search

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
https://www.blstsecurity.com/cherrybomb
Apache License 2.0
1.08k stars 78 forks source link

unable to install cherrybomb #148

Closed andyaspellclark-moj closed 8 months ago

andyaspellclark-moj commented 8 months ago

Describe the bug I am trying to install cherrybomb, but am getting an error downloading the install script

To Reproduce following the steps in the github README: at a command prompt I enter : curl https://cherrybomb.blstsecurity.com/install | /bin/bash

Expected behavior cherrybomb shoulw download and then execute the install script

Screenshots a "Certificate expired" error is displayed and the download of the install script fails:

curl https://cherrybomb.blstsecurity.com/install | /bin/bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Desktop (please complete the following information):

Could the install script be hosted on github? that would allow installation to occur.

DeliciousBounty commented 8 months ago

Hey @andyaspellclark-moj, we just fixed the issue (problem of certificate). This is the content of the script: `#!/bin/bash

platform='unknown' unamestr=$(uname) case $unamestr in "SunOs") echo "\033[31;1m SOLARIS is not yet supported, contact us to get support status or open a github issue\033[0m" ; exit 0;; "Darwin") platform="mac_x86_64" ;; "Linux") platform="linuxgnu" ;; "FreeBSD") echo "\033[31;1m BSD is not yet supported, contact us to get support status or open a github issue\033[0m" ; exit 0;; "WindowsNT") echo "\033[31;1m WINDOWS is not yet supported, contact us to get support status or open a github issue\033[0m" ; exit 0;; *) echo "\033[31;1m unknown: $OSTYPE is not yet supported, contact us to get support status or open a github issue\033[0m" ; exit 0;;
esac echo "\033[32;1m DETECTED OS - ${platform}\033[0m"; filename="cherrybomb${platform}" url=https://cherrybomb.blstsecurity.com/download_cherrybomb c_t="Content-Type: application/json" payload="{\"file\":\"${filename}\"}" echo "\033[34;1m DOWNLOADING CHERRYBOMB\033[0m" presigned=$(curl -s ${url} -H "${c_t}" -d $payload); pre=$(echo "$presigned" | sed -e 's/^"//' -e 's/"$//'); c=$(curl -s ${pre} -o cherrybomb); example=$(curl -s "http://download-example-oas.blstsecurity.com/example-oas.json" -o example-oas.json); echo "\033[32;1m DONE DOWNLOADING\033[0m" echo "\033[34;1m INSTALLING\033[0m" mkdir ~/.cherrybomb 2> /dev/null chmod +x cherrybomb; echo "MOVING CHERRYBOMB BIN INTO /usr/local/bin/, MAY REQUIRE sudo" sudo mv cherrybomb /usr/local/bin/ echo "\033[32;1m DONE INSTALLING RUN cherrybomb to test\033[0m"`