dictionary error
gbiagomba opened this issue · comments
Hello,
When I try to run a scam, this is what I get. I tried moving into the directory and calling the file and it has been to no avail.
docker run stefanoj3/dirstalk dirstalk scan "https://example.com/" -d "/usr/share/dirbuster/wordlists/directory-list-1.0.txt" Error: failed to build dictionary: dictionary: failed to get/usr/share/dirbuster/wordlists/directory-list-1.0.txt`: Get /usr/share/dirbuster/wordlists/directory-list-1.0.txt: unsupported protocol scheme ""
Usage:
dirstalk scan [url] [flags]
Flags:
--cookie stringArray cookie to add to each request; eg name=value (can be specified multiple times)
-d, --dictionary string dictionary to use for the scan (path to local file or remote url)
--header stringArray header to add to each request; eg name=value (can be specified multiple times)
-h, --help help for scan
--http-cache-requests cache requests to avoid performing the same request multiple times within the same scan (EG if the server reply with the same redirect location multiple times, dirstalk will follow it only once) (default true)
--http-methods strings comma separated list of http methods to use; eg: GET,POST,PUT (default [GET])
--http-statuses-to-ignore ints comma separated list of http statuses to ignore when showing and processing results; eg: 404,301 (default [404])
--http-timeout int timeout in milliseconds (default 5000)
--out string path where to store result output
--scan-depth int scan depth (default 3)
--socks5 string socks5 host to use
-t, --threads int amount of threads for concurrent requests (default 3)
--use-cookie-jar enables the use of a cookie jar: it will retain any cookie sent from the server and send them for the following requests
--user-agent string user agent to use for http requests
Global Flags:
-v, --verbose verbose mode
level=fatal msg="Execution error" err="failed to build dictionary: dictionary: failed to get /usr/share/dirbuster/wordlists/directory-list-1.0.txt: Get /usr/share/dirbuster/wordlists/directory-list-1.0.txt: unsupported protocol scheme """
`
Hello @gbiagomba,
thanks for submitting this issue.
I see that you are putting the dictionary path between double quotes, there is no need, you can directly specify the path: -d /usr/share/dirbuster/wordlists/directory-list-1.0.txt
Another thing I see is that you are running dirstalk using docker, remember that docker is a sandbox and isolates the file system from the host operating system one, so even if you pass the value correctly without doubles quotes, if you do not share with your container the folder containing the wordlist then dirstalk will not be able to find it, because it will work with a clean and isolated file system.
Here you find some info about mounting a folder in docker.
Please let me know if this answers your issue.
@stefanoj3 apologies for the tardy reply, I was away at a con but actually i tried with quotes, without, I tried moving into the directory can calling the file directly while in the same pwd and got the same error.
docker run stefanoj3/dirstalk dirstalk scan "https://example.com/" -d /usr/share/dirbuster/wordlists/directory-list-1.0.txt
Error: failed to build dictionary: dictionary: failed to get `/usr/share/dirbuster/wordlists/directory-list-1.0.txt`: Get /usr/share/dirbuster/wordlists/directory-list-1.0.txt: unsupported protocol scheme ""
Usage:
dirstalk scan [url] [flags]
Flags:
--cookie stringArray cookie to add to each request; eg name=value (can be specified multiple times)
-d, --dictionary string dictionary to use for the scan (path to local file or remote url)
--header stringArray header to add to each request; eg name=value (can be specified multiple times)
-h, --help help for scan
--http-cache-requests cache requests to avoid performing the same request multiple times within the same scan (EG if the server reply with the same redirect location multiple times, dirstalk will follow it only once) (default true)
--http-methods strings comma separated list of http methods to use; eg: GET,POST,PUT (default [GET])
--http-statuses-to-ignore ints comma separated list of http statuses to ignore when showing and processing results; eg: 404,301 (default [404])
--http-timeout int timeout in milliseconds (default 5000)
--out string path where to store result output
--scan-depth int scan depth (default 3)
--socks5 string socks5 host to use
-t, --threads int amount of threads for concurrent requests (default 3)
--use-cookie-jar enables the use of a cookie jar: it will retain any cookie sent from the server and send them for the following requests
--user-agent string user agent to use for http requests
Global Flags:
-v, --verbose verbose mode
level=fatal msg="Execution error" err="failed to build dictionary: dictionary: failed to get `/usr/share/dirbuster/wordlists/directory-list-1.0.txt`: Get /usr/share/dirbuster/wordlists/directory-list-1.0.txt: unsupported protocol scheme \"\""
I will give another try to this and see if I can reproduce, thank you for reporting.
@gbiagomba I managed to reproduce the issue you reported, the error is misleading because it tells you that the "protocol scheme" is invalid, but in fact based on how you launch the command seems like it happens because the file is not found.
You can see why it was happening here, after this PR the error should be explicit.
I see that you are running the command like:
docker run stefanoj3/dirstalk dirstalk scan "https://example.com/" -d /usr/share/dirbuster/wordlists/directory-list-1.0.txt
I don't see the flag to mount the /usr/share/dirbuster/wordlists directory, since you are running in docker you have to share the folders you want to be available from the host to the container, otherwise they will not be found.
Here you find some info about mounting a folder in docker.
If you try to pull again the image and retry
docker pull stefanoj3/dirstalk 06:35:35
Using default tag: latest
latest: Pulling from stefanoj3/dirstalk
9d8cea26f05f: Already exists
fe1ac8650d7e: Pull complete
ecf193b572c0: Pull complete
Digest: sha256:fe773de2f0693e0c16d89500ab36e1de979f6d07e418d69526bfc7bbc95a74f2
Status: Downloaded newer image for stefanoj3/dirstalk:latest
docker.io/stefanoj3/dirstalk:latest
you should get failed to build dictionary: dictionary: unable to open: ... when launching your command again.
If you do not wish to share your host machine folder with the container you can also use remote dictionaries, EG:
docker run stefanoj3/dirstalk dirstalk scan "https://example.com/" -d https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt
This should be the same dictionary you are trying to use.
Note: there was an issue with https calls inside the container that is now fixed
Alright i will give a try
docker run stefanoj3/dirstalk dirstalk scan "https://example.com/" -d https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt
Error: failed to build dictionary: dictionary: failed to get `https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt`: Get https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt: x509: certificate signed by unknown authority
Usage:
dirstalk scan [url] [flags]
Flags:
--cookie stringArray cookie to add to each request; eg name=value (can be specified multiple times)
-d, --dictionary string dictionary to use for the scan (path to local file or remote url)
--header stringArray header to add to each request; eg name=value (can be specified multiple times)
-h, --help help for scan
--http-cache-requests cache requests to avoid performing the same request multiple times within the same scan (EG if the server reply with the same redirect location multiple times, dirstalk will follow it only once) (default true)
--http-methods strings comma separated list of http methods to use; eg: GET,POST,PUT (default [GET])
--http-statuses-to-ignore ints comma separated list of http statuses to ignore when showing and processing results; eg: 404,301 (default [404])
--http-timeout int timeout in milliseconds (default 5000)
--out string path where to store result output
--scan-depth int scan depth (default 3)
--socks5 string socks5 host to use
-t, --threads int amount of threads for concurrent requests (default 3)
--use-cookie-jar enables the use of a cookie jar: it will retain any cookie sent from the server and send them for the following requests
--user-agent string user agent to use for http requests
Global Flags:
-v, --verbose verbose mode
level=fatal msg="Execution error" err="failed to build dictionary: dictionary: failed to get `https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt`: Get https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt: x509: certificate signed by unknown authority"
@gbiagomba have you tried pulling the latest image?
docker pull stefanoj3/dirstalk
The error you reported is fixed in this PR as I wrote you above
@stefanoj3 going to do that now!
@stefanoj3 So it seems to be okay with a URL in the d flag but does not like a local system path
@gbiagomba it might be because you still need to share your local filesystem with the container.
if you check #84 (comment) I expained how to solve it.
@stefanoj3 Ya seems to work now on the bin (the release package you put together) version, so i will just use that instead of docker