search

wapiti-scanner / wapiti

Web vulnerability scanner written in Python3
https://github.com/wapiti-scanner/wapiti
GNU General Public License v2.0
1.15k stars 176 forks source link

issues with DVWA #589

Closed ismaelgo97 closed 4 months ago

ismaelgo97 commented 4 months ago

Trying to use wapiti with DVWA, executing wapiti -u http://localhost/DVWA/ -s http://localhost/DVWA/vulnerabilities/xss_r/ -x http://localhost/DVWA/logout.php -c cookies.json -m xss -v2 --color --flush-session -x "http://localhost/DVWA/security.php*" causes the following error:


Traceback (most recent call last):
  File "/usr/bin/wapiti", line 33, in <module>
    sys.exit(load_entry_point('wapiti3==3.0.4', 'console_scripts', 'wapiti')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/wapitiCore/main/wapiti.py", line 1206, in wapiti_main
    wap.browse()
  File "/usr/lib/python3/dist-packages/wapitiCore/main/wapiti.py", line 328, in browse
    for resource in explorer.explore(self._start_urls, self._excluded_urls):
  File "/usr/lib/python3/dist-packages/wapitiCore/net/crawler.py", line 659, in explore
    regexes.append(wildcard_translate(excluded_url))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/wapitiCore/net/crawler.py", line 95, in wildcard_translate
    return re.compile(res + r'\Z(?ms)')
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/re/__init__.py", line 227, in compile
    return _compile(pattern, flags)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/re/__init__.py", line 294, in _compile
    p = _compiler.compile(pattern, flags)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/re/_compiler.py", line 743, in compile
    p = _parser.parse(p, flags)
        ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/re/_parser.py", line 982, in parse
    p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/re/_parser.py", line 457, in _parse_sub
    itemsappend(_parse(source, state, verbose, nested + 1,
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/re/_parser.py", line 843, in _parse
    raise source.error('global flags not at the start '
re.error: global flags not at the start of the expression at position 39```
bretfourbe commented 4 months ago

Hi @ismaelgo97, you are using an old version (3.0.4) of wapiti. Can you try using the version from the repo ? https://github.com/wapiti-scanner/wapiti/blob/master/INSTALL.md#installing-wapiti-from-the-git-repository

ismaelgo97 commented 4 months ago

Thanks for the answer @bretfourbe, it was the issue for this one. I thought I had the latest version but it seems like I didn't.