cisagov / untitledgoosetool

Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.
Creative Commons Zero v1.0 Universal
912 stars 79 forks source link

Errors when running goosey honk --debug #37

Closed martinduffy closed 1 year ago

martinduffy commented 1 year ago

🐛 Summary

What's wrong? Please be specific.

I am seeing three errors in the debug logs when running goosey honk --debug. They all occur one right after the other though it looks like the errors are in different python scripts. The errors are all concerning - "object has no attribute 'status'"

To reproduce

Steps to reproduce the behavior:

  1. Do this in a command window: goosey auth (no errors) goosey honk

Expected behavior

No errors

Any helpful log output or screenshots

================================================ Begin log

2023-05-11 13:40:34,942 - utils - DEBUG - Getting nextLink 13e406b89528bc16a91dff47ff2b61d1_1045 (utils.py:259) 2023-05-11 13:40:34,948 - utils - ERROR - Error on nextLink retrieval 13e406b89528bc16a91dff47ff2b61d1_1045: 'token_type' (utils.py:283) 2023-05-11 13:40:34,948 - utils - INFO - Error. Retrying 13e406b89528bc16a91dff47ff2b61d1_1045 up to 50 more times (utils.py:288) 2023-05-11 13:40:34,948 - utils - DEBUG - 'token_type' (utils.py:289) 2023-05-11 13:40:34,948 - azure_ad_datadumper - ERROR - Error on nextLink retrieval: 'KeyError' object has no attribute 'status' (azure_ad_datadumper.py:269) Traceback (most recent call last): File "C:\Users\xxxx\ps.venv\lib\site-packages\goosey\utils.py", line 261, in get_nextlink header = {'Authorization': '%s %s' % (auth['token_type'], auth['access_token'])} KeyError: 'token_type'

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "C:\Users\xxxx\apps.venv\lib\site-packages\goosey\azure_ad_datadumper.py", line 241, in dump_azuread_audit await get_nextlink(nexturl, outfile, self.ahsession, self.logger, self.auth) File "C:\Users\xxxx\apps.venv\lib\site-packages\goosey\utils.py", line 290, in get_nextlink if e.status: AttributeError: 'KeyError' object has no attribute 'status'

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "C:\Users\xxxx\AppData\Local\Programs\Python\Python39\lib\runpy.py", line 197, in _run_module_as_main return _run_code(code, main_globals, None, File "C:\Users\xxxx\AppData\Local\Programs\Python\Python39\lib\runpy.py", line 87, in _run_code exec(code, run_globals) File "C:\Users\xxxx\apps.venv\Scripts\goosey.exe__main__.py", line 7, in File "C:\Users\xxxx\apps.venv\lib\site-packages\goosey\main.py", line 89, in main honkmain(args) File "C:\Users\xxxx\apps.venv\lib\site-packages\goosey\honk.py", line 278, in main asyncio.run(run(args, config, auth, auth_un_pw)) File "C:\Users\xxxx\AppData\Local\Programs\Python\Python39\lib\asyncio\runners.py", line 44, in run return loop.run_until_complete(main) File "C:\Users\xxxx\AppData\Local\Programs\Python\Python39\lib\asyncio\base_events.py", line 642, in run_until_complete return future.result() File "C:\Users\xxxx\apps.venv\lib\site-packages\goosey\honk.py", line 145, in run await asyncio.gather(*tasks) File "C:\Users\xxxx\apps.venv\lib\site-packages\goosey\azure_ad_datadumper.py", line 270, in dump_azuread_audit if e.status: AttributeError: 'AttributeError' object has no attribute 'status'

End log

victoriawallace-cisa commented 1 year ago

We were able to replicate the issue. We are currently working on a fix for it.

victoriawallace-cisa commented 1 year ago

@martinduffy Hello, we just released a new version of the tool, could you test it out and let me know if it fixes the issue? Thanks.

victoriawallace-cisa commented 1 year ago

No response received, closing issue.