Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: Error creating EyeWitness screenshots with a non-standard URL #15

Closed
1 task done
psyray opened this issue Apr 22, 2024 · 6 comments · Fixed by #98
Closed
1 task done

bug: Error creating EyeWitness screenshots with a non-standard URL #15

psyray opened this issue Apr 22, 2024 · 6 comments · Fixed by #98
Labels
bug Something isn't working
Milestone
v2.0.7 release

Comments

@psyray
Copy link
Contributor

psyray commented Apr 22, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Submitted by @solo10010

The task of creating screenshots stops completely if EyeWitness encounters a strange URL

python3 /usr/src/github/EyeWitness/Python/EyeWitness.py -f /usr/src/scan_results/**********.com_9/endpoints_alive.txt -d /usr/src/scan_results/* *********.com_9/screenshots --no-prompt --timeout 10 --threads 40

Scan logs.

TERM environment variable not set.
################################################## ###############################
#EyeWitness#
################################################## ###############################
# Red Siege Information Security - https://www.redsiege.com #
################################################## ###############################

ERROR: You potentially provided an mal-formed URL!
ERROR: URL is - https://account.servicenow.com/sign-in?client_id=0oapi9ote73XCWSst0x7&redirect_uri=https://account.servicenow.com/auth&response_type=code&state=/profile/home?locale=en-us&scope=openid&source_id= account&locale=en-us

Expected Behavior

I expected that if errors occurred, the collection of screenshots would continue and not be interrupted completely.

Steps To Reproduce

  1. Install the latest version of rengine
  2. Set up any scan with collection of subdomains and creation of screenshots for the servicenow.com domain
  3. Monitor scanning tasks, screenshot creation has been stopped on the account.servicenow.com subdomain

Environment

- reNgine: 2.0.2
- OS: Ubuntu 22.04.1 LTS.
- Python: 3.10.4
- Docker engine: 24.0.7
- Docker Compose: v2.23.0
- Browser: Chrome 120.0.6099.224.

Anything else?

No response
@psyray psyray added the bug Something isn't working label Apr 22, 2024
@yarysp
Copy link
Contributor

yarysp commented May 13, 2024

Reproduced, working on it

@yarysp
Copy link
Contributor

yarysp commented May 13, 2024

Bug came from EyeWitness itself, explication here
RedSiege/EyeWitness#605

I've tested the patch, it works fine.
I notice a huge load on the VM while screenshot to a lot of targets.

Problem here is that the code of EyeWitness need to be patched, it's quite hard to maintain.
https://github.com/RedSiege/EyeWitness/pull/605/files

So we could filter the known bad url before, here using the semi column, and launch the task

I will try that way

@Talanor
Copy link
Contributor

Talanor commented May 29, 2024

Posted a new issue to see if we must circumvent this on our end : RedSiege/EyeWitness#656

@Relkci Relkci mentioned this issue Jun 3, 2024
Merged
@Relkci
Copy link

Relkci commented Jun 3, 2024
edited
Loading

Is the space in your example URL intended?

ERROR: URL is - https://account.servicenow.com/sign-in?client_id=0oapi9ote73XCWSst0x7&redirect_uri=https://account.servicenow.com/auth&response_type=code&state=/profile/home?locale=en-us&scope=openid&source_id= account&locale=en-us

After the original MR, you would have had traceback because EyeWitness has no logic to handle invalid spaces (and I'm not entirely convinced there is a reason to build the logic since the traceback is sufficiently indicative of the error).

That is to say, https://github.com/RedSiege/EyeWitness/pull/605/files might prevent an incorrect malformed URL error, but will not handle the error resulting from the space in your example.

Anyway, RedSiege/EyeWitness#659

To be clear though, this doesn't address that Eyewitness will stop completely on malformed URLs. Might be worth a new issue to address that explicitly-- to allow the rejection of a malformed URL, rather than completely stopping.

@psyray
Copy link
Contributor Author

psyray commented Jun 3, 2024

Is the space in your example URL intended?

ERROR: URL is - https://account.servicenow.com/sign-in?client_id=0oapi9ote73XCWSst0x7&redirect_uri=https://account.servicenow.com/auth&response_type=code&state=/profile/home?locale=en-us&scope=openid&source_id= account&locale=en-us

No, not intended. It's a copy-paste from the original issue on the legacy repository of reNgine
During my test, I found that the problem came from the ://, spaces were not a problem, or maybe I've fixed it while testing but didn't update the issue to fix the url space.

To be clear though, this doesn't address that Eyewitness will stop completely on malformed URLs. Might be worth a new issue to address that explicitly-- to allow the rejection of a malformed URL, rather than completely stopping.

👍 Thanks for your clarification

@Relkci
Copy link

Relkci commented Jun 4, 2024
edited
Loading

Merged RedSiege/EyeWitness#659

You can probably close #15

Cheers

@psyray psyray mentioned this issue Jun 9, 2024
Merged
@psyray psyray mentioned this issue Jun 19, 2024
Closed
3 tasks
@psyray psyray added this to the v2.0.7 release milestone Jun 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
v2.0.7 release
Development

Successfully merging a pull request may close this issue.

fix(tools): update git tools at startup Security-Tools-Alliance/rengine-ng
4 participants
@psyray @Talanor @Relkci @yarysp