Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zaproxy not sending notifications to seccubus gui #541

Open
amware opened this issue Aug 29, 2017 · 3 comments
Open

zaproxy not sending notifications to seccubus gui #541

amware opened this issue Aug 29, 2017 · 3 comments
Labels
bug

Comments

@amware
Copy link

amware commented Aug 29, 2017

$ bin/do-scan --workspace xxxx --scan yyyy
Starting scan 'xxxx' from workspace 'yyyy'
Sending notifications for scan start...
0 notification(s) sent
cmd: /opt/seccubus/scanners/ZAP/scan --workspace 'xxxx' --scan 'yyyy' -o "" -p /usr/share/owasp-zap/zap.jar --hosts https://xyz -v
Hosts file specified https://xyz
ZAP found in /usr/share/owasp-zap/zap.jar
ZAP options: -quickurl 'https://xyz' -quickout '/tmp/seccubus.4860' -cmd
Timestamp = 20170829124854
Execuing cd /usr/share/owasp-zap/; java -Xmx512m -XX:PermSize=512M -jar zap.jar -quickurl 'https://xyz' -quickout '/tmp/seccubus.4860' -cmd
OpenJDK 64-Bit Server VM warning: ignoring option PermSize=512M; support was removed in 8.0
Writing results to /tmp/seccubus.4860
Scanning done, converting .xml to ivil
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value $key in hash element at /usr/share/perl5/XML/Simple.pm line 1290.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value $key in hash element at /usr/share/perl5/XML/Simple.pm line 1290.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value $key in hash element at /usr/share/perl5/XML/Simple.pm line 1290.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value $key in hash element at /usr/share/perl5/XML/Simple.pm line 1290.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value $key in hash element at /usr/share/perl5/XML/Simple.pm line 1290.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value $key in hash element at /usr/share/perl5/XML/Simple.pm line 1290.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value $key in hash element at /usr/share/perl5/XML/Simple.pm line 1290.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value in join or string at /usr/share/perl5/XML/Simple.pm line 1284.
Use of uninitialized value $key in hash element at /usr/share/perl5/XML/Simple.pm line 1290.
Can't use string ("

A cookie has been set without"...) as a HASH ref while "strict refs" in use at /opt/seccubus/bin/zap2ivil line 151.
Importing ivil

no element found at line 21, column 0, byte 479 at /usr/lib/x86_64-linux-gnu/perl5/5.22/XML/Parser.pm line 187.
XML::Simple called at lib/Seccubus/IVIL.pm line 103.
Sending notifications for scan end...
0 notification(s) sent
Scanning done, converting .xml to ivil
Importing ivil

Done
@Burrch3s
Copy link

Burrch3s commented Dec 28, 2017
edited

If you are still having issues with this, look at issue #556. I believe that is the problem. I had this exact thing happen to me, but if you look at 556 you will see my explanation of never reporting it.

@MrSeccubus
Copy link
Member

Would it be possible for you to attach the xml file?
If you run do-scan with --nodelete it should remain in /tmp.

@MrSeccubus MrSeccubus added the bug label Dec 28, 2017
@Burrch3s
Copy link

Burrch3s commented Dec 31, 2017
edited

Had some free time, so I installed Seccubus-2.46 and got it running. I ran zap against my local seccubus web interface to produce the files. 'seccubus_before' and 'seccubus_before.ivil.xml' were the generated files without the changes from #556. Performing the changes mentioned in the issue result in 'seccubs.PID' and 'seccubus.PID.ivil.xml' and as you'll see the created ivil formatted xml will have issues found actually being populated from the original .xml file. But, certain areas within findings are still not parsed correctly, leaving areas like 'URL' or 'Vulnerable Parameter' blank. It will just take some tweaking of how zap2ivil accesses the XML report to fill in those last spots on the IVIL report.
files.zip

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MrSeccubus @amware @Burrch3s