search

p0dalirius / ApacheTomcatScanner

A python script to scan for Apache Tomcat server vulnerabilities.
https://podalirius.net/
GNU General Public License v3.0
771 stars 94 forks source link

from sectools.windows.ldap import get_computers_from_domain, get_servers_from_domain #13

Closed s3curityb3ast closed 2 years ago

s3curityb3ast commented 2 years ago

HI p0dalirius,

Thanks for releasing such a nice tool, :) kudos to you, but unfortunately i am facing the above error i tried to troubleshoot, as the function/class is already defined in the source but somehow i am not able to import, Please find below stats.

python3 -m pip install -r requirements.txt 
Requirement already satisfied: sectools in /usr/local/lib/python3.8/dist-packages (from -r requirements.txt (line 1)) (1.3.4)
Requirement already satisfied: xlsxwriter in /usr/local/lib/python3.8/dist-packages (from -r requirements.txt (line 2)) (3.0.3)
Requirement already satisfied: requests in /home/AMBERJACK/28wjk436e4/.local/lib/python3.8/site-packages (from -r requirements.txt (line 3)) (2.25.1)
Requirement already satisfied: ldap3 in /usr/local/lib/python3.8/dist-packages (from sectools->-r requirements.txt (line 1)) (2.9.1)
Requirement already satisfied: urllib3<1.27,>=1.21.1 in /home/AMBERJACK/28wjk436e4/.local/lib/python3.8/site-packages (from requests->-r requirements.txt (line 3)) (1.26.5)
Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python3/dist-packages (from requests->-r requirements.txt (line 3)) (2019.11.28)
Requirement already satisfied: idna<3,>=2.5 in /usr/lib/python3/dist-packages (from requests->-r requirements.txt (line 3)) (2.8)
Requirement already satisfied: chardet<5,>=3.0.2 in /usr/lib/python3/dist-packages (from requests->-r requirements.txt (line 3)) (3.0.4)
Requirement already satisfied: pyasn1>=0.4.6 in /usr/local/lib/python3.8/dist-packages (from ldap3->sectools->-r requirements.txt (line 1)) (0.4.8)

Error which is throwing,

apachetomcatscanner
Traceback (most recent call last):
  File "/usr/local/bin/apachetomcatscanner", line 5, in <module>
    from apachetomcatscanner.__main__ import main
  File "/usr/local/lib/python3.8/dist-packages/apachetomcatscanner/__main__.py", line 15, in <module>
    from sectools.windows.ldap import get_computers_from_domain, get_servers_from_domain
ImportError: cannot import name 'get_servers_from_domain' from 'sectools.windows.ldap' (/usr/local/lib/python3.8/dist-packages/sectools/windows/ldap.py)

Class/function which is already present.

cat /usr/local/lib/python3.8/dist-packages/sectools/windows/ldap.py | rg get
def __init_ldap_connection(target, tls_version, dc_ip, domain, username, password, lmhash, nthash, use_ldaps=False, auth_key=None):
    ldap_server = ldap3.Server(target, get_info=ldap3.ALL, port=port, use_ssl=use_ssl, tls=tls)
    target_dc = (auth_dc_ip if auth_dc_ip is not None else auth_domain)
                target=target_dc,
                target=target_dc,
            target=target_dc,
def get_computers_from_domain(auth_domain, auth_dc_ip, auth_username, auth_password, auth_hashes):
    target_dn = ldap_server.info.other["defaultNamingContext"]
    results = list(ldap_session.extend.standard.paged_search(target_dn, "(objectCategory=computer)", attributes=["dNSHostName"]))
``
I think get_servers_from_domain function is missing from the latest release.

import sectools

from sectools.windows.ldap import get_computers_from_domain, get_servers_from_domain Traceback (most recent call last): File "", line 1, in ImportError: cannot import name 'get_servers_from_domain' from 'sectools.windows.ldap' (/usr/local/lib/python3.8/dist-packages/sectools/windows/ldap.py)

Please let me know if i am doing anything wrong or its a real bug, /Issue.

Once again thanks a lot for releasing such a nice tool. $3curityb3ast

p0dalirius commented 2 years ago

Hey @s3curityb3ast,

I've updated sectools to 1.3.6, can you retry ? python3 -m pip install sectools==1.3.6 --upgrade

Best regards,

s3curityb3ast commented 2 years ago

Hi @p0dalirius

Thanks for quick response, Issue resolved :) 

apachetomcatscanner
Apache Tomcat Scanner v2.3.1 - by @podalirius_

usage: apachetomcatscanner [-h] [-v] [--debug] [-C] [-T THREADS] [-s] [--xlsx XLSX] [--json JSON] [-PI PROXY_IP] [-PP PROXY_PORT] [-rt REQUEST_TIMEOUT] [-tf TARGETS_FILE] [-tt TARGET]
                           [-tp TARGET_PORTS] [-ad AUTH_DOMAIN] [-ai AUTH_DC_IP] [-au AUTH_USER] [-ap AUTH_PASSWORD] [-ah AUTH_HASH]

A python script to scan for Apache Tomcat server vulnerabilities.

optional arguments:

---SNIPPET---