!] Check /massdns-CNAMEs.txt for a list of CNAMEs found.
[+] Found 8 unique IPs so far.
[+] Found 11 unique discovered domains so far.
[+] Found 6 unique resolvable domains so far.
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
sort: read failed: /: Is a directory
mv: '/temp4' and '/temp4' are the same file
[i] Running subjack against all 6 unique discovered subdomains to check for subdomain takeover.
[i] It will run twice, once against HTTPS and once against HTTP.
[i] Command: subjack -d example.com -w /all_resolved_domains.txt -v -t 20 -ssl -m -o /subjack-output.txt
[Not Vulnerable] files.example.com
[Not Vulnerable] example.com
[Not Vulnerable] crashes.example.com
[Not Vulnerable] blog.example.com
[Not Vulnerable] www.example.com
[Not Vulnerable] bugs.example.com
[Not Vulnerable] blog.example.com
[Not Vulnerable] bugs.example.com
[Not Vulnerable] crashes.example.com
[Not Vulnerable] files.example.com
[Not Vulnerable] example.com
[Not Vulnerable] www.example.com
[i] Subjack took 0 seconds to run.
[i] Full Subjack results are at /subjack-output.txt.
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
./chomp-scan.sh: line 791: /: Is a directory
sort: read failed: /: Is a directory
mv: '/temp4' and '/temp4' are the same file
wc: /: Is a directory
[!] No interesting domains have been found yet.
[+] Found 8 unique IPs so far.
[+] Found 11 unique discovered domains so far.
[+] Found 6 unique resolvable domains so far.
[i] Creating a Burp scope file with rescope.
[-] Grabbing targets from /all_resolved_domains.txt
[-] Parsing to JSON (Burp Suite)
[✓] Done. Wrote 1256 bytes to /burp-scope.json

[i] Total script run time: 1558171283 seconds.

root dir:

root@oldesec:/# ls /
all_discovered_domains.txt  etc                   media                    subjack-https-output.txt
all_discovered_ips.txt      goaltdns-output.txt   mnt                      sys
all_resolved_domains.txt    home                  opt                      temp4
amass-output.txt            initrd.img            proc                     tmp
bin                         initrd.img.old        root                     usr
boot                        lib                   run                      var
burp-scope.json             lib64                 sbin                     vmlinuz
dev                         lost+found            snap                     vmlinuz.old
dnscan-domains.txt          massdns-CNAMEs.txt    srv
dnscan-ips.txt              massdns-appended.txt  subfinder-domains.txt
dnscan_out.txt              massdns-result.txt    subjack-http-output.txt

[SolomonSklash]

Do a git pull on the main chomp-scan directory and try to run it again. I think the issue was I was using a temporary file called tmp, which was conflicting with the /tmp directory.

[Sy3Omda]

NOW, it is NOT working in single domain OR multi domain

[SolomonSklash]

Can you post the complete config file you're using? You've installed everything in / right? As in cloned the repo to / and installed from there? Will you try cloning it and installing from somewhere in /root also?

[Sy3Omda]

I confirm now the only thing is working is multi domain, single domain its not working at all because it fails to create working directory for that single domain plus I face error in content discovery phase withwc

[SolomonSklash]

Will you post the config file and output for the single domain? Especially the wc part.

[SolomonSklash]

Actually, do a git pull and try it again. It should be fixed now.