Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug - Scanning issues after recent merge/ commits #479

Closed
alph4byt3 opened this issue Aug 28, 2021 · 8 comments
Closed

Bug - Scanning issues after recent merge/ commits #479

alph4byt3 opened this issue Aug 28, 2021 · 8 comments

Comments

@alph4byt3
Copy link

alph4byt3 commented Aug 28, 2021
edited
Loading

Issue Description

Scans stop working after subdomain discovery but before probing subdomains for endpoints. It seems to be happening during the HTTPX part of the scan.

Here's a normal vuln scan using the default engine in a newly installed instance.

image

image

image

The build I was using before Thursday 26th was fine and that was the day new changes were committed, today I reinstalled rengine due to a power outage hence why I'm now here.

  • I have confirmed that this issue can be reproduced as described on a latest version/pull of reNgine: (yes / no)

yes

Technical details

None
@github-actions
Copy link
Contributor

👋 Hi @alph4byt3,
Issues is only for reporting a bug/feature request. Please read documentation before raising an issue https://rengine.wiki
For very limited support, questions, and discussions, please join reNgine Discord channel: https://discord.gg/azv6fzhNCE
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

@yogeshojha
Copy link
Owner

Weird! Let me try immediately on my older VPS build. But I don't think any changes has happened in scanning part, which would fail this. anyways let me check

@yogeshojha
Copy link
Owner

How did you update btw? I assume

make down && git pull && make build && make up

right?

@yogeshojha
Copy link
Owner

yogeshojha commented Aug 28, 2021
edited
Loading

@alph4byt3 I can confirm everything is working as expected. My build was from Aug 16 and updated to the most recent. It is working as expected.

@wapwn
Copy link

wapwn commented Aug 28, 2021
edited
Loading

@alph4byt3 @yogeshojha
that's because httpx just updated, the returned json data is a bit different
in the http_crawler function you just need to change the subdomain query to

subdomain = Subdomain.objects.get(scan_history=task, name=json_st['input'])

original code

subdomain = Subdomain.objects.get(scan_history=task, name=json_st['url'].split("//")[-1])

@alph4byt3
Copy link
Author

alph4byt3 commented Aug 28, 2021
edited
Loading

How did you update btw? I assume

make down && git pull && make build && make up

right?

Hey what's up, I didn't update it. I'm on a VM so I went back to a previous screenshot from a couple of days ago without reNgine installed and reinstalled it from scratch (git clone etc etc)

I'm quite busy at the moment so when I get free time later I'll go check on it again for any other things I can find.

I saw httpx did update something regarding json output so maybe wapwn above is correct

yogeshojha added a commit that referenced this issue Aug 29, 2021
@yogeshojha
Merge pull request #481 from yogeshojha/fix/479-bug---scanning-issues…
7a76ad4 
…-after-recent-m

Fixed #479, httpx input issue
@yogeshojha
Copy link
Owner

Hi @wapwn Thank you very much for pointing this out! You're awesome 🌟

This has been fixed, tested on the most recent version of HTTPX. If this problem still persists, feel free to raise a new GitHub issue, or we can reopen this.

@yogeshojha
Copy link
Owner

Thanks @alph4byt3 for reporting this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yogeshojha @alph4byt3 @wapwn