skavngr / rapidscan Goto Github PK

How to set request header e.g. Authorization?

Good day,
I wanted to do push for your code cause harvester is not working on latest Kali because of the name. So here you go the code, you can review it and make push.
Its not big modification but theharvester is now theHarvester, if you go with theharvester it will tell you bash command not found.

line 216 ["theHarvester","The Harvester - Scans for emails using Google's passive search.","theHarvester",1],
line 301 ["theHarvester -l 50 -b google -d ",""],
line 665 ["wapiti"], ["whatweb"], ["nmap"], ["golismero"], ["host"], ["wget"], ["uniscan"], ["wafw00f"], ["dirb"], ["davtest"], ["theHarvester"], ["xsser"], ["dnsrecon"],["fierce"], ["dnswalk"], ["whois"], ["sslyze"], ["lbd"], ["golismero"], ["dnsenum"],["dmitry"], ["davtest"], ["nikto"], ["dnsmap"]
line

Thanks for the python 3 update.

The docker file should be updated and tested as well, I haven’t tested whether it currently works, but it looks like python3 is not installed, so I think the Dockerfile is currently broken.

Test Case: The Harvester - Scans for emails using Google's passive search

The command theHarvester -l 50 -b google -d URL results in the following error because the google source is invalid:

[!] Invalid source.

https://github.com/skavngr/rapidscan/blob/cb5ea0ed9264a775044228a82870f65c58f99784/rapidscan.py#LL512C1-L512C1

stomping over the same file with all sorts of results... well... not even worth a pull request... but I added a few lines to disambiguate them - the main bit is:

date = subprocess.Popen(["date", "+%Y-%m-%d.%s"],stdout=subprocess.PIPE).stdout.read()[:-1].decode("utf-8") debuglog = "rs.dbg.%s.%s" % (target, date) vulreport = "rs.vul.%s.%s" % (target, date)

That will create files that look like "rs.vul.google.com.2022-01-03.1641255361" or w/e.

I'd also advocate creating a vulnerability file even if nothing was found; e.g. change this:

if len(rs_vul_list)==0: print("\t"+bcolors.OKGREEN+"No Vulnerabilities Detected."+bcolors.ENDC)

To be a report.write(*) with the same text or w/e (not blank, since it could die in mid run and you wouldn't know if it really was zero vuls or not.) First time I ran it I wasn't sure if there was a bug or what, since no result file was created.

YMMV, IMHO, etc.

Hey There,

Amazing work on the script. I was planning to utilize the script at a few places in my CI-CD flow and I'd like to know how to install the required cli tools for ubuntu or arch?

Right now running (the names taken from dockerfile)

sudo apt install host whois sslyze wapiti nmap dmitry dnsenum dnsrecon dnswalk dirb wafw00f whatweb nikto lbd xsser fierce theharvester davtest uniscan amass

results in packages not being found on apt repos.

E: Unable to locate package sslyze
E: Unable to locate package lbd
E: Unable to locate package xsser
E: Unable to locate package fierce
E: Unable to locate package theharvester
E: Unable to locate package davtest
E: Unable to locate package uniscan
E: Unable to locate package amass

And running it without any installation skips 71 out of 80 tests so that's not nice :D

What am I missing?

Thanks
P S

Is there oportunity run scanner with some credentials or session cookies ?

Hello!

I really liked your tool, you surely have put a lot of effort into this tool, and I see that the development is still under progress. Don't you think that it will be a better idea to shift this tool to Python 3 as this is the future. Python 2 is deprecating with the passage of time. If you're willing to make the transition, I can work with you, we can together make the proper changings to shift from Python 2 to Python 3. Waiting for your thoughts on it. Thanks

Hi I am using this awesome tool from last two days but still can't figure out how do I find the vulnerable domain/subdomain . I mean I get few critical vuln notification when testing a domain can't find which subdomain/parameter is vulnerable Rapidscan only showing the warning but not the vulnerable url/parameter.

Can you please help?

All the print statements in your tool are without parenthesis (), they're not enclosed in parenthesis and are generating syntax error whenever I try to run the code

I got unrecognized -dns arguments error.

Fierce Subdomains Bruter - Brute Forces Subdomain Discovery.

usage: fierce [-h] [--domain DOMAIN] [--connect] [--wide]
[--traverse TRAVERSE] [--search SEARCH [SEARCH ...]]
[--range RANGE] [--delay DELAY]
[--subdomains SUBDOMAINS [SUBDOMAINS ...] | --subdomain-file
SUBDOMAIN_FILE] [--dns-servers DNS_SERVERS [DNS_SERVERS ...] |
--dns-file DNS_FILE] [--tcp]
fierce: error: unrecognized arguments: -dns example.com

First, I would like to thank you for the script. Many thanks! Amazing work.

With use the current version of Dockerfile, we cant build our own image, because we can see an error (and this is pretty essential addiction):
E: Unable to locate package golismero

You need to add a non-free repo to the Dockerfile - edit current Dockfile like this for example:

FROM kalilinux/kali-rolling
RUN echo "deb http://old.kali.org/kali sana main non-free contrib" >> ./etc/apt/sources.list
RUN apt-get update && apt-get -yu dist-upgrade -y
# etc

After updating with non-free repo, all work fine.

Hi, @sh4nx0r,

I'm opening this issue because I think rapidscan should have a way to ignore/skip tools based on defined config at the discretion of the user.

Also, having to send the ctrl+C signal to alt a specific scan process do not permit to run the tool in an automated workflow.

I have a hack that introduces a --skip argument to permit such configuration see #23.

Would you be interested to merge such feature ?

Thanks,

Hi, it looks like the docker image cannot be build with the latest kali distributions :/

I'm unsure which python dependencies have docutils as a requirements, tho.

Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 python-docutils : Depends: docutils-common (= 0.12+dfsg-1) but 0.16+dfsg-4 is to be installed
                   Recommends: python-pil but it is not going to be installed
                   Recommends: python-pygments but it is not going to be installed
                   Recommends: libpaper-utils but it is not going to be installed
                   Recommends: docutils-doc (= 0.12+dfsg-1) but it is not going to be installed
 python-requests : Depends: python-chardet but it is not installable
E: Unable to correct problems, you have held broken packages.
The command '/bin/sh -c apt-get install -y   python2.7   wget   dmitry   dnsrecon   wapiti   nmap   sslyze   dnsenum   wafw00f   golismero   dirb   host   lbd   xsser   dnsmap   dnswalk   fierce   davtest   whatweb   nikto   uniscan   whois   theharvester' returned a non-zero code: 100

Please add a requirement file that allows to download the tools that the user doesn't have this is not a issue .

Hello,

I've run rapidscan via docker and it seems like all report files are fine. The temp_uniscan_rfi file says:

HTML report saved in: report/www.my-domain.com.html

But there is no HTML document. Any ideas?

Traceback (most recent call last):
File "/home/akihiko/rapidscan/rapidscan.py", line 1514, in
rs_tool_output_file = open(temp_file).read()
^^^^^^^^^^^^^^^^^^^^^^
File "", line 322, in decode
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x99 in position 404: invalid start byte

This is an excellent project thanks for making this project available for public.

when I run this program I got the following error .

Traceback (most recent call last):
File "./rapidscan.py", line 805, in
rs_tool_output_file = open(temp_file).read()
IOError: [Errno 2] No such file or directory: 'temp_nikto_headers'

Iam using kali linux 2017.2 in VM ware virtual machine.

That would be nice to be able to check if we're running the latest version of rapidscan.

I wouldn't trust the --update flag to update rapidsan, it's likely resulting in permission error.

Hello,

Can be exported the result in HTML format ?

A greeting and thanks

To show what additional tools can be installed to provide richer testing.

Thanks for your consideration!

If run without internet connection or wget fails on this line

os.system('wget -N https://raw.githubusercontent.com/skavngr/rapidscan/master/rapidscan.py -O rapidscan.py > /dev/null 2>&1')

will overwrite rapiscan.py with 0 bytes essentially deleting its contents.
There needs to be a conditional here to see if the file was actually retrieved.

Hello,

Can someone please guide me how can I run this successfully on windows?
After running it, I'm seeing a bunch of output files but all stating batch file issues.
I looked into docker file and see that I should install few other tools first but need assistance how can I do that on windows without impacting my system.

Thanks

The test case 8/80 | XSSer - Checks for Cross-Site Scripting [XSS] Attacks.

The XSSer command have http:// hardcoded. This result in error if you test rapidscan against HTTPS urls.

https://github.com/skavngr/rapidscan/blob/cb5ea0ed9264a775044228a82870f65c58f99784/rapidscan.py#LL584C6-L584C6

This code only works with python2, not python3, so best to add this into the docs.

A docker image with all the tools pre-installed would be awesome

Rapid scan will tell you hey the site is vulnerable
but when you wanna fix the vulnerability it doesn't tell you where it is (eg... what ip and port its at)
me and my friend doing a job couldn't get rapidscan to tell us what ip and port a variability is at all it says is exists and nothing else

It seems that scans take quite long to complete or maybe there is some issue.

I have run the scan and nmap was running for 2 hours before i killed it and Fierce subdomains bruter is the same story (haven't killed it yet).

Is this normal? Shall I wait for more, or is there something wrong?

I have nikto dimtry sslyze dnsrecon and golismer and other tool the script rapid scan still tell me that tool unavailable above script and on scan progress??

MacOS 10.15.7 (Catalina)

TLDR; run an apt-get before anything else... you either need to ignore keys altogether or use some alternate method to get the Kali pubkey (curl, wget, etc. aren't in the baseimage.) Alternate workaround after errors building:

Sending build context to Docker daemon 3.565MB Step 1/10 : FROM kalilinux/kali-rolling ---> c2fadbc65f8d Step 2/10 : ENV DEBIAN_FRONTEND noninteractive ---> Using cache ---> fd58a73e4d8b Step 3/10 : RUN apt-get update && apt-get -yu dist-upgrade -y ---> Running in 73b26ccf950e Get:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease [30.6 kB] Err:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED444FF07D8D0BF6 Reading package lists... W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/kali-archive-keyring.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: GPG error: http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED444FF07D8D0BF6 E: The repository 'http://http.kali.org/kali kali-rolling InRelease' is not signed. The command '/bin/sh -c apt-get update && apt-get -yu dist-upgrade -y' returned a non-zero code: 100

You can do the somewhat crazy :

RUN apt -o Acquire::AllowInsecureRepositories=true -o Acquire::AllowDowngradeToInsecureRepositories=true update

Or actually get the key somehow. If you do the above, three more changes were necessary to make the dockerfile work -

1. add the "--allow-unauthenticated" to apt-get RUN line
2. change python to python3 in the apt-get package listing.
3. change the last line from: ENTRYPOINT ["/usr/local/bin/rapidscan.py"] -> ENTRYPOINT ["python3", "/usr/local/bin/rapidscan.py"]

Traceback (most recent call last):
File "/Users/ayhan/Downloads/rapidscan-master/rapidscan.py", line 1514, in
rs_tool_output_file = open(temp_file).read()
File "/usr/local/Cellar/[email protected]/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/codecs.py", line 322, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xdd in position 1541: invalid continuation byte

hi,

i am getting errors like for most of the scanning steps:
/bin/sh: 1: cannot create /tmp/rapidscan_temp_nmap_telnet: Permission denied . . . /bin/sh: 1: cannot create /tmp/rapidscan_temp_nmap_rdp_tcp: Permission denied

What might cause this?

Hi,

I've been running into issues with DMitry, the scan takes more than 48h, which is not acceptable.

I was wondering if there is an option to disable a specific tool using the rapidscan docker container ?

Thanks