source precheck.sh errors
Opened this issue · 15 comments
when i reached source precheck.sh i got these errors :
: command not found
E: Invalid operation update
: command not found
-bash: precheck.sh: line 14: syntax error near unexpected token `$'do\r''
'bash: precheck.sh: line 14: `for command in "${commands[@]}"; do
here is the content of precheck.sh
#!/usr/bin/env bash
sudo apt -qq update
commands=(patch sed python3-pip)
python_ver=$(whereis python3 | grep -Eo 'python3\.[0-9]+ ' | sort -u | tail -n 1|xargs)
if [ -z "$python_ver" ]; then
# Get latest version of python 3 available in the repository
python_ver=$(apt search -qq '^python3\.[0-9]+$' 2>/dev/null| grep -Eo 'python3\.[0-9]+' | grep -Fv python3.11 | tail -n 1)
commands+=($python_ver)
fi
commands+=($python_ver-venv)
for command in "${commands[@]}"; do
if [ ! -n "$(command -v $command)" ]; then
if [ -n "$(command -v apt)" ]; then
sudo apt install -y -qq $command
else
sudo yum install -y $command
fi
fi
done
# Note: If a wrong version of pip is installed
# Use below commands to install correct pip version
# if [ ! -n "$(command -v pip3.8)" ]
# then
# wget -q https://bootstrap.pypa.io/get-pip.py -O /tmp/get-pip.py
# sudo $python_ver /tmp/get-pip.py
# rm /tmp/get-pip.py
# fi
cd /cake_fuzzer
sudo pip3 install -q --upgrade virtualenv
sudo virtualenv -q -p $python_ver venv
if [ ! -e venv ]; then
$python_ver -m venv venv
fi
source venv/bin/activate
pip install -qr requirements.txt
echo "setup finished!"
can anyone point the reason ?
update : here is the fix :
sudo apt install dos2unix
dos2unix precheck.sh
@kaster-san This must be some issue due to editors or when you were transferring the file.
All files are prepared in and designed for linux environments so should be no need to convert to unix bytes.
python cake_fuzzer.py instrument check
[-] Error detected by app_info: {'type': 'error', 'message': '() '}
how to resolve this error......i had made the setup as mentioned in the readme file
Can you describe your setup?
Actually i had used ubuntu for the setup as host and used vmware on the top to launch misp ....and used the step specified in the readme.....intially i faced many errors....i resolved it...but now i am stuck with this error
If you use python3.6 it might not work because it doesn't have all the modules required (although it would be a different error than the one you see). Try python 3.8 or newer. Check:
- if your config points correctly to webroot of MISP (by default:
/var/www/MISP/app/webroot/) - if you are inside of the virutal environment when you run the command
I've just setup similar environment using MISP VMWare images, updated it, setup cake_fuzzer with python 3.8 and instrument check works fine:
(venv) root@misp:/cake_fuzzer# python3.8 cake_fuzzer.py instrument check
Applied / Unapplied
FunctionCall Renames: x/18
Patches: 0/6
Copies: 0/0
Annotations: x/1
php.ini updates: x/1
@sreegopcs Yes, it's possible to use windows as the host. If you setup CakeFuzzer on guest linux, it doesn't touch the host at all (unless you setup development environment with file sharing between host&guest).
Regarding the output. Here is the example output of different stages of Cake Fuzzer:
Here is the instrumentation stripped (It's a long process with a lot of output):
(venv) root@misp:/cake_fuzzer# python3.8 cake_fuzzer.py instrument apply
Patches Applied 6
Copies Applied 0
Function calls to 'header' renamed to '__cakefuzzer_header' in '/var/www/MISP/app/../app/Lib/cakephp/lib/Cake/Network/CakeResponse.php', original file renamed to '/var/www/MISP/app/../app/Lib/cakephp/lib/Cake/Network/CakeResponse.php.prerename'
Function calls to 'header' renamed to '__cakefuzzer_header' in '/var/www/MISP/app/../app/Lib/cakephp/lib/Cake/TestSuite/Reporter/CakeTextReporter.php', original file renamed to '/var/www/MISP/app/../app/Lib/cakephp/lib/Cake/TestSuite/Repo
rter/CakeTextReporter.php.prerename'
Function calls to 'header' renamed to '__cakefuzzer_header' in '/var/www/MISP/app/../app/Lib/cakephp/lib/Cake/TestSuite/Reporter/CakeHtmlReporter.php', original file renamed to '/var/www/MISP/app/../app/Lib/cakephp/lib/Cake/TestSuite/Repo
rter/CakeHtmlReporter.php.prerename'
...
Type hints and annotations removed from '/var/www/MISP/app/../app/View/Helper/AclHelper.php', original file renamed to '/var/www/MISP/app/../app/View/Helper/AclHelper.php.preannotation'
Annotations Removed 1
php.ini updates applied 1
Here is the scheduling process:
(venv) root@misp:/cake_fuzzer# python3.8 cake_fuzzer.py run fuzzer
created all that's necessary
discovered 2 files to scan with total of 627 paths
Scheduled SSRFAttackStrategy: 627 attacks, 1 scanners.
Scheduled LFIAttackStrategy: 1254 attacks, 2 scanners.
Scheduled DeserializeAttackStrategy: 1881 attacks, 4 scanners.
Scheduled RFIAttackStrategy: 627 attacks, 6 scanners.
Scheduled SQLInjectionAttackStrategy: 1254 attacks, 3 scanners.
Scheduled XSSAttackStrategy: 4389 attacks, 5 scanners.
Scheduled CommandInjectionAttackStrategy: 7524 attacks, 5 scanners.
Scheduled PhpCodeInjectionAttackStrategy: 627 attacks, 4 scanners.
Scheduled SSTIAttackStrategy: 627 attacks, 1 scanners.
DONE!
Finished!
Here are the periodic monitors working (constantly until you kill the process):
(venv) root@misp:/cake_fuzzer# python3.8 cake_fuzzer.py run periodic_monitors
created all that's necessary
created all that's necessary
Scanning each 0.5s \
Here are the iteration monitors working (constantly until you kill the process):
(venv) root@misp:/cake_fuzzer# python3.8 cake_fuzzer.py run iteration_monitors
created all that's necessary
created all that's necessary
Scanning Iteration Results | | 0/0 - 0.0% - eta: 00:00:00 - elapsed: 9
Here is the final scanning/attacking process (once it's finished you need to kill it as well):
(venv) root@misp:/cake_fuzzer# python3.8 cake_fuzzer.py run attack_queue
created all that's necessary
Executing Attack Scenarios | | 3/18807 - 0.0% - eta: 18:50:29 - elapsed: 10
The registry creates the results.json file with detected vulnerabilities:
(venv) root@misp:/cake_fuzzer# python3.8 cake_fuzzer.py run registry; jq length results.json
created all that's necessary
created all that's necessary
created all that's necessary
Finished!
0
(venv) root@misp:/cake_fuzzer# python3.8 cake_fuzzer.py instrument check
Applied / Unapplied
FunctionCall Renames: x/18
Patches: 6/2
Copies: 0/1
Annotations: x/1
php.ini updates: x/1
(venv) root@misp:/cake_fuzzer# python3.8 cake_fuzzer.py instrument apply
Traceback (most recent call last):
File "cake_fuzzer.py", line 574, in
app()
File "cake_fuzzer.py", line 564, in instrumentation
asyncio.run(apply_instrumentation())
File "/usr/lib/python3.8/asyncio/runners.py", line 43, in run
return loop.run_until_complete(main)
File "/usr/lib/python3.8/asyncio/base_events.py", line 608, in run_until_complete
return future.result()
File "cake_fuzzer.py", line 510, in apply_instrumentation
await inst.apply()
File "/cake_fuzzer/cakefuzzer/instrumentation/instrumentator.py", line 165, in apply
unapplied = await apply(*unapplied)
File "/cake_fuzzer/cakefuzzer/instrumentation/init.py", line 32, in apply
await asyncio.gather(*[p.apply(semaphore) for p in args])
File "/cake_fuzzer/cakefuzzer/instrumentation/patch.py", line 45, in apply
await _run_subprocess("patch", str(self.original), str(self.patch))
File "/cake_fuzzer/cakefuzzer/instrumentation/patch.py", line 19, in _run_subprocess
raise InstrumentationError(
cakefuzzer.instrumentation.InstrumentationError: Error: Error while instrumenting, got non-zero response from subprocess
Try: patch /var/www/MISP/app/../vendor/cakephp/authentication/src/AuthenticationService.php cakefuzzer/instrumentation/patches/CakePHP/4/vendor/cakephp/authentication/src/AuthenticationService.php.patch
(venv) root@misp:/cake_fuzzer#
any sugestions
What version of MISP are you trying to scan?
MISP_v2.4.146@0c25b72 is version i am using
You need to set the instrumentation to CAKE version 2 (MISP is built on CAKE 2).
You can do this in config/config.ini. Set the following env var:
INSTRUMENTATION_INI="config/instrumentation_cake2.ini"(venv) root@misp:/cake_fuzzer# python3.8 cake_fuzzer.py instrument apply
Patches Applied 0
Copies Applied 0
PHP Fatal error: Uncaught Error: Call to undefined method PhpParser\ParserFactory::create() in /cake_fuzzer/cakefuzzer/phpfiles/instrumentation/rename_function_call.php:62
Stack trace:
#0 {main}
thrown in /cake_fuzzer/cakefuzzer/phpfiles/instrumentation/rename_function_call.php on line 62
Traceback (most recent call last):
File "cake_fuzzer.py", line 574, in
app()
File "cake_fuzzer.py", line 564, in instrumentation
asyncio.run(apply_instrumentation())
File "/usr/lib/python3.8/asyncio/runners.py", line 43, in run
return loop.run_until_complete(main)
File "/usr/lib/python3.8/asyncio/base_events.py", line 608, in run_until_complete
return future.result()
File "cake_fuzzer.py", line 510, in apply_instrumentation
await inst.apply()
File "/cake_fuzzer/cakefuzzer/instrumentation/instrumentator.py", line 173, in apply
unapplied = await apply(*unapplied)
File "/cake_fuzzer/cakefuzzer/instrumentation/init.py", line 32, in apply
await asyncio.gather(*[p.apply(semaphore) for p in args])
File "/cake_fuzzer/cakefuzzer/instrumentation/override.py", line 35, in apply
raise InstrumentationError(
cakefuzzer.instrumentation.InstrumentationError: Error: Error while instrumenting, got non-zero response from subprocess
Try: php cakefuzzer/phpfiles/instrumentation/rename_function_call.php /var/www/MISP/app/.. header __cakefuzzer_header
PHP Fatal error: Uncaught Error: Call to undefined method PhpParser\ParserFactory::create() in /cake_fuzzer/cakefuzzer/phpfiles/instrumentation/rename_function_call.php:62
Stack trace:
#0 {main}
thrown in /cake_fuzzer/cakefuzzer/phpfiles/instrumentation/rename_function_call.php on line 62
(venv) root@misp:/cake_fuzzer#
i have made the changes in config.ini......but still getting some other error....
Also after successfully completing the execution of all the commands...does the result json contain the vulnerability details pointing towards the exact location of where the error is inside the file?
That's weird error. Do you have the php-parser cloned repo directory? If not try to run this script: cakefuzzer/phpfiles/instrumentation/install_php_parser.sh. If yes than it needs deeper investigation.
You don't get the info about the file that contains the vulnerability but the request that will let you to reproduce it.
Hard to say what's causing the error.
Here is example output with one pre-planted SSRF vulnerability:
[
{
"found_in": {
"strategy_name": "SSRFAttackStrategy",
"payload": "http://4glkaunm0gijcgqvo1tfp5617sdj19py.00017491695907542774.local",
"detection_result": "4glkaunm0gijcgqvo1tfp5617sdj19py.00017491695907542774.local",
"context_location": "",
"vulnerability_location": {
"_POST": {
"baseurl": "http://4glkaunm0gijcgqvo1tfp5617sdj19py.00017491695907542774.local"
}
},
"vulnerability_id": 0,
"path": "/TaxiiServers/getRoot/",
"method": "POST",
"superglobal": {
"_GET": {},
"_POST": {
"baseurl": "http://4glkaunm0gijcgqvo1tfp5617sdj19py.00017491695907542774.local",
"uri": "/taxii2/"
},
"_REQUEST": {},
"_COOKIE": {
"CAKEPHP": "http://4glkaunm0gijcgqvo1tfp5617sdj19py.01588384992370180046.local"
},
"_FILES": {},
"_SERVER": {
"HTTP_USER_AGENT": "http://4glkaunm0gijcgqvo1tfp5617sdj19py.01197202265851745442.local",
"HTTP_IF_NONE_MATCH": "http://4glkaunm0gijcgqvo1tfp5617sdj19py.03222932666639621773.local",
"HTTP_IF_MODIFIED_SINCE": "http://4glkaunm0gijcgqvo1tfp5617sdj19py.01544122491512797937.local",
"HTTP_HOST": "127.0.0.1",
"HTTP_SEC_FETCH_SITE": "same-origin",
"HTTP_ACCEPT": "application/xml"
}
}
}
}
]