search

yogeshojha / rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
https://yogeshojha.github.io/rengine/
GNU General Public License v3.0
7.25k stars 1.1k forks source link

amass-active fails indefinetly with a custom wordlist defined #578

Closed KrE80r closed 2 weeks ago

KrE80r commented 2 years ago

Issue Summary

amass-active mode never finishes when a custom wordlist is defined

A summary of the issue.

Whenever an engine includes amass-active and a custom amass_wordlist, a scan with this engine will never finish.

Steps to Reproduce

Use below sample subdomain discovery section in an engine

subdomain_discovery:
  uses_tools: [ amass-active, amass-passive, assetfinder, sublist3r, subfinder, oneforall ]
  threads: 10
  use_amass_config: false
  use_subfinder_config: false
  amass_wordlist: dns

Note: tested changing use_*_config but that did not change the behavior

2022-02-07T10:38:10.276035375Z [2022-02-07 10:38:10,275: INFO/MainProcess] Task reNgine.tasks.initiate_scan[96755b3e-cbf0-48e1-869b-92d661014065] received                                                                               
2022-02-07T10:38:10.358254336Z [2022-02-07 10:38:10,357: INFO/ForkPoolWorker-3] amass-active                                                                                                                                             
2022-02-07T10:38:10.367581689Z [2022-02-07 10:38:10,366: ERROR/ForkPoolWorker-3] Task reNgine.tasks.initiate_scan[96755b3e-cbf0-48e1-869b-92d661014065] raised unexpected: NameError("name 'amass_config_path' is not defined")          
2022-02-07T10:38:10.367636258Z Traceback (most recent call last):                                                                                                                                                                        
2022-02-07T10:38:10.367642427Z   File "/usr/local/lib/python3.8/dist-packages/celery/app/trace.py", line 450, in trace_task                                                                                                              
2022-02-07T10:38:10.367646842Z     R = retval = fun(*args, **kwargs)                                                                                                                                                                     
2022-02-07T10:38:10.367663930Z   File "/usr/local/lib/python3.8/dist-packages/celery/app/trace.py", line 731, in __protected_call__                                                                                                      
2022-02-07T10:38:10.367668328Z     return self.run(*args, **kwargs)                                                                                                                                                                      
2022-02-07T10:38:10.367671628Z   File "/usr/src/app/reNgine/tasks.py", line 149, in initiate_scan                                                                                                                                        
2022-02-07T10:38:10.367674911Z     subdomain_scan(                                                                                                                                                                                       
2022-02-07T10:38:10.367678115Z   File "/usr/src/app/reNgine/tasks.py", line 392, in subdomain_scan                                                                                                                                       
2022-02-07T10:38:10.367681327Z     if amass_config_path:                                                                                                                                                                                 
2022-02-07T10:38:10.367685391Z NameError: name 'amass_config_path' is not defined

This is similar to issue #429 but the difference is, no other scans are started, the engine just sits waiting forever for amass-active which did not start.

Any other relevant information. For example, why do you consider this a bug and what did you expect to happen instead?

github-actions[bot] commented 2 years ago

👋 Hi @KrE80r, Issues is only for reporting a bug/feature request. Please read documentation before raising an issue https://rengine.wiki For very limited support, questions, and discussions, please join reNgine Discord channel: https://discord.gg/azv6fzhNCE Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

xnl-h4ck3r commented 2 years ago

Hi @KrE80r I think this fails if amass-active is used, regardless of wordlist, it still fails because it appears there is some code in ~/rengine/web/reNgine/tasks.pythat is causing this error. I'm not sure that these lines are even necessary and maybe left there from a previous version of something. If you open that file and comment out the following lines, I think you should find that it works as needed.

           if amass_config_path:
                amass_command = amass_command + \
                    ' -config {}'.format('/usr/src/scan_results/' + amass_config_path)
yogeshojha commented 2 weeks ago

This is no longer valid after the refactoring is done in 2.0

I tested out and generated the command as expected

amass enum -active -d yogeshojha.com -o /usr/src/scan_results/yogeshojha.com_123/subdomains_amass_active.txt -brute -w /usr/src/wordlist/deepmagic.com-prefixes-top50000.txt