Unable to import module ssl

[Brian1619]

Hello, I have tried to use the Dockerfile in the repositiry to get a working env up and running. After building the image and trying to scan a site, Wapiti always says:

[!] Unable to import module ssl [!] Unable to find a module named ssl

When I connect to the container, and run python3 -c "import ssl; print(ssl.OPENSSL_VERSION)" I get OpenSSL 1.1.1n 15 Mar 2022

I started on a mac and had the same Problem. I build another Debian Docker image and tried install with pip install wapiti3, same results.

Any tips on how to get Wapiti3 up and running?

[bretfourbe]

Hi @Brian1619,

Can you have a look at https://github.com/wapiti-scanner/wapiti/issues/365 ?

[Brian1619]

Hello @bretfourbe, yes, I already saw that and tried what I found in #365. I have tried multiple ways to get Wapiti up and running. I tried in a fresh install and with a virtual Env. its always the same problem. What surprises me the most is that the Dockerfile setup has the same problem.

We are trying to scan a https only application. I haven't found anything that says Wapiti can't handle that.

here is the my virtual env:

(wapiti3) root@c7996e05cf69:/usr/src/app# pip freeze aiocache==0.12.0 aiohttp==3.8.4 aiosignal==1.3.1 aiosqlite==0.17.0 anyio==3.6.2 arsenic==21.8 asgiref==3.5.2 async-timeout==4.0.2 attrs==22.2.0 beautifulsoup4==4.11.2 Brotli==1.0.9 browser-cookie3==0.16.2 certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.1.0 click==8.1.3 cryptography==38.0.4 dnspython==2.1.0 Flask==2.2.3 frozenlist==1.3.3 greenlet==2.0.2 h11==0.14.0 h2==4.1.0 hpack==4.0.0 httpcore==0.16.3 httpx==0.23.3 hyperframe==6.0.1 idna==3.4 importlib-metadata==6.0.0 itsdangerous==2.1.2 jaraco.classes==3.2.3 jeepney==0.8.0 Jinja2==3.1.2 kaitaistruct==0.10 keyring==23.13.1 ldap3==2.9.1 loguru==0.6.0 lz4==4.3.2 Mako==1.2.4 MarkupSafe==2.1.1 mitmproxy==9.0.0 mitmproxy-wireguard==0.1.20 more-itertools==9.1.0 msgpack==1.0.5 multidict==6.0.4 nassl==5.0.0 passlib==1.7.4 pbkdf2==1.3 protobuf==4.22.1 publicsuffix2==2.20191221 pyaes==1.6.1 pyasn1==0.4.8 pycparser==2.21 pycryptodome==3.17 pydantic==1.10.6 pyOpenSSL==22.1.0 pyparsing==3.0.9 pyperclip==1.8.2 rfc3986==1.5.0 ruamel.yaml==0.17.21 ruamel.yaml.clib==0.2.7 SecretStorage==3.3.3 six==1.16.0 sniffio==1.3.0 socksio==1.0.0 sortedcontainers==2.4.0 soupsieve==2.4 SQLAlchemy==2.0.6 sslyze==5.1.2 structlog==20.2.0 tld==0.13 tls-parser==2.0.1 tornado==6.2 typing-extensions==4.4.0 urwid==2.1.2 wapiti3==3.1.7 Werkzeug==2.2.3 wsproto==1.2.0 yarl==1.8.2 yaswfp==0.9.3 zipp==3.15.0 zstandard==0.18.0

[Darkiros]

Hello @Brian1619 , can you try to install from the latest Github source with the command pip install .[test] ?

[devl00p]

@Brian1619 the ssl module in Wapiti is there to check TLS misconfigurations but it is not required to scan https applications.

But it seems you have the required dependencies (sslyze is installed). We will try to make the errors a little bit more verbose so it will be easier to figure out what is the problem

[devl00p]

@Brian1619 You need to install the humanize package

[Brian1619]

Hello

So, I have tried the suggestions for listed above. Nothing solved the problem. The reason is that I was the Problem. I had not specified the scope of the scan and therefore it seemed to be not scanning, just complaining that it could not find the ssl module.

I apologize for the noise here and thank those that were willing to help me with my problem.

Brian

[bretfourbe]

@Brian1619, could you explain with command lines what did not work and what did please, just to make sure there is no issue here ?

[devl00p]

@Brian1619 I'm closing the issue. It seems you missed the humanize dependency for the ssl module to work correctly.

We also added some information about the sslyze dependency in the FAQ and README files and we made the error message more verbose for the next stable release