Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Once installed...scans don't work with exception to nmap #86

Open
jackflax opened this issue Apr 27, 2018 · 7 comments
Open

Once installed...scans don't work with exception to nmap #86

jackflax opened this issue Apr 27, 2018 · 7 comments

Comments

@jackflax
Copy link

Scans don't seem to work with exception to nmap.
@kmadhusudhan
Copy link
Contributor

@jackflax
can please explain us what is the issue your getting ? if possible can you please share complete logs .

@alex-rad
Copy link

Hello,

Regarding this issue, I finally made the Web Scan function to work properly, but unfortunately I�'m having hard times with the WP scan option.

You can find the logs attached. When I run a WP scan, a message popups in the log scan file:

Error===>#<NoMethodError: undefined method `user_agent=' for Typhoeus::Config:Module>

I saw that the latest Gemfile.lock uses arachni (1.3.2) and typhoeus (= 0.6.9). In an older version, there's arachni (1.5.1) and typhoeus (= 1.0.2) (which by the way doesn't work either, it fails with a messge that the remote target is not available; also using these gems will make Web Scan stop working).

I tried to use different versions, but it looks that there's a bundle and anytime I'm using another version than the arachni (1.3.2) and typhoeus (= 0.6.9) I'm getting errors related to the dependencies.

Any hint on this to make both WP scan and Web scan working ?

Thanks,
Alex

1.log
sidekiq.log

@jackflax
Copy link
Author

And also .. the updates obviously are not working on these ... given that this is for security....being able to use the latest versions is important

@kmadhusudhan
Copy link
Contributor

kmadhusudhan commented Apr 30, 2018
edited
Loading

@jackflax
can please let us know what changes you made? Up to now, we did not face any issue with Wpscan in our system with the same version of Arachni and Typhoeus. even I saw Typhoeus gem implementation https://github.com/typhoeus/typhoeus/blob/181834e2483d392d0f7ab0cd17f544cd252c7b2f/lib/typhoeus/config.rb. it has setter and getter methods for the user_agent attribute in configs .

@alex-rad
Copy link

alex-rad commented Apr 30, 2018
edited
Loading

I changed the selenium-webdriver to 3.7.0, since phantomjs is not supported in 3.8.0, and I added bundle exec to the docker-build.sh commands. I also set the npm config registry in Dockerfile to http://registry.npmjs.org/ because the https fails, and made some edits to the healthcheck of mysql container.

Did you tried to run the docker-build.sh on a minimal CentOS 7 that has only Docker installed ? I even tried on 2 installations of CentOS 7 and 1 Ubuntu, both on premises and AWS, but nothing seems to work without adjustments (except for the network scan if the bundle execs are added in docker-build.sh and all the above mentions are implemented; also with selenium-webdriver 3.7.0 the site scan works as well).

@jackflax
Copy link
Author

jackflax commented May 3, 2018

@kmadhusudhan
See above post from alex-rad as we are working together. Please do let us know your solution hopefully to this. Thank you!

@harie0x
Copy link

harie0x commented May 7, 2018

@jackflax i am also facing the similar kind of issue. with exception to nmap, i cant able to find results of web app scanning. it's showing empty. can you please let me know, what changes you made for the web app scanning to work and show results.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kmadhusudhan @harie0x @alex-rad @jackflax