[upstream] cmseek: write error to workdir

[noraj]

$  which cmseek
/bin/cmseek
$ cat /bin/cmseek
#!/bin/sh
cd /usr/share/cmseek
exec python3 cmseek.py "$@"

similar too epinna/weevely3#98

$  cmseek -u http://10.0.0.1/
Traceback (most recent call last):
  File "cmseek.py", line 72, in <module>
    target = cmseek.process_url(s)
  File "/usr/share/cmseek/cmseekdb/basic.py", line 177, in process_url
    init_result_dir(target)
  File "/usr/share/cmseek/cmseekdb/basic.py", line 221, in init_result_dir
    os.makedirs(result_dir)
  File "/usr/lib/python3.7/os.py", line 211, in makedirs
    makedirs(head, exist_ok=exist_ok)
  File "/usr/lib/python3.7/os.py", line 221, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/usr/share/cmseek/Result'

• I have searched open and closed issues for duplicates
• I am submitting a bug report for existing functionality that does not work as intended

---

Bug description

Can't write to privileged directory

Steps to reproduce

launch a scan

Additional info

Upstream issue: Tuhinshubhra/CMSeeK#55

[noraj]

the fix PR is a good practice but doesn't actually fix the problem,

modifying the source code is required:

grep -r 'Result' /usr/share/cmseek
/usr/share/cmseek/cmseekdb/basic.py:    result_dir = cmseek_dir + "/Result/" + url
/usr/share/cmseek/cmseekdb/basic.py:    # Clear Result directory
/usr/share/cmseek/cmseekdb/basic.py:    resdir = cmseek_dir + '/Result'
/usr/share/cmseek/cmseekdb/basic.py:        success('Result directory cleared successfully!')
/usr/share/cmseek/cmseekdb/basic.py:        warning('Results directory not found!')
/usr/share/cmseek/cmseekdb/basic.py:        brute_result = "### CMSeeK Bruteforce Result\n\n\nSite: " + url + "\n\nLogin URL: " + adminurl + "\n\nUsername: " + username + "\n\nPassword: " + password
/usr/share/cmseek/cmseekdb/core.py:            cmseek.banner("CMS Scan Results")
/usr/share/cmseek/cmseekdb/core.py:            cmseek.banner("CMS Scan Results")
/usr/share/cmseek/cmseekdb/result.py:    print(' ┃\n ┠── Result: ' + cmseek.bold + cmseek.fgreen + log_file + cmseek.cln)
/usr/share/cmseek/deepscans/joom/init.py:    cmseek.banner("Deep Scan Results")
/usr/share/cmseek/deepscans/wp/init.py:        ### Deep Scan Results comes here
/usr/share/cmseek/deepscans/wp/init.py:        cmseek.banner("Deep Scan Results")

[Edu4rdSHL]

That's expected because you're working unser /usr/share, please run the tool as root.

[noraj]

@Edu4rdSHL Yeah i know this is intended, but running this tool as root is not right, the tool doesn't need root and running all tools as root is a bad practice.
Maybe I misspoke, I meant that we need to wait for Tuhinshubhra/CMSeeK#55 to be fixed and then update the PKGBUILD.
So can you re-open the issue to track that?

[Edu4rdSHL]

The problem is that it isn't a BlackArch issue, it's a upstream issue, to reopen it I'm going to modify the issue name and adding a label for upstream issues.

[noraj]

@noptrix #2245 was only fixing a part, for a true fix we need to wait from upstream Tuhinshubhra/CMSeeK#55. Please re-open

[Edu4rdSHL]

It should be fixed when https://github.com/Tuhinshubhra/CMSeeK/pull/58/files is merged.

[noraj]

@Edu4rdSHL upstream merged.

[noraj]

$ cmseek -u http://10.x.x.x/
[i] Updating CMSeeK result index...
[x] Result directory does not exist!
There was an error while creating result index! Some features might not work as intended. Press [ENTER] to continue