Running loki.py on macOS: ModuleNotFoundError: No module named 'helpers'

Question

Running loki.py on macOS: ModuleNotFoundError: No module named 'helpers'

wesinator opened this issue 4 years ago · 24 comments

$ python3 loki.py
Traceback (most recent call last):
  File "loki.py", line 43, in <module>
    from lib.lokilogger import *
  File "/Users/w/Downloads/Loki/lib/lokilogger.py", line 15, in <module>
    from helpers import removeNonAsciiDrop
ModuleNotFoundError: No module named 'helpers'

Python 3.7.7 homebrew
Cloned directly from master.
helpers.py is present in lib/

how do you run Loki on macOS ?
p.s. would it be possible to have a setup.py file ?

Thanks,

Answer 1 · 2020-11-28T01:14:43.000Z

in Loki/lib there is a file called helpers, there is also a module called helpers from pypi. seems like a conflict.
i couldnt get loki to run in python3 at all, it runs ok in python2.7

Answer 2 · 2021-02-16T19:56:38.000Z

I have the same issue in kali linux but I can't get pip for python2.X because is deprecated.

sudo apt install python-pip
[sudo] password for kali:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package python-pip is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
python3-pip

Where could I get that package without using said version of pip?

Answer 3 · 2021-02-16T20:13:59.000Z

you could test drive this python3 version of loki: https://github.com/2d4d/Loki

Answer 4 · 2021-02-16T21:31:38.000Z

you could test drive this python3 version of loki: https://github.com/2d4d/Loki

Ok, I have downloaded it and everything seems to work perfect but as it is running I get this error:
[NOTICE] Starting Loki Scan VERSION: 0.33.0 SYSTEM: kali TIME: 20210216T21: 24: 52Z PLATFORM: PROC: ARCH: 64bit ELF
[NOTICE] Registered plugin PluginWMI
[NOTICE] Loaded plugin /home/kali/Tools/Loki/plugins/loki-plugin-wmi.py
[NOTICE] PE-Sieve successfully initialized BINARY: /home/kali/Tools/Loki/tools/pe-sieve64.exe SOURCE: https://github.com/hasherezade/pe-sieve
[NOTICE] The 'signature-base' subdirectory doesn't exist or is empty. Trying to retrieve the signature database automatically.
[INFO] Starting separate updater process ...
Traceback (most recent call last):
File "loki-upgrader.py", line 32, in
from lib.lokilogger import *
File "/home/kali/Tools/Loki/lib/lokilogger.py", line 11, in
import rfc5424logging
ImportError: No module named rfc5424logging

And it is strange because I have verified that it is installed with pip and also I have tried to force the installation with: pip3 install --ignore-installed rfc5424-logging-handler

Answer 5 · 2021-02-16T21:36:08.000Z

The message comes from loki-upgrader.py and that still has:
#!/usr/bin/env python

Answer 6 · 2021-02-16T21:44:00.000Z

The message comes from loki-upgrader.py and that still has:
#!/usr/bin/env python

Do you mean that this line should be removed from the file ? changed somehow ?

Answer 7 · 2021-02-16T21:44:51.000Z

change it to
#!/usr/bin/env python3

Answer 8 · 2021-02-16T21:46:37.000Z

change it to
#!/usr/bin/env python3

I've changed it and Im still getting the same error

Answer 9 · 2021-02-16T22:14:04.000Z

to install pip on python 2
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && sudo python get-pip.py

Answer 10 · 2021-02-16T22:23:35.000Z

ok, found it, pls clone again

Answer 11 · 2021-02-16T23:20:48.000Z

Ok, now its working very well. Thanks a lot.

In the execution there is an error that I don't know if it's normal but execution keep going and doesn't seem to affect the execution of the program:
[ERROR] Error reading Hash file: /home/kali/Tools/Loki/signature-base/misc/file-type-signatures.txt

Answer 12 · 2021-02-16T23:29:38.000Z

does that file exist? (should have been downloaded with the rest of the signature base)

if yes, pls post the content

should be https://github.com/Neo23x0/signature-base/blob/master/misc/file-type-signatures.txt

Answer 13 · 2021-02-16T23:36:46.000Z

Inside the signature-base folder there are 3 more folders (iocs, misc and yara). But all those folders are empty

Answer 14 · 2021-02-17T00:04:27.000Z

pls try running

python3 loki-upgrader.py --sigsonly

that should fill the folders

Answer 15 · 2021-02-17T00:09:17.000Z

I get this result:

LOKI UPGRADER

[INFO] Updating Signatures ...
[INFO] Downloading https://github.com/Neo23x0/signature-base/archive/master.zip ...
[ERROR] Error while extracting the signature files from the download package

Answer 16 · 2021-02-17T07:33:09.000Z

there was another py2->py3 issue which is now fixed, pls fetch the repo again.

if it still doesn't work, pls run with:
python3 loki-upgrader.py --sigsonly --debug

Answer 17 · 2021-02-17T08:38:15.000Z

Now all signatures seem to update, but later this error appears:
[ERROR] Error reading line: :\ProgramData\NVIDIA\graphicscheck.exe;80
subsequently the execution seems to continue normally

Answer 18 · 2021-02-17T09:47:41.000Z

that's just a \ missing in that one line:
:\ProgramData\NVIDIA\graphicscheck.exe;80

should be fine now. thanks for reporting the bugs.

Answer 19 · 2021-02-17T09:59:01.000Z

The error still continue:

[ERROR] Error reading line: :\ \ProgramData\ \NVIDIA\graphicscheck.exe;80

thanks to you for fixing the bugs :))

Answer 20 · 2021-02-17T12:46:53.000Z

that's an error inhttps://github.com/Neo23x0/signature-base, already made a PR

if you want to fix it for your installation edit the file and add another \ in front of the graphicscheck.exe;80

Answer 21 · 2021-02-17T21:19:38.000Z

I can't see that PR

Answer 22 · 2021-02-17T21:21:18.000Z

Fixed in Neo23x0/signature-base@6544166

Answer 23 · 2021-02-17T21:21:49.000Z

ended up in the stack with the webshell: Neo23x0/signature-base@ae2aed3

Answer 24 · 2021-02-17T21:37:50.000Z

Urg ... I cannot merge that pull request yet. The webshells need further testing.