Legion 0.43 crashes after nmap stage 3 - cve import

[kutmasterk]

Legion 0.43 on Kali 2023.4 crashes after the cve db import at stage 3 with the following error message:

Traceback (most recent call last):
  File "/usr/share/legion/app/importers/NmapImporter.py", line 330, in run
    db_script.output = scr.output
    ^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'output'

[sscottgvit]

@kutmasterk Interesting. Thanks for the report. Can you give me a list of the options you used during the scan? Are you using a default config? Would it be possible to email me the tmp folders that have the scan details? Don't post any non-anonymized data here, if you're permitted and would, could you email them tar'd/zip'd up to [email protected]?

[kutmasterk]

@sscottgvit I am using the default settings on fresh kali 2023.4 install probing our apache webserver.

i sent you the contents of the tmp folder via email.

[sscottgvit]

@kutmasterk Would it be possible for you to run a manual nmap scan against that host and send me the xml to my email? I want to verify the condition is addressed before I push the change.

[richard31337]

@sscottgvit Hi. I'm experiencing this same exact error. Is there a fix for this? Thanks

[micheleselea]

same issue for me: just add an host with standard configuration

[EpicPilgrim]

I also am having this with 0.4.3 on Kali. No nmap or legion updates available. @sscottgvit , do you still need nmap output to help diagnose this?

[ethhack]

Has this been resolved yet (not seeing a Close on it)? I'm having this issue on the latest Kali build.

[bernardyip]

I fixed this issue by modifying /usr/share/legion/app/importers/NmapImporter.py at line 330.

                     for scr in p.getScripts():
                         db_script = session.query(l1ScriptObj).filter_by(scriptId=scr.scriptId) \
                             .filter_by(portId=db_port.id).first()
 
+                         if not db_script:
+                             db_script = l1ScriptObj(scr.scriptId, scr.output, db_port.id, db_host.id)
+ 
                         if not scr.output == '' and scr.output != None:
                             db_script.output = scr.output

Not sure if it causes any issues with the import but this stopped it from crashing.

[ethhack]

I’d been considering doing similar. I’ll look at it in the morning and test the same.

Thanks.

On Mon, May 27, 2024 at 1:15 PM Bernard Yip @.***> wrote:

I fixed this issue by modifying /usr/share/legion/app/importers/NmapImporter.py at line 330.

                 for scr in p.getScripts():
                     db_script = session.query(l1ScriptObj).filter_by(scriptId=scr.scriptId) \
                         .filter_by(portId=db_port.id).first()

•                     if not db_script:+                             db_script = l1ScriptObj(scr.scriptId, scr.output, db_port.id, db_host.id)+
                    if not scr.output == '' and scr.output != None:
                        db_script.output = scr.output
  

Not sure if it causes any issues with the import but this stopped it from crashing.

— Reply to this email directly, view it on GitHub https://github.com/GoVanguard/legion/issues/247#issuecomment-2133850605, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACOCZYFCUTMMIVYAJBPA2R3ZENS4BAVCNFSM6AAAAABAK573GOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZTHA2TANRQGU . You are receiving this because you commented.Message ID: @.***>

[bikusta]

The fix of @bernardyip also worked for me.

[Kali-Lucy]

Thank you :)