search

sethsec / celerystalk

An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.
https://sethsec.github.io/celerystalk/
MIT License
396 stars 72 forks source link

sqlite3.OperationalError: near "AND": syntax error #142

Open openedhardware opened 3 years ago

openedhardware commented 3 years ago

I was able to do Vulnerability Assessment Mode by following the instruction in readme on the docker container.

Here is a result of the ./celerystalk query watch command:

Every 2.0s: ./celerystalk query brief                                                                                                              nvidia: Tue Mar 16 07:20:13 2021

celerystalk  -  An asynchronous network enumeration/vulnerability scanner
    v1.3.1      Run all your tools against all your hosts (IPs/virtual hosts/subdomains)
                by @sethsec
                Build: 245

***********************************************************************************************************************************************************************************
                                                         celerystalk Status | Workspace Name: Default  | CPU Load Avg: 0.2

                                                 Submitted: 76 | Queued: 0 | Running: 0 | Completed: 76  | Cancelled: 0  | Paused: 0
***********************************************************************************************************************************************************************************
[+] Completed Tasks (76) (Only showing last 5 when in brief mode):

  [Duration][    IP     ] command...
  [00:01:36][192.168.1.109] hydra -f -V -t 1 -l root -P /usr/share/seclists/Passwords/Common-Credentials/best15.txt -s 22 192.168.1.109 ssh | tee /opt/celerystalk/default_works...
  [00:00:00][192.168.1.109] hydra -f -V -t 1 -l root -P /usr/share/seclists/Passwords/Common-Credentials/best15.txt -s 22222 192.168.1.109 ssh | tee /opt/celerystalk/default_wo...
  [00:00:04][192.168.1.106] curl -sX GET "http://web.archive.org/cdx/search/cdx?url=http://192.168.1.106:80&output=text&fl=original&collapse=urlkey&matchType=prefix" | tee /opt...
  [00:00:01][192.168.1.109] curl -sX GET "http://web.archive.org/cdx/search/cdx?url=http://192.168.1.109:1880&output=text&fl=original&collapse=urlkey&matchType=prefix" | tee /o...
  [00:00:10][192.168.1.106] gobuster dir -u https://192.168.1.106:443 -k -w /usr/share/seclists/Discovery/Web-Content/common.txt -s '200,204,302,307,403,500' -e -n -q | tee /op...
  +71 more rows

[+] FIN! All submitted jobs in this workspace have finished.

But cannot generate screenshots and report:

root@nvidia:/opt/celerystalk# ./celerystalk screenshots

celerystalk  -  An asynchronous network enumeration/vulnerability scanner 
    v1.3.1      Run all your tools against all your hosts (IPs/virtual hosts/subdomains)
                by @sethsec
                Build: 245

Traceback (most recent call last):
  File "./celerystalk", line 1043, in <module>
    main(arguments)
  File "./celerystalk", line 583, in main
    lib.screenshot.screenshot_command(arguments)
  File "/opt/celerystalk/lib/screenshot.py", line 45, in screenshot_command
    max_paths_len = len(get_max_screenshots(workspace,config_file))
  File "/opt/celerystalk/lib/screenshot.py", line 58, in get_max_screenshots
    paths = lib.db.get_x_paths_for_host_path_only(vhost, workspace,max)
  File "/opt/celerystalk/lib/db.py", line 673, in get_x_paths_for_host_path_only
    CUR.execute("SELECT path FROM paths WHERE ip = ? AND workspace = ? AND AND url_status != 404 LIMIT ?", (ip,workspace,config_max))
sqlite3.OperationalError: near "AND": syntax error

Thanks!