search

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
https://www.blstsecurity.com/cherrybomb
Apache License 2.0
1.08k stars 78 forks source link

Passive mode fails with dns error #157

Open qrilka opened 3 months ago

qrilka commented 3 months ago

Describe the bug I tried to follow the README and invoking cherrybomb in passive mode results in dns error (why does it even go to that address?)

To Reproduce Steps to reproduce the behavior:

  1. Install cherrybomb with cargo install cherrybomb
  2. Use `cherrybomb --file my-openapi.json --profile passive
  3. See error
$ cherrybomb --file my-openapi.json --profile passive

╭━━━┳╮╱╱╱╱╱╱╱╱╱╱╱╱╭╮╱╱╱╱╱╱╱╭╮
┃╭━╮┃┃╱╱╱╱╱╱╱╱╱╱╱╱┃┃╱╱╱╱╱╱╱┃┃
┃┃╱╰┫╰━┳━━┳━┳━┳╮╱╭┫╰━┳━━┳╮╭┫╰━╮
┃┃╱╭┫╭╮┃┃━┫╭┫╭┫┃╱┃┃╭╮┃╭╮┃╰╯┃╭╮┃
┃╰━╯┃┃┃┃┃━┫┃┃┃┃╰━╯┃╰╯┃╰╯┃┃┃┃╰╯┃
╰━━━┻╯╰┻━━┻╯╰╯╰━╮╭┻━━┻━━┻┻┻┻━━╯
╱╱╱╱╱╱╱╱╱╱╱╱╱╱╭━╯┃
╱╱╱╱╱╱╱╱╱╱╱╱╱╱╰━━╯       v1.0.1

Error: error sending request for url (https://cherrybomb.blstsecurity.com/tel): error trying to connect: dns error: failed to lookup address information: Name or service not known

Caused by:
    0: error trying to connect: dns error: failed to lookup address information: Name or service not known
    1: dns error: failed to lookup address information: Name or service not known
    2: failed to lookup address information: Name or service not known

Expected behavior A table as in README should be shown

Desktop (please complete the following information):

georg-ikegps commented 2 months ago

I got it working by adding the `--no-telemetry flag.

qrilka commented 2 months ago

Thanks, the project seems to be abandoned so I think we'll check out other alternatives

georg-ikegps commented 2 months ago

I had a similar impression 😞