jackhammer icon indicating copy to clipboard operation
jackhammer copied to clipboard

Published 20 hours ago verified publisher icon olacabs

Once installed...scans don't work with exception to nmap

Open jackflax opened this issue 6 years ago • 7 comments

Scans don't seem to work with exception to nmap.

jackflax avatar Apr 27 '18 06:04 jackflax

@jackflax can please explain us what is the issue your getting ? if possible can you please share complete logs .

kmadhusudhan avatar Apr 27 '18 11:04 kmadhusudhan

Hello,

Regarding this issue, I finally made the Web Scan function to work properly, but unfortunately I'm having hard times with the WP scan option.

You can find the logs attached. When I run a WP scan, a message popups in the log scan file:

Error===>#<NoMethodError: undefined method `user_agent=' for Typhoeus::Config:Module>

I saw that the latest Gemfile.lock uses arachni (1.3.2) and typhoeus (= 0.6.9). In an older version, there's arachni (1.5.1) and typhoeus (= 1.0.2) (which by the way doesn't work either, it fails with a messge that the remote target is not available; also using these gems will make Web Scan stop working).

I tried to use different versions, but it looks that there's a bundle and anytime I'm using another version than the arachni (1.3.2) and typhoeus (= 0.6.9) I'm getting errors related to the dependencies.

Any hint on this to make both WP scan and Web scan working ?

Thanks, Alex

1.log sidekiq.log

alex-rad avatar Apr 27 '18 20:04 alex-rad

And also .. the updates obviously are not working on these ... given that this is for security....being able to use the latest versions is important

jackflax avatar Apr 27 '18 20:04 jackflax

@jackflax can please let us know what changes you made? Up to now, we did not face any issue with Wpscan in our system with the same version of Arachni and Typhoeus. even I saw Typhoeus gem implementation https://github.com/typhoeus/typhoeus/blob/181834e2483d392d0f7ab0cd17f544cd252c7b2f/lib/typhoeus/config.rb. it has setter and getter methods for the user_agent attribute in configs .

kmadhusudhan avatar Apr 30 '18 09:04 kmadhusudhan

I changed the selenium-webdriver to 3.7.0, since phantomjs is not supported in 3.8.0, and I added bundle exec to the docker-build.sh commands. I also set the npm config registry in Dockerfile to http://registry.npmjs.org/ because the https fails, and made some edits to the healthcheck of mysql container.

Did you tried to run the docker-build.sh on a minimal CentOS 7 that has only Docker installed ? I even tried on 2 installations of CentOS 7 and 1 Ubuntu, both on premises and AWS, but nothing seems to work without adjustments (except for the network scan if the bundle execs are added in docker-build.sh and all the above mentions are implemented; also with selenium-webdriver 3.7.0 the site scan works as well).

alex-rad avatar Apr 30 '18 22:04 alex-rad

@KMadhuSudhan See above post from alex-rad as we are working together. Please do let us know your solution hopefully to this. Thank you!

jackflax avatar May 03 '18 23:05 jackflax

@jackflax i am also facing the similar kind of issue. with exception to nmap, i cant able to find results of web app scanning. it's showing empty. can you please let me know, what changes you made for the web app scanning to work and show results.

harie0x avatar May 07 '18 11:05 harie0x