Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing dependency #168

Closed
righettod opened this issue Oct 24, 2022 · 2 comments
Closed

Missing dependency #168

righettod opened this issue Oct 24, 2022 · 2 comments
Assignees
@sandrogauci @0xInfection

Comments

@righettod
Copy link

righettod commented Oct 24, 2022
edited

Describe the bug

When running the last version of wafw00f then the following error occur: pkg_resources.DistributionNotFound: The 'pluginbase' distribution was not found and is required by wafw00f.

To Reproduce

Just install tool and run it with wafw00f [target].

Expected behavior

No error and normal processing of wafw00f.

Screenshots

image

Desktop (please complete the following information):

  • OS: Linux.
  • OS version, distribution: Kali docker rolling image.
  • Python version: 3.10.7.

Debug output

$ wafw00f -vv righettod.eu
Traceback (most recent call last):
  File "/usr/local/bin/wafw00f", line 4, in <module>
    __import__('pkg_resources').run_script('wafw00f==2.2.0', 'wafw00f')
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3260, in <module>
    def _initialize_master_working_set():
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3234, in _call_aside
    f(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3272, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 581, in _build_master
    ws.require(__requires__)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 909, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 795, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'pluginbase' distribution was not found and is required by wafw00f

Additional context

Fix found here: pip3 install pluginbase

Thank you very much your tool ❤

Thank you very much in advance for your feedback 😃
@sandrogauci
Copy link
Member

Hi there - thanks for the kind words!

I wasn't able to reproduce the issue on the Kali docker rolling image.

This is what I did:

┌──(root㉿8fdcd133af09)-[/]                                                                               
└─# apt update && apt install wafw00f                                                                     
Get:1 http://ftp.halifax.rwth-aachen.de/kali kali-rolling InRelease [30.6 kB]                                                                                                                                        
Get:2 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 Packages [18.7 MB]                   
Get:3 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/non-free amd64 Packages [234 kB]                
Get:4 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/contrib amd64 Packages [111 kB]                                                                                                                            
Fetched 19.1 MB in 2s (7897 kB/s)                                                                                                                                                                                    
Reading package lists... Done                                                                                                                                                                                        
Building dependency tree... Done                                                                                                                                                                                     
Reading state information... Done                                                                         
2 packages can be upgraded. Run 'apt list --upgradable' to see them.                                                                                                                                                 
Reading package lists... Done                                                                             
Building dependency tree... Done                                                                                                                                                                                     
Reading state information... Done                                                                                                                                                                                    
The following additional packages will be installed:                                                      
  ca-certificates krb5-locales libexpat1 libgpm2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libmpdec3 libncursesw6 libnsl2 libpython3-stdlib libpython3.10-minimal libpython3.10-stdlib
  libreadline8 libsqlite3-0 libssl3 libtirpc-common libtirpc3 media-types openssl python3 python3-certifi python3-chardet python3-charset-normalizer python3-idna python3-minimal python3-pkg-resources
  python3-pluginbase python3-requests python3-six python3-urllib3 python3.10 python3.10-minimal readline-common
Suggested packages:                                                                                       
  gpm krb5-doc krb5-user python3-doc python3-tk python3-venv python3-setuptools python3-cryptography python3-openssl python3-socks python-requests-doc python3-brotli python3.10-venv python3.10-doc binutils
  binfmt-support readline-doc                                                                             
The following NEW packages will be installed:                                                             
  ca-certificates krb5-locales libexpat1 libgpm2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libmpdec3 libncursesw6 libnsl2 libpython3-stdlib libpython3.10-minimal libpython3.10-stdlib
  libreadline8 libsqlite3-0 libssl3 libtirpc-common libtirpc3 media-types openssl python3 python3-certifi python3-chardet python3-charset-normalizer python3-idna python3-minimal python3-pkg-resources
  python3-pluginbase python3-requests python3-six python3-urllib3 python3.10 python3.10-minimal readline-common wafw00f
0 upgraded, 37 newly installed, 0 to remove and 2 not upgraded.
Need to get 11.9 MB of archives.
After this operation, 39.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 libssl3 amd64 3.0.5-4 [2031 kB]
Get:2 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 libpython3.10-minimal amd64 3.10.7-2 [828 kB]
Get:3 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 libexpat1 amd64 2.4.9-1 [105 kB]
Get:4 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 python3.10-minimal amd64 3.10.7-2 [1994 kB]
Get:5 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 python3-minimal amd64 3.10.6-1 [38.7 kB]
Get:6 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 media-types all 8.0.0 [33.4 kB]
Get:7 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 libmpdec3 amd64 2.5.1-2 [87.8 kB]
Get:8 http://http.kali.org/kali kali-rolling/main amd64 libncursesw6 amd64 6.3+20220423-2 [133 kB]
Get:9 http://http.kali.org/kali kali-rolling/main amd64 libkrb5support0 amd64 1.20-1+b1 [32.2 kB]
...
Setting up wafw00f (2.2.0-1) ...                                                                          
Processing triggers for libc-bin (2.35-3) ...                                                                                                                                                                        
Processing triggers for ca-certificates (20211016) ...                                                                                                                                                               
Updating certificates in /etc/ssl/certs...                                                                                                                                                                           
0 added, 0 removed; done.                                                                                 
Running hooks in /etc/ca-certificates/update.d...                                                         
done.

Then:

┌──(root㉿8fdcd133af09)-[/]                                                                               
└─# wafw00f -vv righettod.eu                                                                                                                                                                                         
                                                                                                          
                ______                                                                                                                                                                                               
               /      \                                                                                                                                                                                              
              (  W00f! )                                                                                  
               \  ____/                                                                                   
               ,,    __            404 Hack Not Found                                                     
           |`-.__   / /                      __     __                                                    
           /"  _/  /_/                       \ \   / /                                                    
          *===*    /                          \ \_/ /  405 Not Allowed                                    
         /     )__//                           \   /                                                      
    /|  /     /---`                        403 Forbidden                                                  
    \\/`   \ |                                 / _ \                                                      
    `\    /_\\_              502 Bad Gateway  / / \ \  500 Internal Error                                 
      `_____``-`                             /_/   \_\                                                    
                                                                                                          
                        ~ WAFW00F : v2.2.0 ~                                                              
        The Web Application Firewall Fingerprinting Toolkit                                               
                                                                                                                                                                                                                     
INFO:wafw00f:The url righettod.eu should start with http:// or https:// .. fixing (might make this unusable)                                                                                                         
[*] Checking https://righettod.eu                                                                                                                                                                                    
INFO:wafw00f:starting wafw00f on https://righettod.eu                                                     
INFO:wafw00f:Request Succeeded
...
INFO:wafw00f:Identified WAF: []                                                                           
[+] Generic Detection results:                                                                            
INFO:wafw00f:Request Succeeded                                                                            
INFO:wafw00f:Request Succeeded                                                                            
INFO:wafw00f:Request Succeeded                   
INFO:wafw00f:Server returned a different response when a XSS attack vector was tried.                     
INFO:wafw00f:Generic Detection: The server returns a different response code when an attack string is used.
Normal response code is "200", while the response code to cross-site scripting attack is "403"            
[*] The site https://righettod.eu seems to be behind a WAF or some sort of security solution
[~] Reason: The server returns a different response code when an attack string is used.
Normal response code is "200", while the response code to cross-site scripting attack is "403"            
[~] Number of requests: 5                                                                                 
INFO:wafw00f:Found: 1 matches.

Closing the issue.

Do add a comment and reopen if you can still reproduce the issue.

Do note that we do not maintain the packages for Kali so since what you're facing seems to be a dependency issue, it might need to be fixed there.

But here's a tip - might it be that you're using an outdated docker image that references broken packages?

@righettod
Copy link
Author

OK thank you very much for the quick feedback.

I will prefer the installation via apt instead of git clone the master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sandrogauci sandrogauci

@0xInfection 0xInfection

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sandrogauci @righettod @0xInfection