iustin24 / chameleon Goto Github PK

Running this on Ubuntu on WSL i get this error:

thread 'main' panicked at 'called Result::unwrap() on an Err value: Chrome launched, but didn't give us a WebSocket URL before we timed out', /cargo/git/checkouts/wappalyzer-e32a3fb79f4ccad3/2c102ca/src/lib.rs:98:10
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

Hi,
In my ubuntu VPS, my installation failed. The below error msg given

error: failed to compile `chameleon v1.0.0 (https://github.com/iustin24/chameleon#3836b280)`, intermediate artifacts can be found at `/tmp/cargo-installpD993V`

Any suggestion for this?
Thank you

When trying the script and using the -a parameter it crashes and gives this

thread 'main' panicked at 'called Result::unwrap() on an Err value: Permission denied (os error 13)', /cargo/git/checkouts/wappalyzer-e32a3fb79f4ccad3/fb82bb4/src/lib.rs:98:10
stack backtrace:
note: Some details are omitted, run with RUST_BACKTRACE=full for a verbose backtrace.

Well I'm Windows user so idk anything about linux, now installed linux and face sudo: chameleon: command not found or bash chameleon: command not found. Any advice? I can't find anything useful/fix this problam on internet.

Hi iustin24,
Thanks for this tool !

Would it be possible to add an option to specify the HTTP verbs to use ? By default GET is used but I think it would be nice to have an option to use other verbs like POST.

Regards

any plans to add windows release??

Hi, one more issue,

Tech detect seems to be hanging,

root@system:~# chameleon  -u http://testphp.vulnweb.com/  -a 
Started scanning http://testphp.vulnweb.com/

Will not proceed and will remain in that state. A debug flag will be useful as well as a proxy flag where one could pass the traffic from a proxy server to check on the requests.

Regards,
Nicolas

timeout option and random user agent feature requested i would love to see those

Hi, I have run into an issue launching chameleon with tech scan.

command: chameleon -u http://testphp.vulnweb.com/ -a

error: "/root/.local/share/headless-chrome/linux-634997.zip"
thread 'main' panicked at 'called Result::unwrap() on an Err value: Chrome launched, but didn't give us a WebSocket URL before we timed out', /cargo/git/checkouts/wappalyzer-e32a3fb79f4ccad3/fb82bb4/src/lib.rs:98:10
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

running apt-get install libxss1 doesn't seem to fix the issue.

thread 'main' panicked at 'called Option::unwrap() on a None value', /cargo/git/checkouts/wappalyzer-e32a3fb79f4ccad3/fb82bb4/src/lib.rs:117:39
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

I have tried to install using the cargo command, but I'm getting the following error.

 Updating crates.io index
    Updating git repository `https://github.com/iustin24/wappalyzer?`
warning: spurious network error (2 tries remaining): remote error: 
   is not a valid repository name
  Visit https://support.github.com/ for help; class=Net (12)
warning: spurious network error (1 tries remaining): remote error: 
   is not a valid repository name
  Visit https://support.github.com/ for help; class=Net (12)
error: failed to get `wappalyzer` as a dependency of package `chameleon v1.0.0 (/Users/MyPC/Desktop/repos/chameleon)`

Caused by:
  failed to load source for dependency `wappalyzer`

Caused by:
  Unable to update https://github.com/iustin24/wappalyzer?

Caused by:
  failed to fetch into: /Users/MyPC/.cargo/git/db/wappalyzer-a6d6b1650e8a48b0

Caused by:
  failed to authenticate when downloading repository: [email protected]:iustin24/wappalyzer?

  * attempted ssh-agent authentication, but no usernames succeeded: `git`

  if the git CLI succeeds then `net.git-fetch-with-cli` may help here
  https://doc.rust-lang.org/cargo/reference/config.html#netgit-fetch-with-cli

Caused by:
  remote error: 
     is not a valid repository name
    Visit https://support.github.com/ for help; class=Net (12)

chameleon -u https://www.example.com:443 --json will not output json

Detected Technology - Node.js ( /home/kali/.config/chameleon/wordlists/Nodejs.txt )

thread 'main' panicked at 'Unable to read wordlist.: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/main.rs:83:30
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Creating a dummy file at /home/kali/.config/chameleon/wordlists/Nodejs.txt fixes the issue.

Hi,

Apologies I was just trying the latest release which will correctly identify the tech but it will produce a list result as follows:

root@system# chameleon  -u http://testphp.vulnweb.com/ -a
Started scanning http://testphp.vulnweb.com/

Detected Technology - Nginx ( /user/.config/chameleon/wordlists/nginx.txt )

Detected Technology - PHP ( /user/.config/chameleon/wordlists/PHP.txt )

Generating wordlist using supplied small wordlist and extensions: php

Started bruteforcing http://testphp.vulnweb.com/ with 77312 paths
400  -     157B - http://testphp.vulnweb.com/payments.%EXT%.php 
200  -    4958B - http://testphp.vulnweb.com/index.php/login/.php 
400  -     157B - http://testphp.vulnweb.com/admin_pmmaint.%EXT%.php 
400  -     157B - http://testphp.vulnweb.com/poll.%EXT%.php 
403  -     276B - http://testphp.vulnweb.com/cgi-bin 
400  -     157B - http://testphp.vulnweb.com/_myadmin.%EXT%.php 
400  -     157B - http://testphp.vulnweb.com/admin_deletecat.%EXT%.php 
400  -     157B - http://testphp.vulnweb.com/main.%EXT%.php 
400  -     157B - http://testphp.vulnweb.com/classadmin.%EXT%.php 
400  -     157B - http://testphp.vulnweb.com/admina.%EXT%.php 
400  -     157B - http://testphp.vulnweb.com/admin_tdet.%EXT%.php 
400  -     157B - http://testphp.vulnweb.com/handler.%EXT%.php 
400  -     157B - http://testphp.vulnweb.com/adminnav.%EXT%.php 
400  -     157B - http://testphp.vulnweb.com/projects.%EXT%.php 
400  -     157B - http://testphp.vulnweb.com/Version.%EXT%.php 
400  -     157B - http://testphp.vulnweb.com/shipping.%EXT%.php 
400  -     157B - http://testphp.vulnweb.com/admin_bans.%EXT%.php 

The %EXT% is added on the path, is there a flag existing to handle this case ?

Regards,
Nicolas

after i finished installing chameleon, i tried opening it by using the command "chameleon --help" but it failed to open, it displayed bash command not found.
NB: im on MacBook Air (13-inch, 2017)
thanks

chameleon -u http://testphp.vulnweb.com/ -a

While running the basic command, I encountered this issue

thread 'main' panicked at 'called Result::unwrap() on an Err value: Chrome launched, but didn't give us a WebSocket URL before we timed out', /cargo/git/checkouts/wappalyzer-e32a3fb79f4ccad3/2c102ca/src/lib.rs:98:10
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

I tried to fix it by using this command
sudo apt-get install libxss1

Still the same issue exists.

Hi,

One small feature request, running the application without any parameters should point to help.

root@system:~# chameleon 
thread 'main' panicked at 'No URL supplied.', src/main.rs:31:14
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Regards,
Nicolas

Nice tool!
but i keep getting this error while on vpn only. ( must be a timeout thing)

Chameleon has been great so far, awesome work! Was hoping we could add the ability to output results to a file in JSON/TXT formats for parsing by other tools. Is this something on your roadmap? Ideally the JSON output file would support the -L flag when targeting multiple URLs as well.

Let me know if I can help at all. Thanks!