Aquatone scans doesn't run due to urllist.txt not populated

[mandeeps13k]

Due to some recent changes in lazyrecon, in my each iteration of scan, aquatone doesn't run. This is due to the reason that urllist.txt file is not being populated. I get this error on the fresh installations of lazyrecon on ec2.

I tried with re-installing and the same error persists on different machines.

[incredincomp]

I am looking into this.

It looks like the error is coming from line 106

I may have broken the formatting for the while do done from line 102 - 105 when my editor cleared white space. Ill look into the dif and see. Sorry if this is because of my edit. Ill try and fix right away!

Edit: I never touched the hostalive function so I am not sure what is happening. Ill set up a new droplet and see if I can replicate the issue with a different domain and increase error verbosity.

my function never touches the urllist.txt file, only messes with the alldomains.txt. Could you verify that the file alldomains.txt contains things from the sublister and certspotter searches by cancelling the script right after it tells you Started dns records check... ?

Edit2: Okay so mine is doing the same for my own domain and it looks like the cause is https://github.com/nahamsec/lazyrecon/blob/45ce2d4345de7c37082a7d8af0c6921023e0f5d6/lazyrecon.sh#L195

maybe even L194 too, either way, cat $domain.txt > alldomains.txt and cat cleantemp.txt >> alldomains.txt leaves alldomains.txt empty now.

Edit3: Shellcheck output. Ill start working on this to see if i can fix it, no ETA though.. OSCP studies you know

[samuel-ouzounian]

Has something to do with the exclude domains script. After deleting it from lazyrecon.sh my url list is repopulated. "Chrome path /snap/bin/chromium does not exist" This is my new error.

[samuel-ouzounian]

Fixed chrome pat error, had to manually change path at top of lazyrecon.sh script.

[mandeeps13k]

Hey @hackerman2015 , since you're getting it worked fine now, can you merge the changes in the repo?

[samuel-ouzounian]

The deleted lines shown above are all the lines of code I deleted out of the lazyrecon.sh file. I also had to change the chromium path in order for aquatone to work. This is shown below, only change it if you are getting an error regarding chromium's path while the application is running.

With this fix the exclude domains function will no longer work, but aquatone works and as far as I can tell the rest of the program works perfectly as well.

[samuel-ouzounian]

I think the issue occurs when no excluded domain is set. I think the exclude domain function in lazyscript.sh removes all text instead of just excluded domains when nothing is set, just speculating but it’s worth testing.

[incredincomp]

Im going to add a check to see if -e has been defined so that if it hasnt, it will not run.

I dont know why my grep line removes everything if not set, thats not how i thought it worked. It is supposed to check the first file for matches in the second file and then only remove those matches.

Leads me to believe I may have missed something with the mv alldomains move arounds so the script would work without me touching other parts of it. SoB my bad yall sorry

[incredincomp]

Thank you for your help guys. This should help if you are not setting excluded domains. Cheers!

[samuel-ouzounian]

Of course, and thank you!

On Sun, Feb 16, 2020 at 2:16 PM IncredInComp < mail-forwarder@wearehackerone.com> wrote:

Thank you for your help guys. This should help if you are not setting excluded domains. Cheers!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nahamsec/lazyrecon/issues/37?email_source=notifications&email_token=AORXXR2VFXRNNANWTBP2S53RDG3LJA5CNFSM4KSJNBOKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEL4UDVQ#issuecomment-586760662, or unsubscribe https://github.com/notifications/unsubscribe-auth/AORXXR4SG2LOBKUAUHTYHS3RDG3LJANCNFSM4KSJNBOA .

[Oumeir]

I have the same problem and I can't fix it :'(