search

google / tsunami-security-scanner

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Apache License 2.0
8.27k stars 889 forks source link

"NULL_INJECTED_INTO_NON_NULLABLE" occurs immediately after execution #117

Closed katakura closed 2 months ago

katakura commented 2 months ago

Problem summary

After installing "Ubuntu Server 22.04 LTS" on a virtual machine in Azure, we added the necessary packages and ran "quick_start.sh" to build tsunami.

After that, I started tsunami scan on localhost (127.0.0.1) as instructed, but it stopped with the error "NULL_INJECTED_INTO_NON_NULLABLE" rather soon after execution.

execution environment

Ubuntu version:

user01@vm-tsunami:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.4 LTS"

Added package:

sudo apt -y update
sudo apt -y install nmap ncrack default-jre default-jdk
user01@vm-tsunami:~$ java -version
openjdk version "11.0.24" 2024-07-16
OpenJDK Runtime Environment (build 11.0.24+8-post-Ubuntu-1ubuntu322.04)
OpenJDK 64-Bit Server VM (build 11.0.24+8-post-Ubuntu-1ubuntu322.04, mixed mode, sharing)
user01@vm-tsunami:~$ nmap --version
Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.6 openssl-3.0.2 nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.10.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
user01@vm-tsunami:~$ ncrack --version

Ncrack version 0.7 ( http://ncrack.org )
Modules: SSH, RDP, FTP, Telnet, HTTP(S), Wordpress, POP3(S), IMAP, CVS, SMB, VNC, SIP, Redis, PostgreSQL, MQTT, MySQL, MSSQL, MongoDB, Cassandra, WinRM, OWA, DICOM

Build of tsunami

Execute the following commands as a general user

bash -c "$(curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)"
(snip)

BUILD SUCCESSFUL in 6s
5 actionable tasks: 5 executed

Building Tsunami scanner jar file ...
Downloading https://services.gradle.org/distributions/gradle-6.5-bin.zip
.........10%..........20%..........30%..........40%.........50%..........60%..........70%..........80%.........90%..........100%

Welcome to Gradle 6.5!

Here are the highlights of this release:
 - Experimental file-system watching
 - Improved version ordering
 - New samples

For more details see https://docs.gradle.org/6.5/release-notes.html

Starting a Gradle Daemon (subsequent builds will be faster)

> Task :tsunami-common:compileJava
Note: /home/user01/tsunami/repos/tsunami-security-scanner/common/src/main/java/com/google/tsunami/common/net/http/OkHttpHttpClient.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

Deprecated Gradle features were used in this build, making it incompatible with Gradle 7.0.
Use '--warning-mode all' to show the individual deprecation warnings.
See https://docs.gradle.org/6.5/userguide/command_line_interface.html#sec:command_line_warnings

BUILD SUCCESSFUL in 4m 27s
19 actionable tasks: 19 executed

Build successful, execute the following command to scan 127.0.0.1:

cd /home/user01/tsunami && \
java -cp "tsunami-main-0.0.24-SNAPSHOT-cli.jar:/home/user01/tsunami/plugins/*" \
  -Dtsunami-config.location=/home/user01/tsunami/tsunami.yaml \
  com.google.tsunami.main.cli.TsunamiCli \
  --ip-v4-target=127.0.0.1 \
  --scan-results-local-output-format=JSON \
  --scan-results-local-output-filename=/tmp/tsunami-output.json

Execution of tsunami

user01@vm-tsunami:~$ cd /home/user01/tsunami && \
java -cp "tsunami-main-0.0.24-SNAPSHOT-cli.jar:/home/user01/tsunami/plugins/*" \
  -Dtsunami-config.location=/home/user01/tsunami/tsunami.yaml \
  com.google.tsunami.main.cli.TsunamiCli \
  --ip-v4-target=127.0.0.1 \
  --scan-results-local-output-format=JSON \
  --scan-results-local-output-filename=/tmp/tsunami-output.json
Aug 06, 2024 11:36:56 PM com.google.tsunami.main.cli.TsunamiCli main
INFO: Full classpath scan took 14.56 s
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.config.ConfigModule configure
INFO: Found Tsunami config class: com.google.tsunami.common.net.http.HttpClientConfigProperties
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.config.ConfigModule configure
INFO: Found Tsunami config class: com.google.tsunami.plugin.TcsConfigProperties
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.config.ConfigModule configure
INFO: Found Tsunami config class: com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.GenericWeakCredentialDetectorConfigs
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.config.ConfigModule configure
INFO: Found Tsunami config class: com.google.tsunami.plugins.detectors.exposedui.phpunit.PHPUnitExposedEvalStdinDetectorConfigs
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.config.ConfigModule configure
INFO: Found Tsunami config class: com.google.tsunami.plugins.detectors.exposedui.spring.SpringBootExposedEndpointDetector$Configs
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.config.ConfigModule configure
INFO: Found Tsunami config class: com.google.tsunami.plugins.fingerprinters.web.WebServiceFingerprinterConfigs$WebServiceFingerprinterConfigProperties
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.config.ConfigModule configure
INFO: Found Tsunami config class: com.google.tsunami.plugins.portscan.nmap.NmapPortScannerConfigs
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFO: Found CliOption: com.google.tsunami.common.io.archiving.GoogleCloudStorageArchiver$Options
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFO: Found CliOption: com.google.tsunami.common.net.http.HttpClientCliOptions
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFO: Found CliOption: com.google.tsunami.main.cli.LanguageServerOptions
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFO: Found CliOption: com.google.tsunami.main.cli.ScanResultsArchiver$Options
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFO: Found CliOption: com.google.tsunami.main.cli.option.MainCliOptions
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFO: Found CliOption: com.google.tsunami.plugin.TcsClientCliOptions
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFO: Found CliOption: com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.GenericWeakCredentialDetectorCliOptions
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFO: Found CliOption: com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.clients.hydra.HydraClient$HydraClientCliOptions
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFO: Found CliOption: com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.clients.ncrack.NcrackClient$NcrackClientCliOptions
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFO: Found CliOption: com.google.tsunami.plugins.fingerprinters.web.WebServiceFingerprinterConfigs$WebServiceFingerprinterCliOptions
Aug 06, 2024 11:36:56 PM com.google.tsunami.common.cli.CliOptionsModule configure
INFO: Found CliOption: com.google.tsunami.plugins.portscan.nmap.option.NmapPortScannerCliOptions
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.cve202348022.Cve202348022Detector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.cve202348022.Cve202348022Detector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.cve20236018.Cve20236018Detector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.cve20236018.Cve20236018Detector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.cve20236019.Cve20236019Detector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.cve20236019.Cve20236019Detector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.credentials.cve20177615.MantisBTAuthenticationBypassDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.credentials.cve20177615.MantisBTAuthenticationBypassDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.GenericWeakCredentialDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.GenericWeakCredentialDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.directorytraversal.cve202017519.Cve202017519Detector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.directorytraversal.cve202017519.Cve202017519Detector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.directorytraversal.cve20213223.NodeRedDashboardDirectoryTraversalDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.directorytraversal.cve20213223.NodeRedDashboardDirectoryTraversalDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.apachenifi.apivuln.ApacheNiFiApiExposedUiDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.apachenifi.apivuln.ApacheNiFiApiExposedUiDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.argoworkflow.ExposedArgoworkflowDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.argoworkflow.ExposedArgoworkflowDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.docker.DockerExposedUiDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.docker.DockerExposedUiDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.drupalinstall.DrupalExposedInstallationDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.drupalinstall.DrupalExposedInstallationDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.elasticsearch.ElasticsearchApiExposedDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.elasticsearch.ElasticsearchApiExposedDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.hadoop.yarn.YarnExposedManagerApiDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.hadoop.yarn.YarnExposedManagerApiDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.jenkins.JenkinsExposedUiDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.jenkins.JenkinsExposedUiDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.joomla.JoomlaExposedUiDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.joomla.JoomlaExposedUiDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.jupyter.JupyterExposedUiDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.jupyter.JupyterExposedUiDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.kubernetes.KubernetesApiExposedDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.kubernetes.KubernetesApiExposedDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.nodered.NodeRedExposedUiDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.nodered.NodeRedExposedUiDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.phpunit.PHPUnitExposedEvalStdinDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.phpunit.PHPUnitExposedEvalStdinDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.pytorchserve.PytorchServeExposedApiDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.pytorchserve.PytorchServeExposedApiDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.spring.SpringBootExposedEndpointDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.spring.SpringBootExposedEndpointDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.exposedui.wordpress.WordPressInstallPageDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.exposedui.wordpress.WordPressInstallPageDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.SolrVelocityTemplateRceDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.SolrVelocityTemplateRceDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.consul.ConsulEnableScriptChecksCommandExecutionDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.consul.ConsulEnableScriptChecksCommandExecutionDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve20121823.Cve20121823Detector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve20121823.Cve20121823Detector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve20171000353.JenkinsCliDeserializeRceDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve20171000353.JenkinsCliDeserializeRceDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve20175638.ApacheStrutsContentTypeRceDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve20175638.ApacheStrutsContentTypeRceDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve20179805.ApacheStrutsInsecureDeserializeDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve20179805.ApacheStrutsInsecureDeserializeDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve201811776.ApacheStrutsNamespaceRceDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve201811776.ApacheStrutsNamespaceRceDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve20187600.DrupalCve20187600Detector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve20187600.DrupalCve20187600Detector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve20196340.Cve20196340Detector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve20196340.Cve20196340Detector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve20199193.Cve20199193Detector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve20199193.Cve20199193Detector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve202014883.WebLogicAdminConsoleRceDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve202014883.WebLogicAdminConsoleRceDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve202121972.VcenterUploadOvaDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve202121972.VcenterUploadOvaDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve202141773.Cve202141773DetectorWithPayload
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve202141773.Cve202141773DetectorWithPayload is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve202226134.ConfluenceOgnlInjectionRceDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve202226134.ConfluenceOgnlInjectionRceDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve202342793.TeamCityAuthBypassDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve202342793.TeamCityAuthBypassDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.cve202431982.Cve202431982Detector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.cve202431982.Cve202431982Detector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.java.JavaJmxRceDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.java.JavaJmxRceDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.joomla.cve20158562.JoomlaCve20158562Detector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.joomla.cve20158562.JoomlaCve20158562Detector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.joomla.rustyrce.JoomlaRustyRCEDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.joomla.rustyrce.JoomlaRustyRCEDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.portal.cve20207961.PortalCve20207961Detector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.portal.cve20207961.PortalCve20207961Detector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.redis.RedisUnauthenticatedCommandExecutionDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.redis.RedisUnauthenticatedCommandExecutionDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.tomcat.ghostcat.GhostcatVulnDetector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.tomcat.ghostcat.GhostcatVulnDetector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.detectors.rce.vbulletin.cve201916759.VBulletinCve201916759Detector
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.detectors.rce.vbulletin.cve201916759.VBulletinCve201916759Detector is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.fingerprinters.web.WebServiceFingerprinter
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.fingerprinters.web.WebServiceFingerprinter is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginLoadingModule configure
INFO: Found plugin class: com.google.tsunami.plugins.portscan.nmap.NmapPortScanner
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugin.PluginBootstrapModule registerPlugin
INFO: Plugin class com.google.tsunami.plugins.portscan.nmap.NmapPortScanner is registered.
Aug 06, 2024 11:36:57 PM com.google.tsunami.main.cli.TsunamiCli run
INFO: TsunamiCli starting...
Aug 06, 2024 11:36:57 PM com.google.tsunami.main.cli.server.RemoteServerLoader runServerProcesses
INFO: Starting language server processes (if any)...
Aug 06, 2024 11:36:57 PM com.google.tsunami.workflow.DefaultScanningWorkflow runAsync
INFO: Staring Tsunami scanning workflow.
Aug 06, 2024 11:36:57 PM com.google.tsunami.workflow.DefaultScanningWorkflow scanPorts
INFO: Starting port scanning phase of the scanning workflow.
Aug 06, 2024 11:36:57 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner scan
INFO: Starting nmap scan.
Aug 06, 2024 11:36:57 PM com.google.tsunami.common.command.CommandExecutor execute
INFO: Executing the following command: '/usr/bin/nmap --unprivileged -Pn -n -sT -sV --version-intensity 5 -T4 --script banner --script ssl-enum-ciphers --script http-methods --script-args http.useragent=TsunamiSecurityScanner 127.0.0.1 -oX /tmp/nmap8975082244630595489.report'
Aug 06, 2024 11:36:58 PM com.google.tsunami.plugins.portscan.nmap.client.parser.NmapResultHandler startDocument
INFO: Start parsing Nmap result document.
Aug 06, 2024 11:36:58 PM com.google.tsunami.plugins.portscan.nmap.client.parser.NmapResultHandler endDocument
INFO: Finished parsing Nmap result document.
Aug 06, 2024 11:36:58 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner scan
INFO: Finished nmap scan on target '127.0.0.1' in 643.0 ms.
Aug 06, 2024 11:36:58 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner extractServicesFromNmapRun
INFO: Building PortScanningReport from Nmap result.
Aug 06, 2024 11:36:58 PM com.google.tsunami.plugins.portscan.nmap.NmapPortScanner logIdentifiedNetworkService
INFO: Nmap identified service: ip 127.0.0.1, port 22, protocol TCP, service ssh, software OpenSSH, cpe cpe:/a:openbsd:openssh:8.9p1, cpe:/o:linux:linux_kernel, version 8.9p1 Ubuntu 3ubuntu0.10, banner SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
Aug 06, 2024 11:36:58 PM com.google.tsunami.workflow.DefaultScanningWorkflow fingerprintNetworkServices
INFO: Port scanning phase done, moving to service fingerprinting phase with '0' fingerprinter(s) selected.
Aug 06, 2024 11:36:58 PM com.google.tsunami.main.cli.TsunamiCli main
SEVERE: Exiting due to workflow execution exceptions.
java.util.concurrent.ExecutionException: com.google.inject.ProvisionException: Unable to provision, see the following errors:

1) [Guice/NullInjectedIntoNonNullable]: null returned by binding at HttpClientModule.provideLogid()
 but the 4th parameter of HttpClientModule.provideOkHttpHttpClient(HttpClientModule.java:145) is not @Nullable
  at HttpClientModule.provideLogid(HttpClientModule.java:180)
  at HttpClientModule.provideLogid(HttpClientModule.java:180)
      \_ installed by: TsunamiCli$TsunamiCliModule -> HttpClientModule
  at HttpClientModule.provideOkHttpHttpClient(HttpClientModule.java:145)
      \_ for 4th parameter
  at HttpClientModule.provideOkHttpHttpClient(HttpClientModule.java:145)
      \_ installed by: TsunamiCli$TsunamiCliModule -> HttpClientModule
  at MantisBTAuthenticationBypassDetector.<init>(MantisBTAuthenticationBypassDetector.java:73)
      \_ for 2nd parameter
  while locating MantisBTAuthenticationBypassDetector
  while locating TsunamiPlugin annotated with @Element(setName=,uniqueId=8, type=MAPBINDER, keyType=PluginDefinition)

Learn more:
  https://github.com/google/guice/wiki/NULL_INJECTED_INTO_NON_NULLABLE

1 error

======================
Full classname legend:
======================
Element:                              "com.google.inject.internal.Element"
HttpClientModule:                     "com.google.tsunami.common.net.http.HttpClientModule"
MantisBTAuthenticationBypassDetector: "com.google.tsunami.plugins.detectors.credentials.cve20177615.MantisBTAuthenticationBypassDetector"
PluginDefinition:                     "com.google.tsunami.plugin.PluginDefinition"
TsunamiCli$TsunamiCliModule:          "com.google.tsunami.main.cli.TsunamiCli$TsunamiCliModule"
TsunamiPlugin:                        "com.google.tsunami.plugin.TsunamiPlugin"
========================
End of classname legend:
========================

        at com.google.common.util.concurrent.AbstractFuture.getDoneValue(AbstractFuture.java:594)
        at com.google.common.util.concurrent.AbstractFuture.get(AbstractFuture.java:573)
        at com.google.common.util.concurrent.FluentFuture$TrustedFuture.get(FluentFuture.java:91)
        at com.google.tsunami.workflow.DefaultScanningWorkflow.run(DefaultScanningWorkflow.java:120)
        at com.google.tsunami.main.cli.TsunamiCli.run(TsunamiCli.java:96)
        at com.google.tsunami.main.cli.TsunamiCli.main(TsunamiCli.java:304)
Caused by: com.google.inject.ProvisionException: Unable to provision, see the following errors:

1) [Guice/NullInjectedIntoNonNullable]: null returned by binding at HttpClientModule.provideLogid()
 but the 4th parameter of HttpClientModule.provideOkHttpHttpClient(HttpClientModule.java:145) is not @Nullable
  at HttpClientModule.provideLogid(HttpClientModule.java:180)
  at HttpClientModule.provideLogid(HttpClientModule.java:180)
      \_ installed by: TsunamiCli$TsunamiCliModule -> HttpClientModule
  at HttpClientModule.provideOkHttpHttpClient(HttpClientModule.java:145)
      \_ for 4th parameter
  at HttpClientModule.provideOkHttpHttpClient(HttpClientModule.java:145)
      \_ installed by: TsunamiCli$TsunamiCliModule -> HttpClientModule
  at MantisBTAuthenticationBypassDetector.<init>(MantisBTAuthenticationBypassDetector.java:73)
      \_ for 2nd parameter
  while locating MantisBTAuthenticationBypassDetector
  while locating TsunamiPlugin annotated with @Element(setName=,uniqueId=8, type=MAPBINDER, keyType=PluginDefinition)

Learn more:
  https://github.com/google/guice/wiki/NULL_INJECTED_INTO_NON_NULLABLE

1 error

======================
Full classname legend:
======================
Element:                              "com.google.inject.internal.Element"
HttpClientModule:                     "com.google.tsunami.common.net.http.HttpClientModule"
MantisBTAuthenticationBypassDetector: "com.google.tsunami.plugins.detectors.credentials.cve20177615.MantisBTAuthenticationBypassDetector"
PluginDefinition:                     "com.google.tsunami.plugin.PluginDefinition"
TsunamiCli$TsunamiCliModule:          "com.google.tsunami.main.cli.TsunamiCli$TsunamiCliModule"
TsunamiPlugin:                        "com.google.tsunami.plugin.TsunamiPlugin"
========================
End of classname legend:
========================

        at com.google.inject.internal.InternalProvisionException.toProvisionException(InternalProvisionException.java:251)
        at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1151)
        at com.google.tsunami.plugin.PluginManager.matchVulnDetectors(PluginManager.java:159)
        at com.google.tsunami.plugin.PluginManager.matchAllVulnDetectors(PluginManager.java:120)
        at com.google.tsunami.plugin.PluginManager.lambda$getVulnDetectors$6(PluginManager.java:103)
        at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
        at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
        at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
        at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
        at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
        at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
        at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
        at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
        at com.google.tsunami.plugin.PluginManager.getVulnDetectors(PluginManager.java:105)
        at com.google.tsunami.workflow.DefaultScanningWorkflow.detectVulnerabilities(DefaultScanningWorkflow.java:277)
        at com.google.common.util.concurrent.AbstractTransformFuture$AsyncTransformFuture.doTransform(AbstractTransformFuture.java:224)
        at com.google.common.util.concurrent.AbstractTransformFuture$AsyncTransformFuture.doTransform(AbstractTransformFuture.java:211)
        at com.google.common.util.concurrent.AbstractTransformFuture.run(AbstractTransformFuture.java:124)
        at com.google.common.util.concurrent.DirectExecutor.execute(DirectExecutor.java:31)
        at com.google.common.util.concurrent.AbstractFuture.executeListener(AbstractFuture.java:1298)
        at com.google.common.util.concurrent.AbstractFuture.complete(AbstractFuture.java:1059)
        at com.google.common.util.concurrent.AbstractFuture.setFuture(AbstractFuture.java:852)
        at com.google.common.util.concurrent.AbstractTransformFuture$AsyncTransformFuture.setResult(AbstractTransformFuture.java:235)
        at com.google.common.util.concurrent.AbstractTransformFuture$AsyncTransformFuture.setResult(AbstractTransformFuture.java:211)
        at com.google.common.util.concurrent.AbstractTransformFuture.run(AbstractTransformFuture.java:170)
        at com.google.common.util.concurrent.DirectExecutor.execute(DirectExecutor.java:31)
        at com.google.common.util.concurrent.AbstractFuture.executeListener(AbstractFuture.java:1298)
        at com.google.common.util.concurrent.AbstractFuture.complete(AbstractFuture.java:1059)
        at com.google.common.util.concurrent.AbstractFuture.setFuture(AbstractFuture.java:852)
        at com.google.common.util.concurrent.AbstractTransformFuture$AsyncTransformFuture.setResult(AbstractTransformFuture.java:235)
        at com.google.common.util.concurrent.AbstractTransformFuture$AsyncTransformFuture.setResult(AbstractTransformFuture.java:211)
        at com.google.common.util.concurrent.AbstractTransformFuture.run(AbstractTransformFuture.java:170)
        at com.google.common.util.concurrent.DirectExecutor.execute(DirectExecutor.java:31)
        at com.google.common.util.concurrent.AbstractFuture.executeListener(AbstractFuture.java:1298)
        at com.google.common.util.concurrent.AbstractFuture.complete(AbstractFuture.java:1059)
        at com.google.common.util.concurrent.AbstractFuture.set(AbstractFuture.java:784)
        at com.google.common.util.concurrent.AbstractCatchingFuture.run(AbstractCatchingFuture.java:120)
        at com.google.common.util.concurrent.DirectExecutor.execute(DirectExecutor.java:31)
        at com.google.common.util.concurrent.AbstractFuture.executeListener(AbstractFuture.java:1298)
        at com.google.common.util.concurrent.AbstractFuture.complete(AbstractFuture.java:1059)
        at com.google.common.util.concurrent.AbstractFuture.set(AbstractFuture.java:784)
        at com.google.common.util.concurrent.AbstractTransformFuture$TransformFuture.setResult(AbstractTransformFuture.java:258)
        at com.google.common.util.concurrent.AbstractTransformFuture.run(AbstractTransformFuture.java:170)
        at com.google.common.util.concurrent.DirectExecutor.execute(DirectExecutor.java:31)
        at com.google.common.util.concurrent.AbstractFuture.executeListener(AbstractFuture.java:1298)
        at com.google.common.util.concurrent.AbstractFuture.complete(AbstractFuture.java:1059)
        at com.google.common.util.concurrent.AbstractFuture.setFuture(AbstractFuture.java:852)
        at com.google.common.util.concurrent.TimeoutFuture$Fire.run(TimeoutFuture.java:120)
        at com.google.common.util.concurrent.DirectExecutor.execute(DirectExecutor.java:31)
        at com.google.common.util.concurrent.AbstractFuture.executeListener(AbstractFuture.java:1298)
        at com.google.common.util.concurrent.AbstractFuture.complete(AbstractFuture.java:1059)
        at com.google.common.util.concurrent.AbstractFuture.set(AbstractFuture.java:784)
        at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.afterRanInterruptiblySuccess(TrustedListenableFutureTask.java:136)
        at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:89)
        at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:82)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)
tooryx commented 2 months ago

Hi @katakura,

Thank you for the thorough report. I will look into this.

~tooryx

tooryx commented 2 months ago

I was able to successfully reproduced this issue and to write the according fix. I will push it internally today and it should reach the public repository in 1-2 days. In the meantime, if you just want to play around with Tsunami, you can apply the following patch:

--- a/main/src/main/java/com/google/tsunami/main/cli/TsunamiCli.java
+++ b/main/src/main/java/com/google/tsunami/main/cli/TsunamiCli.java
@@ -184,7 +184,7 @@ public final class TsunamiCli {

       install(new SystemUtcClockModule());
       install(new CommandExecutorModule());
-      install(new HttpClientModule.Builder().setLogId(mco.logId).build());
+      install(new HttpClientModule.Builder().setLogId(mco.getLogId()).build());
       install(new GoogleCloudStorageArchiverModule());
       install(new ScanResultsArchiverModule());
       install(new PluginExecutionModule());

Thank you again for reporting this. ~tooryx

tooryx commented 2 months ago

This is now fixed on master. I will cut a new release in the following days.