search

cisagov / log4j-scanner

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
1.28k stars 215 forks source link

Python Version Compatibility ? #24

Closed CyberSec2 closed 2 years ago

CyberSec2 commented 2 years ago

🐛 Summary

What versions of Python are compatible with the 'log4j-scan.py' script?

To reproduce

  1. Successfully imported requirements.txt using the following command: C:\Users\XXXXXX\Desktop\Sec Team\Python Scripts\log4j-scanner-master\log4j-scanner-master\log4-scanner>pip --trusted-host pypi.org --trusted-host files.pythonhosted.org install -r requirements.txt

  2. To test I ran "python log4j-scan.py -u https://log4j.lab.secbot.local --waf-bypass" on a Windows 10 PC running Python 3.10.1
    NOTE: python3 was not found so ran script with python (hence the question about version compatibility)

  3. Script execution stopped with the following error: ImportError: cannot import name 'Mapping' from 'collections' (C:\Users\XXXXXX\AppData\Local\Programs\Python\Python310\lib\collections__init__.py)

  4. Attempted unsuccessfully to import 'Mapping' with the following results: C:\Users\XXXXXX\Desktop\Sec Team\Python Scripts\log4j-scanner-master\log4j-scanner-master\log4-scanner>pip --trusted-host pypi.org --trusted-host files.pythonhosted.org install -r req.txt Collecting Mapping Downloading mapping-0.1.6.tar.gz (93 kB) |████████████████████████████████| 93 kB 696 kB/s Preparing metadata (setup.py) ... done Requirement already satisfied: termcolor in c:\users\jpoinset\appdata\local\programs\python\python310\lib\site-packages (from -r req.txt (line 2)) (1.1.0) Requirement already satisfied: PyCryptodome in c:\users\jpoinset\appdata\local\programs\python\python310\lib\site-packages (from -r req.txt (line 3)) (3.12.0) Requirement already satisfied: dnslib in c:\users\jpoinset\appdata\local\programs\python\python310\lib\site-packages (from -r req.txt (line 4)) (0.9.16) Collecting pandas Downloading pandas-1.3.5-cp310-cp310-win_amd64.whl (10.2 MB) |████████████████████████████████| 10.2 MB 3.3 MB/s Collecting numpy Downloading numpy-1.21.5-cp310-cp310-win_amd64.whl (14.0 MB) |████████████████████████████████| 14.0 MB 34 kB/s Collecting cvxpy ERROR: HTTP error 403 while getting https://files.pythonhosted.org/packages/bb/3b/47cb02b4db7e4f65c543e5b84e06a1c17672cd080958cbc9d8a78246288b/cvxpy-1.1.18-cp310-cp310-win_amd64.whl#sha256=20b9f214f092ff5dec8e8b56ddb365690d8e02f6bd005ee9b59367150e3efd05 (from https://pypi.org/simple/cvxpy/) (requires-python:>=3.6) ERROR: Could not install requirement cvxpy from https://files.pythonhosted.org/packages/bb/3b/47cb02b4db7e4f65c543e5b84e06a1c17672cd080958cbc9d8a78246288b/cvxpy-1.1.18-cp310-cp310-win_amd64.whl#sha256=20b9f214f092ff5dec8e8b56ddb365690d8e02f6bd005ee9b59367150e3efd05 (from Mapping->-r req.txt (line 1)) because of HTTP error 403 Client Error: Forbidden for url: https://files.pythonhosted.org/packages/bb/3b/47cb02b4db7e4f65c543e5b84e06a1c17672cd080958cbc9d8a78246288b/cvxpy-1.1.18-cp310-cp310-win_amd64.whl for URL https://files.pythonhosted.org/packages/bb/3b/47cb02b4db7e4f65c543e5b84e06a1c17672cd080958cbc9d8a78246288b/cvxpy-1.1.18-cp310-cp310-win_amd64.whl#sha256=20b9f214f092ff5dec8e8b56ddb365690d8e02f6bd005ee9b59367150e3efd05 (from https://pypi.org/simple/cvxpy/) (requires-python:>=3.6)

  5. Appears that the 3.10.1 version of Python I'm using to run the script is not compatible? Also, I'm assuming that the script can be run in, or ported to, a Windows OS environment? NOTE: I successfully installed and ran the script under macOS Monterey v12.0.1 - did have to install developer extensions but that was trivial.

genericcontributor commented 2 years ago

@CyberSec2

Thanks for the issue.

To everyone having the same issue: The script does function on linux/macOS.