Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: Scan not starting when subdomain is_default is set to False #7

Closed
1 task done
psyray opened this issue Apr 21, 2024 · 0 comments · Fixed by #96
Closed
1 task done

bug: Scan not starting when subdomain is_default is set to False #7

psyray opened this issue Apr 21, 2024 · 0 comments · Fixed by #96
Labels
bug Something isn't working
Milestone
v2.0.7 release

Comments

@psyray
Copy link
Contributor

psyray commented Apr 21, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

For an unexplained reason some subdomain does not launch any scan.
When you click Initiate scan, task is sent to celery but the following log is present:

rengine-celery-1       | initiate_subscan                   | WARNING | https://img-dev.xxx.com [200] `0B` `Apache` `159.114883ms`
rengine-celery-1       | remove_duplicate_endpoints         | INFO | Removing duplicate endpoints based on ['content_length', 'page_title']
rengine-celery-1       | run_command                        | INFO | rm /usr/src/scan_results/xxx.com_10/subscans/445/httpx_input.txt
rengine-celery-1       | run_command                        | WARNING | None
rengine-celery-1       | initiate_subscan                   | WARNING | Found subdomain root HTTP URL https://img-dev.xxx.com
rengine-celery-1       | ================================dir_file_fuzz
rengine-celery-1       | dir_file_fuzz                      | WARNING | Task dir_file_fuzz is RUNNING
rengine-celery-1       | dir_file_fuzz                      | WARNING | []
rengine-celery-1       | ================================http_crawl

Important line is this on

rengine-celery-1       | dir_file_fuzz                      | WARNING | []

No URL is present, so scan cannot start.

After further investigation, problem comes from the database.
In the endpoint table, there is default endpoints, and for every subdomain without a default entry on base subdomain (https://www.xxx.com) scan will not start.

Here my sub that not scan
image

The default entry is set while doing a target scan after that it is never set elsewhere.
So if there is a problem while setting this value, subdomains are listed, but you can't launch any scan on it.

Workaround

If True is set to is_default value in the DB scan will work properly
So got to /admin and edit the desired value in the endpoint table.
Then relaunch the scan

Expected Behavior

Scan should start for a subdomain present in the table

Steps To Reproduce

Random, some domain works, others not.
Need investigation

Environment

- reNgine: 2.0.5
- OS: Debian 12
- Python: 2.10
- Docker Engine: x
- Docker Compose: x
- Browser: FF 110

Anything else?

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
v2.0.7 release
Development

Successfully merging a pull request may close this issue.

fix(scan): rework the alive endpoint and redirection operation Security-Tools-Alliance/rengine-ng
1 participant
@psyray