Giters

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

Home Page:https://www.blstsecurity.com/cherrybomb

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

unable to install cherrybomb

andyaspellclark-moj opened this issue · comments

commented

Describe the bug
I am trying to install cherrybomb, but am getting an error downloading the install script

To Reproduce
following the steps in the github README:
at a command prompt I enter : curl https://cherrybomb.blstsecurity.com/install | /bin/bash

Expected behavior
cherrybomb shoulw download and then execute the install script

Screenshots
a "Certificate expired" error is displayed and the download of the install script fails:

curl https://cherrybomb.blstsecurity.com/install | /bin/bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Desktop (please complete the following information):

  • MacOS Ventura 13.6 (22G120) on Intel
  • bash shell

Could the install script be hosted on github? that would allow installation to occur.

commented

Hey @andyaspellclark-moj, we just fixed the issue (problem of certificate).
This is the content of the script:
`#!/bin/bash

platform='unknown'
unamestr=$(uname)
case $unamestr in
"SunOs") echo "\033[31;1m SOLARIS is not yet supported, contact us to get support status or open a github issue\033[0m" ; exit 0;;
"Darwin") platform="mac_x86_64" ;;
"Linux") platform="linux_gnu" ;;
"FreeBSD") echo "\033[31;1m BSD is not yet supported, contact us to get support status or open a github issue\033[0m" ; exit 0;;
"WindowsNT") echo "\033[31;1m WINDOWS is not yet supported, contact us to get support status or open a github issue\033[0m" ; exit 0;;
*) echo "\033[31;1m unknown: $OSTYPE is not yet supported, contact us to get support status or open a github issue\033[0m" ; exit 0;;
esac
echo "\033[32;1m DETECTED OS - ${platform}\033[0m";
filename="cherrybomb_${platform}"
url=https://cherrybomb.blstsecurity.com/download_cherrybomb
c_t="Content-Type: application/json"
payload="{"file":"${filename}"}"
echo "\033[34;1m DOWNLOADING CHERRYBOMB\033[0m"
presigned=$(curl -s ${url} -H "${c_t}" -d $payload);
pre=$(echo "$presigned" | sed -e 's/^"//' -e 's/"$//');
c=$(curl -s ${pre} -o cherrybomb);
example=$(curl -s "http://download-example-oas.blstsecurity.com/example-oas.json" -o example-oas.json);
echo "\033[32;1m DONE DOWNLOADING\033[0m"
echo "\033[34;1m INSTALLING\033[0m"
mkdir ~/.cherrybomb 2> /dev/null
chmod +x cherrybomb;
echo "MOVING CHERRYBOMB BIN INTO /usr/local/bin/, MAY REQUIRE sudo"
sudo mv cherrybomb /usr/local/bin/
echo "\033[32;1m DONE INSTALLING RUN cherrybomb to test\033[0m"`