search

alpha1e0 / kiwi

kiwi:安全源码审计工具
237 stars 52 forks source link

關於chcp win10 #5

Open 687766616e opened 5 years ago

687766616e commented 5 years ago

win10 64bits chcp 65001

$ kiwi
+------------------------------------------------------------------------------+
|                 Kiwi. Security tool for auditing source code                 |
|                       https://github.com/alpha1e0/kiwi                       |
+------------------------------------------------------------------------------+

Traceback (most recent call last):
  File "C:\Python27\Scripts\kiwi-script.py", line 11, in <module>
    load_entry_point('kiwi==1.1', 'console_scripts', 'kiwi')()
  File "C:\Python27\lib\site-packages\kiwi-1.1-py2.7.egg\kiwi\ui\cli\main.py", line 63, in main
    out.init(u"Kiwi 代码安全扫描")
  File "C:\Python27\lib\site-packages\kiwi-1.1-py2.7.egg\kiwi\core\common.py", line 91, in init
    self.yellow(u"[{0}]".format(self._title))
  File "C:\Python27\lib\site-packages\kiwi-1.1-py2.7.egg\kiwi\core\common.py", line 141, in yellow
    def yellow(cls, msg): cls.out(msg, 'yellow')
  File "C:\Python27\lib\site-packages\kiwi-1.1-py2.7.egg\kiwi\core\common.py", line 131, in out
    def out(cls, msg, color): print cls.colorize(msg, color)
  File "C:\Python27\lib\site-packages\kiwi-1.1-py2.7.egg\kiwi\core\common.py", line 108, in colorize
    cls.tostr(msg)
  File "C:\Python27\lib\site-packages\kiwi-1.1-py2.7.egg\kiwi\core\common.py", line 98, in tostr
    msg = msg.encode(cls.ENCODING)
LookupError: unknown encoding: cp65001

chcp 950

$ kiwi
+------------------------------------------------------------------------------+
|                 Kiwi. Security tool for auditing source code                 |
|                       https://github.com/alpha1e0/kiwi                       |
+------------------------------------------------------------------------------+

Traceback (most recent call last):
  File "C:\Python27\Scripts\kiwi-script.py", line 11, in <module>
    load_entry_point('kiwi==1.1', 'console_scripts', 'kiwi')()
  File "C:\Python27\lib\site-packages\kiwi-1.1-py2.7.egg\kiwi\ui\cli\main.py", line 63, in main
    out.init(u"Kiwi 隞??摰?急?")
  File "C:\Python27\lib\site-packages\kiwi-1.1-py2.7.egg\kiwi\core\common.py", line 91, in init
    self.yellow(u"[{0}]".format(self._title))
  File "C:\Python27\lib\site-packages\kiwi-1.1-py2.7.egg\kiwi\core\common.py", line 141, in yellow
    def yellow(cls, msg): cls.out(msg, 'yellow')
  File "C:\Python27\lib\site-packages\kiwi-1.1-py2.7.egg\kiwi\core\common.py", line 131, in out
    def out(cls, msg, color): print cls.colorize(msg, color)
  File "C:\Python27\lib\site-packages\kiwi-1.1-py2.7.egg\kiwi\core\common.py", line 108, in colorize
    cls.tostr(msg)
  File "C:\Python27\lib\site-packages\kiwi-1.1-py2.7.egg\kiwi\core\common.py", line 98, in tostr
    msg = msg.encode(cls.ENCODING)
UnicodeEncodeError: 'cp950' codec can't encode character u'\u7801' in position 7: illegal multibyte sequence
687766616e commented 5 years ago

怎麼解決? ^^'' conemu

687766616e commented 5 years ago

chcp 936有效..........

Active code page: 936

$ kiwi
+------------------------------------------------------------------------------+
|                 Kiwi. Security tool for auditing source code                 |
|                       https://github.com/alpha1e0/kiwi                       |
+------------------------------------------------------------------------------+

[Kiwi 代码安全扫描]
--------------------------------------------------------------------------------
usage: kiwi [-h] -t TARGET [-f FEATURE_DIR] [-i FEATURE_IDS [FEATURE_IDS ...]]
            [-e EXTENSIONS [EXTENSIONS ...]] [--igexts IGEXTS [IGEXTS ...]]
            [--excludes EXCLUDES [EXCLUDES ...]] [-c SCTX] [--ectx ECTX]
            [-o OUTPUTS [OUTPUTS ...]] [-v]
kiwi: error: argument -t/--target is required
687766616e commented 5 years ago

还有希望之后能忽略扫描文件內容包含关键字的文件 eg --excludes-content zend 則忽略扫描文件內容包含"zend"的文件 (正則?)

-e 怎样扫描.123.php .php.123123123 .php.(rand)文件? ^^''

687766616e commented 5 years ago 
  -e EXTENSIONS [EXTENSIONS ...], --extensions EXTENSIONS [EXTENSIONS ...]
                        指定扫描哪些类型文件,例如-e php js则扫描.php .js文件
  --igexts IGEXTS [IGEXTS ...]
                        指定忽略扫描哪些类型文件,例如--igexts php js则扫描.php .js文件

指定忽略扫描哪些类型文件,例如--igexts php js则扫描.php .js文件 ?????????

alpha1e0 commented 5 years ago

帮助信息错了,应该是“则忽略扫描”

发送自 Windows 10 版邮件应用

发件人: huitc 发送时间: 2019年6月24日 5:06 收件人: alpha1e0/kiwi 抄送: Subscribed 主题: Re: [alpha1e0/kiwi] 關於chcp win10 (#5)

-e EXTENSIONS [EXTENSIONS ...], --extensions EXTENSIONS [EXTENSIONS ...]

                    指定扫描哪些类型文件,例如-e php js则扫描.php .js文件

--igexts IGEXTS [IGEXTS ...]

                    指定忽略扫描哪些类型文件,例如--igexts php js则扫描.php .js文件

指定忽略扫描哪些类型文件,例如--igexts php js则扫描.php .js文件 ????????? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

alpha1e0 commented 5 years ago

-e 参数使用python “endswith”函数来做判断,如果想要扫描 xxx.ext1,xxx.ext2则使用-e ext1 ext2

目前不支持通过文件内容过滤

发送自 Windows 10 版邮件应用

发件人: huitc 发送时间: 2019年6月24日 4:54 收件人: alpha1e0/kiwi 抄送: Subscribed 主题: Re: [alpha1e0/kiwi] 關於chcp win10 (#5)

还有希望之后能忽略扫描文件內容包含关键字的文件 eg --excludes-content zend 則忽略扫描文件內容包含"zend"的文件 (正則?) -e 怎样扫描.123.php .php.123123123文件? ^^'' — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

687766616e commented 5 years ago

-e 参数使用python “endswith”函数来做判断,如果想要扫描 xxx.ext1,xxx.ext2则使用-e ext1 ext2 目前不支持通过文件内容过滤 发送自 Windows 10 版邮件应用 发件人: huitc 发送时间: 2019年6月24日 4:54 收件人: alpha1e0/kiwi 抄送: Subscribed 主题: Re: [alpha1e0/kiwi] 關於chcp win10 (#5) 还有希望之后能忽略扫描文件內容包含关键字的文件 eg --excludes-content zend 則忽略扫描文件內容包含"zend"的文件 (正則?) -e 怎样扫描.123.php .php.123123123文件? ^^'' — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

但我遇到的是像这样的 ABC.php.20180126 123.qqphp 123php 。。。。。。

alpha1e0 commented 5 years ago

这种情况下有两种解决方法:

  1. 不指定-e参数,这时候kiwi会对所有文件进行检测,而内置的文件类型识别会读取文件头遇到 “<?php” 则认为是php文件
  2. 自己编写个简单的脚本,将这类文件文件名统一加个.php后缀

在 2019年7月2日,20:27,huitc notifications@github.com 写道:

-e 参数使用python “endswith”函数来做判断,如果想要扫描 xxx.ext1,xxx.ext2则使用-e ext1 ext2 目前不支持通过文件内容过滤 发送自 Windows 10 版邮件应用 发件人: huitc 发送时间: 2019年6月24日 4:54 收件人: alpha1e0/kiwi 抄送: Subscribed 主题: Re: [alpha1e0/kiwi] 關於chcp win10 (#5 https://github.com/alpha1e0/kiwi/issues/5) 还有希望之后能忽略扫描文件內容包含关键字的文件 eg --excludes-content zend 則忽略扫描文件內容包含"zend"的文件 (正則?) -e 怎样扫描.123.php .php.123123123文件? ^^'' — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

但我遇到的是像这样的 ABC.php.20180126 123.qqphp 123php 。。。。。。

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/alpha1e0/kiwi/issues/5?email_source=notifications&email_token=AC2WCROTZ25TK7UL35KZGPTP5NCT7A5CNFSM4H2ZXA6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBDE3Q#issuecomment-507654766, or mute the thread https://github.com/notifications/unsubscribe-auth/AC2WCRIO5CEWBO6TUKHSXELP5NCT7ANCNFSM4H2ZXA6A.

687766616e commented 5 years ago

chcp 65001 chcp 950 不能用..