Error during a scan

Question

Error during a scan

Teicu opened this issue a year ago · comments

Hi,

Do you have any idea why I get these errors and how they can be fixed? I am using the latest version and the system is macbook

_[15:24:49] [INFO] Start scanning target https://website.com
[15:24:50] [INFO] The WAF detection for the current URL starts
[15:24:51] [INFO] Not found the WAF
[15:24:51] [INFO] Fingerprint identification the current URL, please wait...
Exception in thread Thread-76:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/threading.py", line 932, in bootstrap_inner
self.run()
File "/Users/pentest/vulcat/lib/tool/thread.py", line 19, in run
self.result = self.target(self.clients)
File "/Users/pentest/vulcat/payloads/Spring/cve_2022_22965.py", line 72, in cve_2022_22965_scan
if ((res2.status_code == 200) and (randomStr in res2.text)):
AttributeError: 'NoneType' object has no attribute 'status_code'

Fugitif · Answer 1 · Fri Feb 10 2023 23:28:30 GMT+0800 (China Standard Time)

_AttributeError: 'NoneType' object has no attribute 'text'
60%|████████▍ | 6/10 [00:06<00:04, 1.01s/it]Exception in thread Thread-432:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/threading.py", line 932, in bootstrap_inner
self.run()
File "/Users/pentest/vulcat/lib/tool/thread.py", line 19, in run
self.result = self.target(self.clients)
File "/Users/pentest/vulcat/payloads/ApacheHadoop/new_unauth.py", line 36, in apache_hadoop_unauthorized_scan
'parseHadoopID' in res.text
AttributeError: 'NoneType' object has no attribute 'text

Lin · Answer 2 · Fri Feb 10 2023 23:36:32 GMT+0800 (China Standard Time)

Thank you for your question. I just checked and fixed the Bug. You can try again. --------------- 谢谢你的提问，我刚刚检查并修复了错误，您可以重新试试。

Fugitif · Answer 3 · Wed Mar 01 2023 16:42:14 GMT+0800 (China Standard Time)

Hi,

I just updated the tool and there is some errors again.

python3 vulcat.py -f Desktop/urls.txt

              ___                   _____

_ _ _ _ | | ____ ____ []
| \ / /| | | | | | u_u/ ) / _ ] | |
\ / / | (/ | | |･･}( ( [] | | |
_/ (____ ]/[] _) _• •)/ []

Traceback (most recent call last):
File "vulcat.py", line 18, in
from lib.core.coreScan import corescan # * 导入核心扫描模块
File "/Users/pentest/vulcat/lib/core/coreScan.py", line 20, in
from payloads.ApacheDruid.main import apachedruid
File "/Users/pentest/vulcat/payloads/ApacheDruid/main.py", line 23, in
from payloads.ApacheDruid.cve_2021_25646 import cve_2021_25646_scan
File "/Users/pentest/vulcat/payloads/ApacheDruid/cve_2021_25646.py", line 4, in
from lib.api.dns import dns
File "/Users/pentest/vulcat/lib/api/dns.py", line 81, in
dns = DNS()
File "/Users/pentest/vulcat/lib/api/dns.py", line 40, in init
self.dnslog_pw_domain = self.pw_random_prefix + '.' + config.get('dnslog_pw_domain')
TypeError: can only concatenate str (not "NoneType") to str

Lin · Answer 4 · Wed Mar 01 2023 17:02:04 GMT+0800 (China Standard Time)

Sorry very much. I just checked and fixed the Bug. You can try again. Thank you for your issues. --------------- 非常抱歉，我刚刚检查并修复了错误，您可以重新试试，谢谢你的issues。

Fugitif · Answer 5 · Wed Mar 01 2023 17:11:54 GMT+0800 (China Standard Time)

It works now, but sometimes during scanning I also get this error. Can you fix that too please?

_23%|███▏ | 8/35 [00:08<00:27, 1.01s/it]Exception in thread Thread-233:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/threading.py", line 932, in bootstrap_inner
self.run()
File "/Users/pentest/vulcat/lib/tool/thread.py", line 19, in run
self.result = self.target(self.clients)
File "/Users/pentest/vulcat/payloads/ElasticSearch/cve_2015_5531.py", line 65, in cve_2015_5531_scan
if (('114, 111, 111, 116' in res3.text)
AttributeError: 'NoneType' object has no attribute 'text'

Lin · Answer 6 · Wed Mar 01 2023 17:39:39 GMT+0800 (China Standard Time)

Sorry again, You can try again. Thank you for your issues. --------------- 再次抱歉，您可以重新试试，谢谢你的issues。

Fugitif · Answer 7 · Wed Mar 01 2023 18:02:34 GMT+0800 (China Standard Time)

works fine! thanks again

Fugitif · Answer 8 · Wed Mar 01 2023 19:34:41 GMT+0800 (China Standard Time)

Hi again @CLincat , just found another error:

_python3 vulcat.py -u http://testaspnet.vulnweb.com

              ___                   _____

_ _ _ _ | | ____ ____ []
| \ / /| | | | | | u_u/ ) / _ ] | |
\ / / | (/ | | |･･}( ( [] | | |
_/ (____ ]/[] _) _• •)/ []

[11:27:47] [INFO] Start scanning target http://testaspnet.vulnweb.com
[11:27:49] [INFO] The WAF detection for the current URL starts
[11:27:50] [INFO] Not found the WAF
[11:27:50] [INFO] Fingerprint identification the current URL, please wait...
[11:27:59] [INFO] No identification framework, all vulnerabilities will be scanned
100%|█████████████| 35/35 [00:35<00:00, 1.01s/it]
[11:28:36] [INFO] Wait for all threads to finish. Please wait...
[11:29:46] [INFO] Analyzing the results. Please wait...
[11:29:46] [-] The target does not seem vulnerable. A total of 461 HTTP(s) requests
[11:29:46] [INFO] Scan is completed, Take 119 seconds
pentest@pentest-2 vulcat % /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/multiprocessing/resource_tracker.py:216: UserWarning: resource_tracker: There appear to be 1 leaked semaphore objects to clean up at shutdown
warnings.warn('resource_tracker: There appear to be %d '_

Lin · Answer 9 · Wed Mar 01 2023 19:57:57 GMT+0800 (China Standard Time)

Hello, it's not vulcat's error, I looked up some information. It was found to be a Python warning message: https://bugs.python.org/issue38842 Generally does not affect normal work. If the error recurs, you can try the following: 1. Update the Python version 2. Set the following environment variables in the operating system ``` # Linux export PYTHONWARNINGS="ignore:semaphore_tracker:UserWarning" ```

…

---------- 您好，这不是 vulcat 的错误，我查找了一些信息。发现这是一条 Python 警告消息：https://bugs.python.org/issue38842 一般不影响正常工作。如果错误再次出现，您可以尝试以下操作： 1. 更新蟒蛇版本 2. 在操作系统中设置以下环境变量 ``` # Linux export PYTHONWARNINGS="ignore:semaphore_tracker:UserWarning" ```