Closed bakkezi closed 1 year ago
this is by design, if vpn/proxy(network) for some reason drops the scan stops as well for security reason(s) however if @vittring thinks its worth it to implement i'll work on it. the only downside is if i do, an end user could potentially unbeknownst to them lose connection to proxy/vpn and be scanning insecurely.
Sometimes my internet gets disconnected for a second, and all the work gone, that's why i posted this issue, it will be cool if u implement that
this is by design, if vpn/proxy(network) for some reason drops the scan stops as well for security reason(s) however if @vittring thinks its worth it to implement i'll work on it. the only downside is if i do, an end user could potentially unbeknownst to them lose connection to proxy/vpn and be scanning insecurely.
That's not acceptable, I don't think. It's better to implement a kill-switch than to risk leaking your real IP without the proxy or VPN - compared to potentially sending malicious requests to servers/networks.
NovaCygni was working on something before he left that would have helped to save information on resets and segfaults.
So my current thoughts on implementing something would be Set a option to save current progress to a txt file (to be enabled manually) If network disconect > skip to scan options menu Or a general log file (i dont like this idea) If theres any ideas on a better way to implement/opinions on which implementation is best let me know. I would think if network disconnect > halt > when reconnected > continue would add too many chances for info leaks but i could be totally off base with that assumption. I'm currently working on re-adding cctv scanning which is almost completely finished but i still have to add an ignore list manually to prevent false positives, after im done with that i'll be able to work on adding something for network disruption
Adding the function that saves the current progress links would be cool
I miss CCTV hacks, for sure.
Timeout seems to be quick easy fix for this, if network disconnects it'll loop through all the dorks left and then go to the scan menu if network comes back up while looping it'll continue grabbing urls. did limiting testing and couldn't get an info leak while connected to VPN so it should be good to go. might add an exception in the future to only continue after you press enter or something just in case (better to be safe than sorry)
Can we add tests for this somehow?
What I did to test for data leaks was pretty hacky , i hosted a local version of searX and looked at server logs to make sure there wasn't data leaks in the server logs as well as monitored what packets were being sent from V3n0m (changed code to use searX instead of bing)
Can you send me a sample of the packets (redacted ofc)? Otherwise I have to spin up another VM to test it in wireshark and inetsim and it's a bother. Not that I don't enjoy the work, but I have been curious what artifacts are left by venom. I actually want to document this.
Sure thing, I'll scrub the file of personal info tonight after work. Not that interesting honestly, only thing I'm weary of is if you don't have Killswitch setup for proxy or vpn ( Everyone should do this) it'll use whatever connection it can which is why I need to add an exception to it ASAP so that it catches the disconnect and asks for user input before continuing Tl;Dr Kill switch = completely safe No Killswitch = not great I'll have it done tonight or tomorrow though.
Looking forward to it. In the meantime, I'll probably get bored and start doing the VM/InetSim anyway. I'll try to document what I find. For transparency's sake.
Reopened this issue because I ran into a small issue myself, It seems asyncio doesn't allow you to catch exceptions within the loop so you have to try and except at the call of the loop which is also the reason they keyboard interrupt menu doesn't work so timeout works but you can't as a quick example 'except: Connect = input("network disconnect continue? ") If connect == 'y': Return ' To be more secure we would have to basically revert back to the slower method of pulling results, to be able to catch a connection exception and it return the gathered urls. I'm sure there has to be at least a hacky way to deal with it, but I haven't been able to find a solution yet.
Asyncio is very confusing still. I'm struggling to find a way to do the loop. For example, Toxin implements: https://github.com/v3n0m-Scanner/V3n0M-Scanner/blob/04e4e7f38033a6dcc2c21856e28e72f16bf00d2b/src/toxin.py#L226-L233
Can we somehow add a timeout to this without having to ping externally to check if it's alive? https://github.com/v3n0m-Scanner/V3n0M-Scanner/blob/04e4e7f38033a6dcc2c21856e28e72f16bf00d2b/src/v3n0m.py#L501-L505
Maybe we can add a check to this to make sure it's actually connecting to targets?
Before Nova left he said he wanted to cut the dorks into single selections so instead of one massive dork lists you would have options for just SQLi scanning or just LFI etc I'm really contemplating reverting back to non-asyncio gathering and just doing the seperate lists to deal with it being slower , but idk if Nova would be mad about that as he's still the repo owner , and idk if he'll be back or not. Not being able to handle exceptions during the loop is quite honestly Infuriating.
I sort of agree. If we can't implement a better solution than ping loops (which are dangerous if the user doesn't have a VPN kill-switch, however uncommon that is nowadays), then maybe asyncio should go. Websockets has a way of handling disconnects but it's not straightforward as calling a disconnect()
. But this is all I can come up with in async:
def block_until(self, *conditions, timeout=None, wait_period=0.5):
def _disconnected():
return not (self.is_connected() and self.connection().is_open)
def done():
return _disconnected() or all(c() for c in conditions)
await utils.block_until(done, timeout=10, wait_period=0.5, loop=self.loop)
if _disconnected():
raise websockets.ConnectionClosed(
1006, "[!] We have disconnected. Check your connection."
)
I won't have time to revert back to the old non-asycncio code and chop dorks into multiple lists for a few weeks, but when i do I'll make sure to add exceptions for network disconnect instead of just using timeout.
All good. Figured you were more proficient with the language then I am to do it. I'm not opposed to either way, nor is there a real rush. This is not to important since most users of Venom will have stable Ethernet and aren't disconnecting mid scan.
The scan stops after the internet disconnect and it doesn't resume when its back