search

shenril / Sitadel

Web Application Security Scanner
GNU General Public License v3.0
547 stars 109 forks source link

Error "AttributeError: 'Output' object has no attribute 'test'" during analysis #5

Closed galloche closed 5 years ago

galloche commented 5 years ago

Hello, I'm trying to use Sitadel. But during the "Checking cross site scripting" analysis, the error "AttributeError: 'Output' object has no attribute 'test'" occured.

Below the complete error : [i] Checking cross site scripting... Traceback (most recent call last): File "sitadel.py", line 93, in Sitadel().main() File "sitadel.py", line 88, in main self.ma.attacks(args.attack, self.url, discovered_urls) File "/root/Documents/Sitadel/lib/utils/manager.py", line 29, in attacks Attacks(url, crawled_urls).run(plugins) File "/root/Documents/Sitadel/lib/modules/attacks/init.py", line 45, in run raise (e) File "/root/Documents/Sitadel/lib/modules/attacks/init.py", line 39, in run attacks = ([(p(), p().process(self.start_url, self.crawled_urls)) for p in AttackPlugin.plugins]) File "/root/Documents/Sitadel/lib/modules/attacks/init.py", line 39, in attacks = ([(p(), p().process(self.start_url, self.crawled_urls)) for p in AttackPlugin.plugins]) File "/root/Documents/Sitadel/lib/modules/attacks/vulns/anonymous.py", line 13, in process output.test('Scanning anonymous cipher vuln...') AttributeError: 'Output' object has no attribute 'test'

Can you help me ?

Thanks

PierrePaul commented 5 years ago

I wonder what's the state of the project. The .test calls (it's also in shellshock.py) seems to be a legacy call from python2. There is also many errors when trying to compare str to bytes objects (which also let me believe there was a python2->3 conversion, that's not yet done). I tried fixing everything in a fork, but now I've got the request factory always returning 200 even though the server is returning 404. So, yeah, I wonder what's the state of the project.

shenril commented 5 years ago

Indeed it was still in the middle of refactoring... and life happened :( i ll be able to work back on this from next week so I ll correct it as soon as possible Thanks for the feedback

shenril commented 5 years ago

The test issue should be fixed Regarding @PierrePaul comment, would you mind telling me where you encountered problems with str to bytes ?

galloche commented 5 years ago

I think there is another problem after these corrections. The installation didn't work with : root@kali-gg:~/Documents/Sitadel# pip install . Processing /root/Documents/Sitadel Sitadel requires Python '>=3.5' but the running Python is 2.7.15

So i installed with pip3 for python3.7. root@kali-gg:~/Documents/Sitadel# pip3 install . Processing /root/Documents/Sitadel ... Installation is OK

But when i ran sitadel i got these errors : root@kali-gg:~/Documents/Sitadel# python sitadel.py --help Traceback (most recent call last): File "sitadel.py", line 14, in from lib.config import settings File "/root/Documents/Sitadel/lib/config/init.py", line 1, in from .settings import Settings File "/root/Documents/Sitadel/lib/config/settings.py", line 50 cls.cfg = {cls.cfg, config} ^ SyntaxError: invalid syntax

AND

root@kali-gg:~/Documents/Sitadel# python3.7 sitadel.py --help Traceback (most recent call last): File "sitadel.py", line 17, in from lib.utils import banner, manager, output, validator File "/root/Documents/Sitadel/lib/utils/manager.py", line 3, in from lib.modules.crawler.crawler import crawl File "/root/Documents/Sitadel/lib/modules/crawler/crawler.py", line 3, in import scrapy ModuleNotFoundError: No module named 'scrapy'

What is the good way to install and use sitadel ? I am on KALI : 4.19.0-kali1-amd64.

PierrePaul commented 5 years ago

Calling sitadel with python3.7 was a good move. python3.7 sitadel.py --help

It's strange that scrapy is missing. Can you try running this (again) : pip3 install . ? You could also run pip3 freeze and look if scrapy is in there : pip3 freeze | grep -i scrapy

galloche commented 5 years ago

My results :

root@kali-gg:~/Documents/Sitadel# pip3 install . Processing /root/Documents/Sitadel Requirement already satisfied: colorama in /usr/lib/python3/dist-packages (from Sitadel==0.1.0) (0.3.7) Requirement already satisfied: pyyaml in /usr/lib/python3/dist-packages (from Sitadel==0.1.0) (3.13) Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from Sitadel==0.1.0) (2.20.0) Requirement already satisfied: scrapy in /usr/local/lib/python3.6/dist-packages (from Sitadel==0.1.0) (1.5.2) Requirement already satisfied: urllib3 in /usr/lib/python3/dist-packages (from Sitadel==0.1.0) (1.24) Requirement already satisfied: Twisted>=13.1.0 in /usr/local/lib/python3.6/dist-packages (from scrapy->Sitadel==0.1.0) (18.9.0) Requirement already satisfied: lxml in /usr/lib/python3/dist-packages (from scrapy->Sitadel==0.1.0) (4.2.5) Requirement already satisfied: cssselect>=0.9 in /usr/local/lib/python3.6/dist-packages (from scrapy->Sitadel==0.1.0) (1.0.3) Requirement already satisfied: w3lib>=1.17.0 in /usr/local/lib/python3.6/dist-packages (from scrapy->Sitadel==0.1.0) (1.20.0) Requirement already satisfied: six>=1.5.2 in /usr/lib/python3/dist-packages (from scrapy->Sitadel==0.1.0) (1.12.0) Requirement already satisfied: PyDispatcher>=2.0.5 in /usr/local/lib/python3.6/dist-packages (from scrapy->Sitadel==0.1.0) (2.0.5) Requirement already satisfied: pyOpenSSL in /usr/lib/python3/dist-packages (from scrapy->Sitadel==0.1.0) (18.0.0) Requirement already satisfied: service-identity in /usr/local/lib/python3.6/dist-packages (from scrapy->Sitadel==0.1.0) (18.1.0) Requirement already satisfied: parsel>=1.1 in /usr/local/lib/python3.6/dist-packages (from scrapy->Sitadel==0.1.0) (1.5.1) Requirement already satisfied: queuelib in /usr/local/lib/python3.6/dist-packages (from scrapy->Sitadel==0.1.0) (1.5.0) Requirement already satisfied: Automat>=0.3.0 in /usr/local/lib/python3.6/dist-packages (from Twisted>=13.1.0->scrapy->Sitadel==0.1.0) (0.7.0) Requirement already satisfied: PyHamcrest>=1.9.0 in /usr/local/lib/python3.6/dist-packages (from Twisted>=13.1.0->scrapy->Sitadel==0.1.0) (1.9.0) Requirement already satisfied: zope.interface>=4.4.2 in /usr/local/lib/python3.6/dist-packages (from Twisted>=13.1.0->scrapy->Sitadel==0.1.0) (4.6.0) Requirement already satisfied: attrs>=17.4.0 in /usr/local/lib/python3.6/dist-packages (from Twisted>=13.1.0->scrapy->Sitadel==0.1.0) (18.2.0) Requirement already satisfied: incremental>=16.10.1 in /usr/local/lib/python3.6/dist-packages (from Twisted>=13.1.0->scrapy->Sitadel==0.1.0) (17.5.0) Requirement already satisfied: hyperlink>=17.1.1 in /usr/local/lib/python3.6/dist-packages (from Twisted>=13.1.0->scrapy->Sitadel==0.1.0) (18.0.0) Requirement already satisfied: constantly>=15.1 in /usr/local/lib/python3.6/dist-packages (from Twisted>=13.1.0->scrapy->Sitadel==0.1.0) (15.1.0) Requirement already satisfied: cryptography in /usr/lib/python3/dist-packages (from service-identity->scrapy->Sitadel==0.1.0) (2.3) Requirement already satisfied: pyasn1-modules in /usr/local/lib/python3.6/dist-packages (from service-identity->scrapy->Sitadel==0.1.0) (0.2.4) Requirement already satisfied: pyasn1 in /usr/lib/python3/dist-packages (from service-identity->scrapy->Sitadel==0.1.0) (0.4.2) Requirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from PyHamcrest>=1.9.0->Twisted>=13.1.0->scrapy->Sitadel==0.1.0) (40.6.3) Requirement already satisfied: idna>=2.5 in /usr/lib/python3/dist-packages (from hyperlink>=17.1.1->Twisted>=13.1.0->scrapy->Sitadel==0.1.0) (2.6) Building wheels for collected packages: Sitadel Running setup.py bdist_wheel for Sitadel ... done Stored in directory: /tmp/pip-ephem-wheel-cache-a0egugja/wheels/5a/af/5a/9f9a98c5df2f46b02ea2bd953af8258033e28f5e2007fad559 Successfully built Sitadel Installing collected packages: Sitadel Found existing installation: Sitadel 0.1.0 Uninstalling Sitadel-0.1.0: Successfully uninstalled Sitadel-0.1.0 Successfully installed Sitadel-0.1.0

root@kali-gg:~/Documents/Sitadel# pip3 freeze | grep -i scrapy Scrapy==1.5.2

Seems all is OK.

PierrePaul commented 5 years ago

Great, then do pip3 --version. I have a feeling your pip3 is not linked to your python3.7. You should expect something that looks like this : pip 18.1 from /usr/local/lib/python3.7/dist-packages/pip (python 3.7)

galloche commented 5 years ago

pip3 --version pip 18.1 from /usr/lib/python3/dist-packages/pip (python 3.6)

grap.... It's seems to work with this version of python. Thank you for yor help :) I'm running a full scan to check if there are others errors.

shenril commented 5 years ago

@PierrePaul thanks for the answers @galloche Ideally use the docker image to avoid all this version hell ;)