gyoisamurai / gyoithon Goto Github PK
View Code? Open in Web Editor NEWGyoiThon is a growing penetration test tool using Machine Learning.
License: Other
GyoiThon is a growing penetration test tool using Machine Learning.
License: Other
Traceback (most recent call last):
File "gyoithon.py", line 364, in
cve_explorer = CveExplorerNVD(utility, opt_no_update_vulndb)
File "/home/kali/GyoiThon/modules/Gyoi_CveExplorerNVD.py", line 79, in init
self.df_vuln_db = self.initialize_vuln_db()
File "/home/kali/GyoiThon/modules/Gyoi_CveExplorerNVD.py", line 301, in initialize_vuln_db
df_vuln_db = pd.read_csv(self.nvd_path, sep=',', encoding='utf-8')
File "/usr/lib/python3/dist-packages/pandas/io/parsers.py", line 688, in read_csv
return _read(filepath_or_buffer, kwds)
File "/usr/lib/python3/dist-packages/pandas/io/parsers.py", line 454, in _read
parser = TextFileReader(fp_or_buf, **kwds)
File "/usr/lib/python3/dist-packages/pandas/io/parsers.py", line 948, in init
self._make_engine(self.engine)
File "/usr/lib/python3/dist-packages/pandas/io/parsers.py", line 1180, in _make_engine
self._engine = CParserWrapper(self.f, **self.options)
File "/usr/lib/python3/dist-packages/pandas/io/parsers.py", line 1993, in init
src = open(src, "rb")
FileNotFoundError: [Errno 2] No such file or directory: '/home/kali/GyoiThon/modules/vuln_db/vulns_nvd.csv'
Python 3 is already installed: python3-pip is already the newest version (18.1-4).
**After executing the installation script I get the following output:
pip3 install -r requirements.txt
...
Command "x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE=1 -D_LARGEFILE64_SOURCE=1 -Inumpy/core/include -Ibuild/src.linux-x86_64-3.7/numpy/core/include/numpy -Inumpy/core/src/private -Inumpy/core/src -Inumpy/core -Inumpy/core/src/npymath -Inumpy/core/src/multiarray -Inumpy/core/src/umath -Inumpy/core/src/npysort -I/usr/include/python3.7m -Ibuild/src.linux-x86_64-3.7/numpy/core/src/private -Ibuild/src.linux-x86_64-3.7/numpy/core/src/npymath -Ibuild/src.linux-x86_64-3.7/numpy/core/src/private -Ibuild/src.linux-x86_64-3.7/numpy/core/src/npymath -Ibuild/src.linux-x86_64-3.7/numpy/core/src/private -Ibuild/src.linux-x86_64-3.7/numpy/core/src/npymath -c numpy/random/mtrand/mtrand.c -o build/temp.linux-x86_64-3.7/numpy/random/mtrand/mtrand.o -MMD -MF build/temp.linux-x86_64-3.7/numpy/random/mtrand/mtrand.o.d" failed with exit status 1
----------------------------------------
Command "/usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-o9imuv_p/numpy/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-feimhlhz/install-record.txt --single-version-externally-managed --prefix /tmp/pip-build-env-csq28j6x --compile" failed with error code 1 in /tmp/pip-install-o9imuv_p/numpy/
Command "/usr/bin/python3 -m pip install --ignore-installed --no-user --prefix /tmp/pip-build-env-csq28j6x --no-warn-script-location --no-binary :none: --only-binary :none: -i https://pypi.org/simple -- wheel setuptools Cython "numpy==1.9.3; python_version=='3.5'" "numpy==1.12.1; python_version=='3.6'" "numpy==1.13.1; python_version>='3.7'"" failed with error code 1 in None
I am getting an error saying there is no vulns_nvd.csv file. I am trying to find the vulns_nvd.csv file, could not locate it. I need help please.
Here are the errors what I got:
Exception: [Errno 2] No such file or directory: '/home/github/GyoiThon/signatures/signature_framework.txt'
[*] Exception: <urlopen error [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:833)>
Traceback (most recent call last):
File "gyoithon.py", line 228, in
products = classifier.analyzer(ip_list[idx], int(port_list[idx]), ip_list[idx])
File "./classifier4gyoithon/GyoiClassifier.py", line 95, in analyzer
fin = codecs.open(logfile_path, 'r', encoding='utf-8')
File "/usr/lib/python3.6/codecs.py", line 897, in open
file = builtins.open(filename, mode, buffering)
FileNotFoundError: [Errno 2] No such file or directory: '/home/github/GyoiThon/classifier4gyoithon/../http://192.168.2.110:80'
pip3 install -r requirements.txt
Command "/usr/bin/python3 -m pip install --ignore-installed --no-user --prefix /tmp/pip-build-env-t07ekiyi --no-warn-script-location --no-binary :none: --only-binary :none: -i https://pypi.org/simple -- wheel setuptools Cython "numpy==1.9.3; python_version=='3.5'" "numpy==1.12.1; python_version=='3.6'" "numpy==1.13.1; python_version>='3.7'"" failed with error code 1 in None
uname -a
4.19.0-kali3-amd64 #1 SMP Debian 4.19.20-1kali1 (2019-02-14) x86_64 GNU/Linux
Thank you for update but i have this issue now :/
Invalid file: list index out of range
Traceback (most recent call last):
File "gyoithon.py", line 202, in
if check_arg_value(ip_list[idx], port_list[idx], path_list[idx]) is False:
IndexError: list index out of range
Hi, ** GyoiThon** directly and transitively introduced multiple versions of urllib3.
As shown in the following full dependency graph of GyoiThon, GyoiThon requires urllib3 (the latest version), while the installed version of requests(2.22.0) requires urllib3>=1.21.1,<1.26.
According to Pip's “first found wins” installation strategy, urllib3 1.25.3 is the actually installed version.
Although the first found package version urllib3 1.25.3 just satisfies the later dependency constraint (urllib3>=1.21.1,<1.26), it will lead to a build failure once developers release a newer version of urllib3.
GyoiThon(version range:)
| +-beautifulsoup4(version range:>=4.6.3)
| +-cchardet(version range:>=2.1.4)
| +-censys(version range:>=0.0.8)
| | +-requests(version range:)
| | | +-chardet(version range:>=3.0.2,<3.1.0)
| | | +-idna(version range:>=2.5,<2.9)
| | | +-urllib3(version range:>=1.21.1,<1.26)
| | | +-certifi(version range:>=2017.4.17)
| | +-netaddr(version range:)
| +-docopt(version range:>=0.6.2)
| +-google-api-python-client(version range:>=1.7.4)
| | +-httplib2(version range:>=0.9.2,<1dev)
| | +-google-auth(version range:>=1.4.1)
| | +-google-auth-httplib2(version range:>=0.0.3)
| | +-six(version range:>=1.6.1,<2dev)
| | +-uritemplate(version range:>=3.0.0,<4dev)
| +-jinja2(version range:>=2.10.1)
| +-matplotlib(version range:>=3.0.3)
| +-msgpack-python(version range:>=0.5.6)
| +-networkx(version range:>=2.2)
| +-pandas(version range:>=0.22.0)
| +-pysocks(version range:>=1.6.7)
| +-scrapy(version range:>=1.5.0)
| | +-Twisted(version range:>=13.1.0python)
| | +-Twisted(version range:>=13.1.0,<=19.2.0python)
| | +-w3lib(version range:>=1.17.0)
| | +-queuelib(version range:)
| | +-lxml(version range:)
| | +-pyOpenSSL(version range:)
| | +-cssselect(version range:>=0.9)
| | +-six(version range:>=1.5.2)
| | +-parsel(version range:>=1.5)
| | +-PyDispatcher(version range:>=2.0.5)
| | +-service_identity(version range:)
| +-tldextract(version range:>=2.2.1)
| | +-setuptools(version range:)
| | +-idna(version range:)
| | +-requests(version range:>=2.1.0)
| | | +-chardet(version range:>=3.0.2,<3.1.0)
| | | +-idna(version range:>=2.5,<2.9)
| | | +-urllib3(version range:>=1.21.1,<1.26)
| | | +-certifi(version range:>=2017.4.17)
| | +-requests-file(version range:>=1.4)
| +-urllib3(version range:>=1.25)
Thanks for your attention.
Best,
Neolith
Hi!
This message appears to me when I try to run the program
root@kali:~/Pentest/GyoiThon# python gyoithon.py
Traceback (most recent call last):
File "gyoithon.py", line 10, in
from urllib.request import urlopen
ImportError: No module named request
can you help me??
Thanks
python gyoithon.py
Traceback (most recent call last):
File "gyoithon.py", line 9, in
import pandas as pd
ImportError: No module named pandas
Hi, sometimes I receive the following error in the content dicovery module.
Traceback (most recent call last):
File "gyoithon.py", line 601, in <module>
max_target_byte))
File "/opt/GyoiThon/modules/Gyoi_ContentExplorer.py", line 107, in content_explorer
msg = '{}/{} Accessing : Status: {}, Url: {}'.format(idx + 1, len(signatures), res.status, target_url)
AttributeError: 'NoneType' object has no attribute 'status'
There seems to be no error checking if the result does not contain anything in Gyoi_ContentExplorer.py:
res, server_header, res_header, res_body, _ = self.utility.send_request('GET', target_url)
msg = '{}/{} Accessing : Status: {}, Url: {}'.format(idx + 1, len(signatures), res.status, target_url)
Can you please implement error checking?
Thanks and cheers
Tried building through Docker
_$ cd GyoiThon/docker
$ sudo docker build -t gyoithon .
$ sudo docker run -v $PWD/host.txt:/opt/gyiothon/host.txt gyoithon
Starting PostgreSQL 10 database server: main.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 141 100 141 0 0 23500 0 --:--:-- --:--:-- --:--:-- 23500
i set the file host 172.16.62.190 80 /var/www/html
some error happened
Traceback (most recent call last):
File "gyoithon.py", line 228, in
products = classifier.analyzer(ip_list[idx], int(port_list[idx]), ip_list[idx])
File "./classifier4gyoithon/GyoiClassifier.py", line 95, in analyzer
fin = codecs.open(logfile_path, 'r', encoding='utf-8')
File "/usr/lib/python3.6/codecs.py", line 897, in open
file = builtins.open(filename, mode, buffering)
FileNotFoundError: [Errno 2] No such file or directory: '/root/GyoiThon/classifier4gyoithon/../http://172.16.62.190:80/'
Hi, I am running the latest Debian Stretch on amd64.
My Python version is:
$ python
Python 2.7.13 (default, Nov 24 2017, 17:33:09)
[GCC 6.3.0 20170516] on linux2
My pip version is:
$ pip -V
pip 9.0.1 from /usr/lib/python2.7/dist-packages (python 2.7)
$ dpkg -l |grep python-pip
ii python-pip 9.0.1-2 all Python package installer
ii python-pip-whl 9.0.1-2 all Python package installer
I have the following pip packages installed after
$ sudo pip install -r requirements.txt
$ sudo pip install configparser
$ sudo pip install parse
$ sudo pip list
apsw (3.13.0.post1)
BeautifulSoup (3.2.1)
beautifulsoup4 (4.5.3)
chardet (2.3.0)
CherryPy (3.5.0)
click (6.7)
click-plugins (1.0.3)
colorama (0.3.9)
configparser (3.5.0)
cryptography (1.7.1)
cssselect (1.0.1)
cssutils (1.0)
dnspython (1.15.0)
docopt (0.6.2)
enum34 (1.1.6)
feedparser (5.1.3)
html5lib (0.999999999)
idna (2.2)
ipaddr (2.1.11)
ipaddress (1.0.17)
Jinja2 (2.10)
keyring (10.1)
keyrings.alt (1.3)
libvirt-python (3.0.0)
lxml (3.7.1)
Markdown (2.6.8)
MarkupSafe (1.0)
mechanize (0.2.5)
msgpack-python (0.5.6)
netifaces (0.10.4)
numpy (1.12.1)
pandas (0.22.0)
parse (1.8.4)
Pillow (4.0.0)
pip (9.0.1)
pyasn1 (0.1.9)
pycrypto (2.6.1)
Pygments (2.2.0)
pygobject (3.22.0)
pyOpenSSL (16.2.0)
pyparsing (2.1.10)
python-dateutil (2.5.3)
pytz (2018.5)
pyxdg (0.25)
PyYAML (3.12)
repoze.lru (0.6)
requests (2.12.4)
Routes (2.3.1)
SecretStorage (2.3.1)
setuptools (33.1.1)
shodan (1.7.7)
six (1.10.0)
urllib3 (1.19.1)
uTidylib (0.3)
vboxapi (1.0)
webencodings (0.5)
WebOb (1.6.2)
wheel (0.29.0)
XlsxWriter (1.0.2)
While running the program I am getting this error.
~/Software/GyoiThon$ python gyoithon.py
Traceback (most recent call last):
File "gyoithon.py", line 12, in
from GyoiClassifier import DeepClassifier
File "./classifier4gyoithon/GyoiClassifier.py", line 13, in
from urllib.parse import urlparse
ImportError: No module named parse
~/Software/GyoiThon$ sudo python gyoithon.py
Traceback (most recent call last):
File "gyoithon.py", line 12, in
from GyoiClassifier import DeepClassifier
File "./classifier4gyoithon/GyoiClassifier.py", line 13, in
from urllib.parse import urlparse
ImportError: No module named parse
How do I troubleshoot this?
Thanks
**_
upon running the script this the error i get, any help?
_**
#python gyoithon.py
Traceback (most recent call last):
File "gyoithon.py", line 10, in
from urllib.request import urlopen
ImportError: No module named request
File "gyoithon.py", line 232, in
products = classifier.analyzer(ip_list[idx], int(port_list[idx]), ip_list[idx])
File "./classifier4gyoithon/GyoiClassifier.py", line 95, in analyzer
logfile_path = os.path.join(self.root_path, df_selected_summary.at[0, 'log'])
File "/usr/local/lib/python3.6/site-packages/pandas/core/indexing.py", line 1869, in getitem
return self.obj._get_value(*key, takeable=self._takeable)
File "/usr/local/lib/python3.6/site-packages/pandas/core/frame.py", line 1985, in _get_value
return engine.get_value(series._values, index)
File "pandas/_libs/index.pyx", line 83, in pandas._libs.index.IndexEngine.get_value
File "pandas/_libs/index.pyx", line 91, in pandas._libs.index.IndexEngine.get_value
File "pandas/_libs/index.pyx", line 139, in pandas._libs.index.IndexEngine.get_loc
File "pandas/_libs/hashtable_class_helper.pxi", line 811, in pandas._libs.hashtable.Int64HashTable.get_item
File "pandas/_libs/hashtable_class_helper.pxi", line 817, in pandas._libs.hashtable.Int64HashTable.get_item
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.7m -c src/twisted/test/raiser.c -o build/temp.linux-x86_64-3.7/src/twisted/test/raiser.o
src/twisted/test/raiser.c:4:10: fatal error: Python.h: No such file or directory
#include "Python.h"
^~~~~~~~~~
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
----------------------------------------
Command "/usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-h98yxwim/Twisted/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-t899wm2g/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-install-h98yxwim/Twisted/
While "[+] Get Exploit Tree"
Traceback (most recent call last):
File "gyoithon.py", line 611, in
'path': path_list[idx].replace('/', '')})
File "/home/user/Development/GyoiThon/modules/Gyoi_Exploit.py", line 444, in exploit
exploit_tree = self.get_exploit_tree(all_exploit_list)
File "/home/user/Development/GyoiThon/modules/Gyoi_Exploit.py", line 300, in get_exploit_tree
target_info = ret.get(b'data').decode('utf-8')
AttributeError: 'NoneType' object has no attribute 'decode'
root@xxx:/opt/GyoiThon# python3 gyoithon.py
Traceback (most recent call last):
File "gyoithon.py", line 158, in
show_banner(utility)
File "gyoithon.py", line 76, in show_banner
utility.print_message(NONE, banner)
File "/opt/GyoiThon/util.py", line 82, in print_message
print(NOTE_GREEN + message + ENDC)
UnicodeEncodeError: 'ascii' codec can't encode characters in position 82-91: ordinal not in range(128)
root@xxx:/opt/GyoiThon# uname -a
Linux 4.17.0-kali3-amd64 #1 SMP Debian 4.17.17-1kali1 (2018-08-21) x86_64 GNU/Linux
Hi, I'm porting your tool to Pentoo Linux and facing the problem with other tools which require not so decent versions and might not work/tested with the latest yet.
The requirements seem unnecessary strict and require the latest version exclusively:
Lines 1 to 13 in 30aae11
Specifically, the following are the troubled packages:
Could you relax dependences, do not use ==
and replace with >=
and only require a specific version IF it is really necessary?
...Snips...
[*] Extract CVE information : CVE-2005-4889, Vendor=rpm, Product=rpm, Version=4.1
[*] Extract CVE information : CVE-2005-4889, Vendor=rpm, Product=rpm, Version=4.3.3
[*] Extract CVE information : CVE-2005-4889, Vendor=rpm, Product=rpm, Version=4.4.2.
[*] Extract CVE information : CVE-2005-4889, Vendor=rpm, Product=rpm, Version=4.4.2.1
[*] Extract CVE information : CVE-2005-4889, Vendor=rpm, Product=rpm, Version=4.4.2.2
[*] Extract CVE information : CVE-2005-4889, Vendor=rpm, Product=rpm, Version=*
[*] Extract CVE information : CVE-2005-4895, Vendor=csilvers, Product=gperftools, Version=0.1
[*] Extract CVE information : CVE-2005-4895, Vendor=csilvers, Product=gperftools, Version=0.2
[*] Extract CVE information : CVE-2005-4895, Vendor=csilvers, Product=gperftools, Version=*
[*] Extract CVE information : CVE-2005-4900, Vendor=google, Product=chrome, Version=*
[*] Get 2006 meta information from https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2006.meta
[!] Set encoding: ASCII
[*] Get 2006 CVE list from https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2006.json.zip
^CTraceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 377, in _make_request
httplib_response = conn.getresponse(buffering=True)
TypeError: getresponse() got an unexpected keyword argument 'buffering'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "gyoithon.py", line 180, in <module>
cve_explorer = CveExplorerNVD(utility)
File "/home/mio/GyoiThon/modules/Gyoi_CveExplorerNVD.py", line 61, in __init__
self.df_vuln_db = self.initialize_vuln_db()
File "/home/mio/GyoiThon/modules/Gyoi_CveExplorerNVD.py", line 248, in initialize_vuln_db
self.create_vuln_yearly_db(cve_year, last_modified_date)
File "/home/mio/GyoiThon/modules/Gyoi_CveExplorerNVD.py", line 186, in create_vuln_yearly_db
with http.request('GET', target_url, preload_content=False) as res, open(tmp_file, 'wb') as fout:
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 69, in request
**urlopen_kw)
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 90, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "/usr/lib/python3/dist-packages/urllib3/poolmanager.py", line 162, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 560, in urlopen
body=body, headers=headers)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 379, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.5/http/client.py", line 1197, in getresponse
response.begin()
File "/usr/lib/python3.5/http/client.py", line 297, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.5/http/client.py", line 258, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/lib/python3.5/socket.py", line 575, in readinto
return self._sock.recv_into(b)
File "/usr/lib/python3.5/ssl.py", line 929, in recv_into
return self.read(nbytes, buffer)
File "/usr/lib/python3.5/ssl.py", line 791, in read
return self._sslobj.read(len, buffer)
File "/usr/lib/python3.5/ssl.py", line 575, in read
v = self._sslobj.read(len, buffer)
5.2.0-kali3-amd64 #1 SMP Debian 5.2.17-1kali2 (2019-10-17) x86_64 GNU/Linux
Python 3.7.5
python3 gyoithon.py
Unable to init server: Could not connect: Connection refused
Unable to init server: Could not connect: Connection refused
(gyoithon.py:1000): Gdk-CRITICAL **: 04:32:42.931: gdk_cursor_new_for_display: assertion 'GDK_IS_DISPLAY (display)' failed
[*] Get 2011 CVE list from https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2011.json.zip
Killed
How to set server_host & LHOST if GyoiThon running on public address?
Hi I have been exploring this tool for the past few days and it's a little complex in particular the Metasploit mode. What does it exactly do? From the command line I can see the exploit being tested but it seems that all of them are failing which is weird because I am testing against a vulnerable machine from Metasploit called Metasploitable. Can you provide more insights and how exactly I should use them?
Another question is if the exploit is successful would a reverse shell be returned automatically? Thank you! I can provide the parameters of the testing if needed.
Ive gotten this error when trying to build the docker file.
Sending build context to Docker daemon 11.78kB
Step 1/11 : FROM kalilinux/kali-linux-docker
---> f26f3ae90aee
Step 2/11 : RUN apt-get update && apt-get install -y metasploit-framework tmux python3-pandas python3-docopt python3-msgpack python3-jinja2 && apt-get clean && rm -rf /var/lib/apt/lists/*
---> Using cache
---> d050cacb411f
Step 3/11 : RUN curl -sSL https://github.com/gyoisamurai/GyoiThon/raw/master/docker/msf_setup/db.sql --output /tmp/db.sql
---> Using cache
---> e8f59287a411
Step 4/11 : RUN /etc/init.d/postgresql start && su postgres -c "psql -f /tmp/db.sql"
---> Using cache
---> ee9a61e99a09
Step 5/11 : RUN curl -sSL https://github.com/gyoisamurai/GyoiThon/raw/master/docker/msf_setup/database.yml --output /usr/share/metasploit-framework/config/database.yml
---> Using cache
---> 07377f25947f
Step 6/11 : RUN git clone https://github.com/gyoisamurai/GyoiThon /opt/gyiothon
---> Using cache
---> 6891ae93be7b
Step 7/11 : RUN curl -sSL https://github.com/gyoisamurai/GyoiThon/raw/master/docker/msf_setup/meterpreter.rc --output /tmp/meterpreter.rc
---> Using cache
---> 9eb5fa246460
Step 8/11 : RUN curl -sSL https://github.com/gyoisamurai/GyoiThon/raw/master/docker/gyoithon_setup/config.ini --output /opt/gyiothon/classifier4gyoithon/config.ini
---> Running in 158111af4eb5
curl: (23) Failed writing body (0 != 1131)
The command '/bin/sh -c curl -sSL https://github.com/gyoisamurai/GyoiThon/raw/master/docker/gyoithon_setup/config.ini --output /opt/gyiothon/classifier4gyoithon/config.ini' returned a non-zero code: 23
I looked up curls exit code 23, it means theres a write error. Something is wrong with writing to the file /opt/gyiothon/classifier4gyoithon/config.ini
. Heres the link to the curl errors page:
https://curl.haxx.se/libcurl/c/libcurl-errors.html
[] Invalid IP address
[] Exception: 'utf-8' codec can't decode byte 0xed in position 264: invalid continuation byte
[*] Exception: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:833)
Traceback (most recent call last):
File "gyoithon.py", line 232, in
products = classifier.analyzer(ip_list[idx], int(port_list[idx]), ip_list[idx])
File "./classifier4gyoithon/GyoiClassifier.py", line 95, in analyzer
logfile_path = os.path.join(self.root_path, df_selected_summary.at[0, 'log'])
File "/usr/local/lib/python3.6/dist-packages/pandas/core/indexing.py", line 1869, in getitem
return self.obj._get_value(*key, takeable=self._takeable)
File "/usr/local/lib/python3.6/dist-packages/pandas/core/frame.py", line 1985, in _get_value
return engine.get_value(series._values, index)
File "pandas/_libs/index.pyx", line 83, in pandas._libs.index.IndexEngine.get_value
File "pandas/_libs/index.pyx", line 91, in pandas._libs.index.IndexEngine.get_value
File "pandas/_libs/index.pyx", line 139, in pandas._libs.index.IndexEngine.get_loc
File "pandas/_libs/hashtable_class_helper.pxi", line 811, in pandas._libs.hashtable.Int64HashTable.get_item
File "pandas/_libs/hashtable_class_helper.pxi", line 817, in pandas._libs.hashtable.Int64HashTable.get_item
First a scan was started. (using -p for exploit option).
It was scanning all the time and partial output here:
[] 1102/1219 exploit:windows/misc/bigant_server_usv, targets:1
[] 1103/1219 exploit:windows/misc/bopup_comm, targets:1
[] 1104/1219 exploit:windows/misc/citrix_streamprocess, targets:1
[] 1105/1219 exploit:windows/misc/cloudme_sync, targets:1
[] 1106/1219 exploit:windows/misc/commvault_cmd_exec, targets:1
[] 1107/1219 exploit:windows/misc/disk_savvy_adm, targets:1
[] 1108/1219 exploit:windows/misc/hp_dataprotector_cmd_exec, targets:1
[] 1109/1219 exploit:windows/misc/hp_dataprotector_exec_bar, targets:2
[] 1110/1219 exploit:windows/misc/hp_dataprotector_install_service, targets:1
[] 1111/1219 exploit:windows/misc/hp_dataprotector_traversal, targets:1
[] 1112/1219 exploit:windows/misc/hp_imc_dbman_restartdb_unauth_rce, targets:1
[] 1113/1219 exploit:windows/misc/hp_imc_dbman_restoredbase_unauth_rce, targets:1
[] 1114/1219 exploit:windows/misc/hp_loadrunner_magentproc_cmdexec, targets:1
[] 1115/1219 exploit:windows/misc/hp_omniinet_1, targets:5
[] 1116/1219 exploit:windows/misc/hp_omniinet_2, targets:5
[] 1117/1219 exploit:windows/misc/hp_omniinet_3, targets:1
[] 1118/1219 exploit:windows/misc/hp_omniinet_4, targets:1
[] 1119/1219 exploit:windows/misc/ib_isc_attach_database, targets:11
[*] 1120/1219 exploit:windows/misc/ib_isc_create_database, targets:11
but yet, no error indicated. Next check with netstat, ifconfig and ping, the target address is no longer running.
In summary, when the target IP is no longer existing, Gyoithon will continue scanning and running as if the IP is still there.
Can you confirm this issue?
THanks.
Traceback (most recent call last):
File "gyoithon.py", line 321, in
protocol_list, fqdn_list, port_list, path_list = get_target_info(full_path, utility)
File "gyoithon.py", line 43, in get_target_info
msg = utility.make_log_msg(utility.log_in, utility.log_dis, os.path.basename(file), note='Get target information')
AttributeError: 'Utilty' object has no attribute 'make_log_msg'
How can i make it to pick hostname instead of IP ADDR
Install & Config is allright but it's error
Kioptrix VM3 LotusCMS
Metasploit exploit
exploit/multi/http/lcms_php_exec
[+] Analyzing gathered HTTP response using Machine Learning.
Traceback (most recent call last):
File "gyoithon.py", line 300, in
products = classifier.analyzer(ip_list[idx], int(port_list[idx]), ip_list[idx], False, target_url)
File "/opt/GyoiThon/classifier4gyoithon/GyoiClassifier.py", line 70, in analyzer
logfile_path = os.path.join(self.root_path, df_selected_summary.at[0, 'log'])
File "/usr/local/lib/python3.6/dist-packages/pandas/core/indexing.py", line 1869, in getitem
return self.obj._get_value(*key, takeable=self._takeable)
File "/usr/local/lib/python3.6/dist-packages/pandas/core/frame.py", line 1985, in _get_value
return engine.get_value(series._values, index)
File "pandas/_libs/index.pyx", line 83, in pandas._libs.index.IndexEngine.get_value
File "pandas/_libs/index.pyx", line 91, in pandas._libs.index.IndexEngine.get_value
File "pandas/_libs/index.pyx", line 139, in pandas._libs.index.IndexEngine.get_loc
File "pandas/_libs/hashtable_class_helper.pxi", line 811, in pandas._libs.hashtable.Int64HashTable.get_item
File "pandas/_libs/hashtable_class_helper.pxi", line 817, in pandas._libs.hashtable.Int64HashTable.get_item
KeyError: 0
$ python3 -V
Python 3.8.0
Could not locate executable g77
Could not locate executable f77
Could not locate executable ifort
Could not locate executable ifl
Could not locate executable f90
Could not locate executable E:\Program
Could not locate executable efl
Could not locate executable gfortran
Could not locate executable f95
Could not locate executable g95
Could not locate executable efort
Could not locate executable efc
Could not locate executable flang
don't know how to compile Fortran code on platform 'nt'
'svnversion' ▒▒▒▒▒ڲ▒▒▒▒ⲿ▒▒▒Ҳ▒▒▒ǿ▒▒▒▒еij▒▒▒
▒▒▒▒▒▒▒▒▒ļ▒▒▒
non-existing path in 'numpy\distutils': 'site.cfg'
Running from numpy source directory.
Here is the error. Thank you!
Traceback (most recent call last):
File "gyoithon.py", line 212, in <module>
cve_explorer = CveExplorerNVD(utility, opt_no_update_vulndb)
File "/root/GyoiThon/modules/Gyoi_CveExplorerNVD.py", line 66, in __init__
self.df_vuln_db = self.initialize_vuln_db()
File "/root/GyoiThon/modules/Gyoi_CveExplorerNVD.py", line 282, in initialize_vuln_db
df_vuln_db = pd.read_csv(self.nvd_path, sep=',', encoding='utf-8')
File "/usr/local/lib/python3.7/dist-packages/pandas/io/parsers.py", line 702, in parser_f
return _read(filepath_or_buffer, kwds)
File "/usr/local/lib/python3.7/dist-packages/pandas/io/parsers.py", line 429, in _read
parser = TextFileReader(filepath_or_buffer, **kwds)
File "/usr/local/lib/python3.7/dist-packages/pandas/io/parsers.py", line 895, in __init__
self._make_engine(self.engine)
File "/usr/local/lib/python3.7/dist-packages/pandas/io/parsers.py", line 1122, in _make_engine
self._engine = CParserWrapper(self.f, **self.options)
File "/usr/local/lib/python3.7/dist-packages/pandas/io/parsers.py", line 1853, in __init__
self._reader = parsers.TextReader(src, **kwds)
File "pandas/_libs/parsers.pyx", line 387, in pandas._libs.parsers.TextReader.__cinit__
File "pandas/_libs/parsers.pyx", line 705, in pandas._libs.parsers.TextReader._setup_parser_source
FileNotFoundError: [Errno 2] File b'/root/GyoiThon/modules/vuln_db/vulns_nvd.csv' does not exist: b'/root/GyoiThon/modules/vuln_db/vulns_nvd.csv'
root@kali:/opt/GyoiThon# python gyoithon.py
Traceback (most recent call last):
File "gyoithon.py", line 14, in
from modules.Gyoi_CloudChecker import CloudChecker
ImportError: No module named modules.Gyoi_CloudChecker
root@lolicen:/opt/GyoiThon# pip3 install modules.Gyoi_CloudChecker
Collecting modules.Gyoi_CloudChecker
Could not find a version that satisfies the requirement modules.Gyoi_CloudChecker (from versions: )
No matching distribution found for modules.Gyoi_CloudChecker
Hi,
During my installation "No module named configparser" appears, as shown below. Can you let me know what could be the issue?
Traceback (most recent call last):
File "gyoithon.py", line 10, in
import configparser
ImportError: No module named configparser
[] Exception: HTTP Error 400: Bad Request
[] Exception: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)>
Traceback (most recent call last):
File "gyoithon.py", line 228, in
products = classifier.analyzer(ip_list[idx], int(port_list[idx]), ip_list[idx])
File "./classifier4gyoithon/GyoiClassifier.py", line 95, in analyzer
logfile_path = os.path.join(self.root_path, df_selected_summary.at[0, 'log'])
File "/usr/local/lib/python3.6/dist-packages/pandas/core/indexing.py", line 1869, in getitem
return self.obj._get_value(*key, takeable=self._takeable)
File "/usr/local/lib/python3.6/dist-packages/pandas/core/frame.py", line 1985, in _get_value
return engine.get_value(series._values, index)
File "pandas/_libs/index.pyx", line 83, in pandas._libs.index.IndexEngine.get_value
File "pandas/_libs/index.pyx", line 91, in pandas._libs.index.IndexEngine.get_value
File "pandas/_libs/index.pyx", line 139, in pandas._libs.index.IndexEngine.get_loc
File "pandas/_libs/hashtable_class_helper.pxi", line 811, in pandas._libs.hashtable.Int64HashTable.get_item
File "pandas/_libs/hashtable_class_helper.pxi", line 817, in pandas._libs.hashtable.Int64HashTable.get_item
KeyError: 0
By the way script is not compatible with python2.7 so i used python3.6. You need to adjust the script and ssl support according to that.
I see the new function "CVE" detect but README.md has not been updated.
the tool get stacked after executing python3 gyoithon.py
no dispaly except the cursor blinking
HI, I get the following error when loading the exploit tree and seem to happen at any random point.
[] 643/1242 exploit:unix/webapp/piwik_superuser_plugin_upload, targets:1
[] 644/1242 exploit:unix/webapp/projectpier_upload_exec, targets:2
[*] 645/1242 exploit:unix/webapp/projectsend_upload_exec, targets:1
Traceback (most recent call last):
File "gyoithon.py", line 484, in
'path': path_list[idx].replace('/', '')})
File "/root/APPS/GyoiThon/modules/Gyoi_Exploit.py", line 437, in exploit
exploit_tree = self.get_exploit_tree(all_exploit_list)
File "/root/APPS/GyoiThon/modules/Gyoi_Exploit.py", line 298, in get_exploit_tree
ret = self.client.send_command(self.console_id, show_cmd, False)
File "/root/APPS/GyoiThon/modules/Gyoi_Exploit.py", line 70, in send_command
_ = self.call('console.write', [console_id, command])
File "/root/APPS/GyoiThon/modules/Gyoi_Exploit.py", line 54, in call
resp = self.client.getresponse()
File "/usr/lib/python3.7/http/client.py", line 1321, in getresponse
response.begin()
File "/usr/lib/python3.7/http/client.py", line 296, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.7/http/client.py", line 265, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response
Installing python3-urllib3 package through Dockerfile fixed the urllib3 error but there is now another error.
I am testing the drupal sql injection vulnerability in https://hub.docker.com/r/raesene/bwapp/
$ sudo docker run -v $PWD/host.txt:/opt/gyiothon/host.txt gyoithon
Starting PostgreSQL 10 database server: main.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 141 100 141 0 0 28200 0 --:--:-- --:--:-- --:--:-- 28200
ranking 3
product : heartcore
probability : 3.4483 %
reason : too few features..
[+] done GyoiClassifier.py
[+] Get exploit list.
[] Loading exploit list from local file: /opt/gyiothon/classifier4gyoithon/data/exploit_list.csv
[+] Get exploit tree.
[] Loading exploit tree from local file: /opt/gyiothon/classifier4gyoithon/data/exploit_tree.json
[+] Get exploit list.
[] Loading exploit list from local file: /opt/gyiothon/classifier4gyoithon/data/exploit_list.csv
[+] Get exploit tree.
[] Loading exploit tree from local file: /opt/gyiothon/classifier4gyoithon/data/exploit_tree.json
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: generic/custom, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: generic/shell_bind_tcp, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: generic/shell_reverse_tcp, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/bind_perl, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/bind_perl_ipv6, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/bind_php, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/bind_php_ipv6, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/download_exec, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/exec, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/meterpreter/bind_tcp, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/meterpreter/bind_tcp_ipv6, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/meterpreter/bind_tcp_ipv6_uuid, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/meterpreter/bind_tcp_uuid, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/meterpreter/reverse_tcp, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/meterpreter/reverse_tcp_uuid, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/meterpreter_reverse_tcp, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/reverse_perl, result: failure
[] exploit/multi/http/joomla_http_header_rce, target: 0, payload: php/reverse_php, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: generic/custom, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: generic/shell_bind_tcp, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: generic/shell_reverse_tcp, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/bind_perl, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/bind_perl_ipv6, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/bind_php, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/bind_php_ipv6, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/download_exec, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/exec, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/meterpreter/bind_tcp, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/meterpreter/bind_tcp_ipv6, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/meterpreter/bind_tcp_ipv6_uuid, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/meterpreter/bind_tcp_uuid, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/meterpreter/reverse_tcp, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/meterpreter/reverse_tcp_uuid, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/meterpreter_reverse_tcp, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/reverse_perl, result: failure
[] exploit/unix/webapp/joomla_akeeba_unserialize, target: 0, payload: php/reverse_php, result: failure
Traceback (most recent call last):
File "/opt/gyiothon/gyoithon.py", line 240, in
metasploit.exploit({'ip': ip_list[idx], 'port': int(port_list[idx]), 'prod_name': product})
File "./classifier4gyoithon/GyoiExploit.py", line 434, in exploit
option = self.set_options(target_ip, target_port, exploit_module[8:], payload, exploit_tree)
File "./classifier4gyoithon/GyoiExploit.py", line 383, in set_options
options = exploit_tree[exploit]['options']
KeyError: 'unix/webapp/joomla_comfields_sqli_rce'
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.