Certificate signed by Unknown

Question

Certificate signed by Unknown

gbiagomba opened this issue 5 years ago · comments

Hello,

It seems to fail if it doesn't trust the cert from the target web server. Below is sample output from when I ran it. Is there anyway a -k (curl) or --no-check-certificate (wget) flag can be added?

docker run stefanoj3/dirstalk dirstalk scan "https://redacted.example.com" -d https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt
level=info msg="Starting scan" cookie-jar=false cookies= dictionary-length=141694 headers= scan-depth=3 socks5="<nil>" threads=3 timeout=5000 url="https://redacted.example.com" user-agent=
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/cgi-bin: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=cgi-bin
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/education: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=education
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/betsie: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=betsie
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/accessibility: x509: certificate signed by unknown authority" method=GET path=accessibility
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/go: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=go
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/accesskeys: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=accesskeys
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/-: x509: certificate signed by unknown authority" method=GET path=-
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/toolbar: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=toolbar
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/radio: x509: certificate signed by unknown authority" method=GET path=radio
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/tv: x509: certificate signed by unknown authority" method=GET path=tv
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/whereilive: x509: certificate signed by unknown authority" method=GET path=whereilive
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/talk: x509: certificate signed by unknown authority" method=GET path=talk
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/homepage: x509: certificate signed by unknown authority" method=GET path=homepage
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/a-z: x509: certificate signed by unknown authority" method=GET path=a-z
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/bb: x509: certificate signed by unknown authority" method=GET path=bb
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/int: x509: certificate signed by unknown authority" method=GET path=int
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/textonly: x509: certificate signed by unknown authority" method=GET path=textonly
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/oth: x509: certificate signed by unknown authority" method=GET path=oth
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/mobile: x509: certificate signed by unknown authority" method=GET path=mobile
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/t: x509: certificate signed by unknown authority" method=GET path=t
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/help: x509: certificate signed by unknown authority" method=GET path=help
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/search: x509: certificate signed by unknown authority" method=GET path=search
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/pl1: x509: certificate signed by unknown authority" method=GET path=pl1
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/makehomepage: x509: certificate signed by unknown authority" method=GET path=makehomepage
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/text: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=text

Stefano Gabryel · Answer 1 · Fri Nov 22 2019 13:15:08 GMT+0800 (China Standard Time)

Hey @gbiagomba the feature you suggest seems valuable, I think I can have a PR for it ready this morning.

Thank you for the suggestion.

Stefano Gabryel · Answer 2 · Fri Nov 22 2019 14:32:11 GMT+0800 (China Standard Time)

@gbiagomba it should be available now, I added the same flag as wget (--no-check-certificate).

Make sure to pull the latest image: docker pull stefanoj3/dirstalk

Can you let me know if it works for you? I tested it myself and it seems to be working fine (check #91 for example usage)

Note I haven't tagged a new release yet, so if you are using binary there is none available yet. If you are using docker then you can already try.

D4rth R3v4n · Answer 3 · Fri Dec 06 2019 00:22:27 GMT+0800 (China Standard Time)

It seems to work, thank you!

D4rth R3v4n · Answer 4 · Fri Dec 06 2019 02:38:54 GMT+0800 (China Standard Time)

@stefanoj3 could you kindly update the release binary to include the flag? because the latest one (version 1.3.1) does not seem to support it