cerberauth
Error
tls: failed to verify certificate: x509: certificate is valid for ingress.local, not mywtbsite.com fatal error: all goroutines are asleep - deadlock!
goroutine 1 [select]: github.com/cerberauth/vulnapi/scan/discover.ScanURLs({0xc000253b08, 0x37, 0x47}, 0xc0002f0240, 0xc00048a2a0, 0xc0002f30e0, 0xc000448000) /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/scan/discover/utils.go:62 +0x40e github.com/cerberauth/vulnapi/scan/discover.DownloadAndScanURLs({0xf5b609?, 0x1d?}, {0xfc1587?, 0x14?}, 0xc0002f30e0, 0xc000448000, 0xc0002f0240, 0xc00048a2a0) /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/scan/discover/utils.go:99 +0x6c github.com/cerberauth/vulnapi/scan/discover/discoverable_openapi.ScanHandler(0xc0002f0240, 0xc00048a2a0) /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/scan/discover/discoverable_openapi/discoverable_openapi.go:38 +0x24f github.com/cerberauth/vulnapi/scan.(*Scan).Execute(0xc000143c40, {0x14d1ec8?, 0xc000303800?}, 0xc00027fc68) /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/scan/scan.go:109 +0xa3a github.com/cerberauth/vulnapi/cmd/discover.NewDomainCmd.func1(0xc000170200?, {0xc000138880?, 0x4?, 0xf49e16?}) /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/cmd/discover/domain.go:57 +0x92c github.com/spf13/cobra.(*Command).execute(0xc000176c08, {0xc000138850, 0x1, 0x1}) /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1019 +0xa7b github.com/spf13/cobra.(*Command).ExecuteC(0xc000176608) /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1148 +0x40c github.com/spf13/cobra.(*Command).Execute(...) /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1071 github.com/cerberauth/vulnapi/cmd.Execute({0x14c3a88?, 0xc000002380?}) /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/cmd/root.go:59 +0x1d main.main() /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/main.go:10 +0x25
The TLS error is correct (the certificate is for ingress.local, not mywtbsite.com), but the CLI shouldnβt crash and block the scan.
We should allow an βinsecureβ mode so the scan continues, and instead report the certificate mismatch in the results. This would let get vulnerability findings while still being warned about the TLS issue.
This is good first issue if you or someone else wants to contribute!
Hello contributors!
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you believe this issue is still relevant, please comment with your thoughts or re-open it.
Thank you for your contributions! π
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@RuslanSemchenko I could not reproduce your case. Even with a wrong certificate the command does not crash. Can you try again with the newest version?
C:\Users\Ruslan\Desktop>vulnapi discover domain visualstudio.microsoft.com Discovering APIs for visualstudio.microsoft.com Found 61 Domains
Scanning https://visualstudio.microsoft.com 100% |ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ| (3/3)
| TECHNOLOGIE/SERVICE | VALUE |
|---|---|
| Database | MySQL |
| Hosting | Azure |
| WP Engine | |
| Language | PHP |
| Security Service | HSTS |
| Server | Nginx |
Scanning https://qa.visualstudio.microsoft.com 33% |ββββββββββββββββββββββββββββββββββ | (1/3) 2025/11/30 01:15:50 Error scanning URL: Get "https://qa.visualstudio.microsoft.com/swagger/index.html": tls: failed to verify certificate: x509: certificate is valid for www.visualstudio.microsoft.com, www.visualstudio.com, www.visualstudio-staging.com, wildcard.visualstudio.com, visualstudio.microsoft.com, tutorials.visualstudio.com, sxp.microsoft.com, launch.visualstudio.com, integrate.visualstudio.com, download.visualstudio.com, beta.visualstudio.com, not qa.visualstudio.microsoft.com 2025/11/30 01:15:50 Error scanning URL: Get "https://qa.visualstudio.microsoft.com/api/v2/swagger": tls: failed to verify certificate: x509: certificate is valid for www.visualstudio.microsoft.com, www.visualstudio.com, www.visualstudio-staging.com, wildcard.visualstudio.com, visualstudio.microsoft.com, tutorials.visualstudio.com, sxp.microsoft.com, launch.visualstudio.com, integrate.visualstudio.com, download.visualstudio.com, beta.visualstudio.com, not qa.visualstudio.microsoft.com 2025/11/30 01:15:50 Error scanning URL: Get "https://qa.visualstudio.microsoft.com/api/v2/api-docs": tls: failed to verify certificate: x509: certificate is valid for www.visualstudio.microsoft.com, www.visualstudio.com, www.visualstudio-staging.com, wildcard.visualstudio.com, visualstudio.microsoft.com, tutorials.visualstudio.com, sxp.microsoft.com, launch.visualstudio.com, integrate.visualstudio.com, download.visualstudio.com, beta.visualstudio.com, not qa.visualstudio.microsoft.com fatal error: all goroutines are asleep - deadlock!
goroutine 1 [select, 2 minutes]: github.com/cerberauth/vulnapi/scan/discover.ScanURLs({0xc0002b4d88, 0x37, 0x47}, 0xc00070a000, 0xc000384d90, 0xc0001ee780, 0xc00657a000) /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/scan/discover/utils.go:62 +0x40e github.com/cerberauth/vulnapi/scan/discover.DownloadAndScanURLs({0x1726f7f?, 0x1d?}, {0x178f767?, 0x14?}, 0xc0001ee780, 0xc00657a000, 0xc00070a000, 0xc000384d90) /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/scan/discover/utils.go:99 +0x6c github.com/cerberauth/vulnapi/scan/discover/discoverable_openapi.ScanHandler(0xc00070a000, 0xc000384d90) /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/scan/discover/discoverable_openapi/discoverable_openapi.go:38 +0x24f github.com/cerberauth/vulnapi/scan.(*Scan).Execute(0xc00004e580, {0x1ca25a8?, 0xc0003120c0?}, 0xc0074d1c68) /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/scan/scan.go:109 +0xa3a github.com/cerberauth/vulnapi/cmd/discover.NewDomainCmd.func1(0xc0000beb00?, {0xc00029ca20?, 0x4?, 0x1715809?}) /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/cmd/discover/domain.go:57 +0x92c github.com/spf13/cobra.(*Command).execute(0xc000179508, {0xc00029c9f0, 0x1, 0x1}) /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1019 +0xa7b github.com/spf13/cobra.(*Command).ExecuteC(0xc000178f08) /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1148 +0x40c github.com/spf13/cobra.(*Command).Execute(...) /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1071 github.com/cerberauth/vulnapi/cmd.Execute({0x1c94080?, 0xc0000021c0?}) /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/cmd/root.go:59 +0x1d main.main() /home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/main.go:10 +0x25
C:\Users\Ruslan\Desktop>\
Strange
Hi, experiencing similar error. Except the port running on 1234 is http. Would it be possible to give a more user friendly error instead of this?
#setup: sudo dpkg -i vulnapi_0.8.9_linux_amd64.deb #no errors
vulnapi discover api 192.168.1.45:1234
16% |ββββββββββββββββββββββββ | (1/6) 2025/12/03 13:14:59 Error scanning URL: Get "https://192.168.1.45:1234/api/v2/swagger": http: server gave HTTP response to HTTPS client
2025/12/03 13:14:59 Error scanning URL: Get "https://192.168.1.45:1234/swagger/index.html": http: server gave HTTP response to HTTPS client
2025/12/03 13:14:59 Error scanning URL: Get "https://192.168.1.45:1234/api/v2/api-docs": http: server gave HTTP response to HTTPS client
fatal error: all goroutines are asleep - deadlock!
goroutine 1 [select]:
github.com/cerberauth/vulnapi/scan/discover.ScanURLs({0xc0000d3688, 0x37, 0x47}, 0xc0003ba7e0, 0xc0003c2150, 0xc00031e000, 0xc00031c000)
/home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/scan/discover/utils.go:62 +0x40e
github.com/cerberauth/vulnapi/scan/discover.DownloadAndScanURLs({0xf5b609?, 0x1d?}, {0xfc1587?, 0x14?}, 0xc00031e000, 0xc00031c000, 0xc0003ba7e0, 0xc0003c2150)
/home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/scan/discover/utils.go:99 +0x6c
github.com/cerberauth/vulnapi/scan/discover/discoverable_openapi.ScanHandler(0xc0003ba7e0, 0xc0003c2150)
/home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/scan/discover/discoverable_openapi/discoverable_openapi.go:38 +0x24f
github.com/cerberauth/vulnapi/scan.(*Scan).Execute(0xc000308040, {0x14d1ec8?, 0xc0003cecc0?}, 0xc00029dc68)
/home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/scan/scan.go:109 +0xa3a
github.com/cerberauth/vulnapi/cmd/discover.NewAPICmd.func1(0xc000258600?, {0xc0003a69a0?, 0x4?, 0xf49e16?})
/home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/cmd/discover/api.go:51 +0x71c
github.com/spf13/cobra.(*Command).execute(0xc0003bcf08, {0xc0003a6970, 0x1, 0x1})
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1019 +0xa7b
github.com/spf13/cobra.(*Command).ExecuteC(0xc0003bc608)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1148 +0x40c
github.com/spf13/cobra.(*Command).Execute(...)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1071
github.com/cerberauth/vulnapi/cmd.Execute({0x14c3a88?, 0xc000002380?})
/home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/cmd/root.go:59 +0x1d
main.main()
/home/runner/go/pkg/mod/github.com/cerberauth/[email protected]/main.go:10 +0x25
Best regards
