superhedgy / attacksurfacemapper Goto Github PK

Hello I'm trying to use this tool but I get this error message when I try to use it:

[*] Error: Could not authenticate to LinkedIn. cannot use a string pattern on a bytes-like object

Traceback (most recent call last):
  File "asm.py", line 941, in <module>
    main(keychain, sw1, output_path, c1)
  File "asm.py", line 745, in main
    keychain["linkedin_password"], answer2, 0)
  File "/home/username/Projects/Github/OSINT/AttackSurfaceMapper/modules/linkedinner.py", line 93, in get_emails_for_company_name
    cookies['JSESSIONID'] = 'ajax:0397788525211216808'
TypeError: 'NoneType' object does not support item assignment

Is there any chance to add the api into the tool set?

I just ran this tool against my own organization's website, and the results are pretty stupefyingly accurate. However, when it comes to S3 buckets, it found the following:

• allinoneseo.s3.eu-central-1.amazonaws.com
• app.paragonone.com.s3.us-east-2.amazonaws.com
• appstaging.paragonone.com.s3.us-east-2.amazonaws.com
• files.designone.co.uk.s3.eu-west-2.amazonaws.com
• dev.designone.co.uk.s3-eu-west-1.amazonaws.com
• paragonone.com.s3.us-east-2.amazonaws.com
• sianoneill.s3.eu-west-2.amazonaws.com
• nanonets.s3.amazonaws.com
• nationone.s3.amazonaws.com
• nonetorun.s3.amazonaws.com
• testplanone.s3.amazonaws.com
• inonedev.s3.amazonaws.com
• downtownone.s3.amazonaws.com
• pordenonelegge.s3.amazonaws.com
• fashionone.s3.amazonaws.com

We do not use any S3 buckets, so I would have expected this list to be empty. I have never heard of any of these S3 buckets.

The keylists.asm has 2 lines for LinkedIn, the username and password. LinkedIn doesn't have usernames from what I can tell, only your email address. When I give my registered email address and password I still get an error:

"[*] Error: Could not authenticate to LinkedIn. cannot use a string pattern on a bytes-like object"

It seems that the weleakinfo.com domain has been seized by the FBI, is there another site where we could get leaked credentials from and should this module be removed since the site no longer is available?

When running this from a linux box (ive tried ubuntu and kali) the scan just hangs for a couple of minutes then says 'killed'

Also is this supposed to work? I get -ln not valid..
python3 asm.py -t your_site.com -ln -w resources/top100_sublist.txt -o demo_run

[i] Searching Linkedin with Company Name: Company
[DEBUG] Cookie Value

[*] Error: Could not authenticate to LinkedIn. object of type 'NoneType' has no len()

Traceback (most recent call last):
File "asm.py", line 946, in
main(keychain, sw1, output_path, c1)
File "asm.py", line 741, in main
keychain["linkedin_password"], answer2, 0)
File "/mydir/AttackSurfaceMapper/modules/linkedinner.py", line 93, in get_emails_for_company_name
cookies['JSESSIONID'] = 'ajax:0397788525211216808'
TypeError: 'NoneType' object does not support item assignment

python -m pip install --no-cache-dir -r requirements.txt gives the error

Double requirement given: selenium>=3.141.0 (from -r requirements.txt (line 16)) (already in selenium (from -r requirements.txt (line 11)), name='selenium')

Resolved by removing line 11 or 16

Just some friendly feedback but might be a good idea to run flake8 over this code base.

Just looking through it on Github, I'm seeing lots of little Python formatting issues throughout the code; like comma separated arguments without spaces, variables assigned with no spaces between the = sign, too many empty lines in functions, doc strings / function comments outside of the actual function, etc.

E.g.,

# sslGrabber Function
def sslGrabber(resolvedIP,port):
    cert=ssl.get_server_certificate((resolvedIP.address, port))
	x509=OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)

Hi
followed installation instruction as well as requirements.txt
im getting this error during scan
Any suggestions ?
Thanks

Traceback (most recent call last):
  File "/home/tass/Desktop/AttackSurfaceMapper/modules/buckethunter.py", line 43, in passive_query
    if gwf_api["buckets_count"] > 0:
KeyError: 'buckets_count'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "ASM.py", line 890, in <module>
    main(keychain,sw1,output_path,c1)
  File "ASM.py", line 666, in main
    buckethunter.passive_query(target_list[key],keychain["grayhatwarfare"])# Passive
  File "/home/tass/Desktop/AttackSurfaceMapper/modules/buckethunter.py", line 52, in passive_query
    cprint ("error","[*] Error: connecting with GrayHatWarfare API",1)
  File "/home/tass/Desktop/AttackSurfaceMapper/modules/buckethunter.py", line 14, in cprint
    colorama.init()
NameError: name 'colorama' is not defined

Traceback (most recent call last):
File "ASM.py", line 890, in
main(keychain,sw1,output_path,c1)
File "ASM.py", line 623, in main
if (add_target_ip(target_list,line) == False):
File "ASM.py", line 384, in add_target_ip
add_target_domain(list,domain,validated_input)
File "ASM.py", line 356, in add_target_domain
if t.primary_domain in list.keys():
AttributeError: type object 'list' has no attribute 'keys'

A syntax error is in the code, list data structures don't use the keys() method, only dict does.

After leaving it running for several minutes and getting a number of "added target" messages, I get the following traceback:

Traceback (most recent call last):
  File "/home/ojensen/bin/repos/AttackSurfaceMapper/modules/buckethunter.py", line 22, in passive_query
    if gwf_api["buckets_count"] > 0:
KeyError: 'buckets_count'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "ASM.py", line 890, in <module>
    main(keychain,sw1,output_path,c1)
  File "ASM.py", line 666, in main
    buckethunter.passive_query(target_list[key],keychain["grayhatwarfare"])# Passive
  File "/home/ojensen/bin/repos/AttackSurfaceMapper/modules/buckethunter.py", line 31, in passive_query
    cprint ("error","[*] Error: connecting with GrayHatWarfare API",1)
NameError: name 'cprint' is not defined

Working off of commit c5d85fbd9ec9b2d994eb59a402a8523c8ce670cf and with invocation python ASM.py -v -t [domain] using python 3.

Traceback (most recent call last):
File "/home/siphon/AttackSurfaceMapper/modules/buckethunter.py", line 43, in passive_query
if gwf_api["buckets_count"] > 0:
KeyError: 'buckets_count'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "ASM.py", line 890, in
main(keychain,sw1,output_path,c1)
File "ASM.py", line 666, in main
buckethunter.passive_query(target_list[key],keychain["grayhatwarfare"])# Passive
File "/home/siphon/AttackSurfaceMapper/modules/buckethunter.py", line 52, in passive_query
cprint ("error","[*] Error: connecting with GrayHatWarfare API",1)
File "/home/siphon/AttackSurfaceMapper/modules/buckethunter.py", line 14, in cprint
colorama.init()
NameError: name 'colorama' is not defined

I've tried ASM directly in Windows 10, in a Windows 10 VM and in CentOS VM.

Both Windows have given me this error:

The command is just the standard command:
python ASM.py -t DSM.com -ln -o demo_run -w resources/top100_sublist.txt

And yes it should be using python 3.7.3 as I typed python --version and got that.

The documentation/examples in the readme mention the -a option for active checks but this option seems to be missing/removed from the script:

ASM.py: error: unrecognized arguments: -a

Bro, you better check your keylist.asm as it seems that you forgot to delete all of your creds.

in ASM.py, #34 from modules import subhunter
subhunter does not exist in the the modules folder.

Hi Guys, hope all is well
I have recently stepped across this tool and is perfect for automating recon. I must specify that I am a junior analyst, with experience in Bash and Ruby, very little in Python.

The install went well, however, as soon as I attempted to boot the tool, I received this error:

File "asm.py", line 529
print(style + msg, end="")
^
SyntaxError: invalid syntax

I should add that I have experimented with a lot of trial and error regarding this line of code and still can't seem to find the solution... Have now reverted the entire source code back to default and yet still the same error?

I was wandering if I could get any help/suggestion on how to solve this issue, and if it's common for anyone else.

Thanks!

Traceback (most recent call last):
File "asm.py", line 939, in
keyloader(keychain, sw1) # Key Loader
File "asm.py", line 428, in keyloader
keychain[tmp[0]] = tmp[2].replace(""", "")
IndexError: list index out of range

Tried with and without wordlist, different domains.
keys look ok, although couldnt add weleakinfo keys as they are no longer around.

File "asm.py", line 529
print(style + msg, end= "")

Just submitting the issue I found. I also have the fix for it

Hi

I seem to be battling to successfully run the ASM. I have cloned, run installation of the requirements.txt in MacOSx and Kali still getting same error below;
<pre><font color="#EF2929"><b>root@kali</b></font>:<font color="#729FCF"><b>/home/AttackSurfaceMapper</b></font># python3 ASM.py -t bbc.co.uk -ln -o demo_run -w resources/top100_sublist.txt Traceback (most recent call last): File &quot;ASM.py&quot;, line 39, in &lt;module&gt; from modules import urlscanio File &quot;/home/AttackSurfaceMapper/modules/urlscanio.py&quot;, line 8, in &lt;module&gt; import ASM File &quot;/home/AttackSurfaceMapper/ASM.py&quot;, line 41, in &lt;module&gt; from modules import screencapture File &quot;/home/AttackSurfaceMapper/modules/screencapture.py&quot;, line 22, in &lt;module&gt; from selenium import webdriver ModuleNotFoundError: No module named &apos;selenium&apos; </pre>

See log above. Tried installing all modules separately still no success running ASM.py

[*] Error: Could not authenticate to LinkedIn. cannot use a string pattern on a bytes-like object

Traceback (most recent call last):
File "asm.py", line 951, in
main(keychain, sw1, output_path, c1)
File "asm.py", line 756, in main
keychain["linkedin_password"], answer2, 0)
File "/root/AttackSurfaceMapper/modules/linkedinner.py", line 93, in get_emails_for_company_name
cookies['JSESSIONID'] = 'ajax:0397788525211216808'
TypeError: 'NoneType' object does not support item assignment

Had it running, then added all api keys besides linkedin and weleakinf_priv and it is now throwing this error:

Hi,
When trying to use the LinkedInner module in a run I keep getting this error:

`During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/Users/brianrosen/AttackSurfaceMapper/modules/linkedinner.py", line 66, in loadPage
response = client.open(url)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 525, in open
response = self._open(req, data)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 543, in _open
'_open', req)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 503, in _call_chain
result = func(*args)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 1360, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 1319, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)>

[*] Error: Could not authenticate to LinkedIn. object of type 'NoneType' has no len()

Traceback (most recent call last):
File "ASM.py", line 890, in
main(keychain,sw1,output_path,c1)
File "ASM.py", line 708, in main
linkedinner.get_emails_for_company_name(switch,target_list[key],keychain["linkedin_username"],keychain["linkedin_password"],answer2,0)
File "/Users/brianrosen/AttackSurfaceMapper/modules/linkedinner.py", line 83, in get_emails_for_company_name
cookies['JSESSIONID'] = 'ajax:0397788525211216808'
TypeError: 'NoneType' object does not support item assignment`

Thanks for any help!

Could you kindly provide the requirements.txt for installing ?

Thank you

I am getting this error which looks like a pattern in the email dns entries is unexpected. Given the chance of this happening, it seems like this should be caught and allowed to proceed.

launched with args:
--stealth -v -t something.com -o /home/user/ASM-something -f CSV -sc

Traceback (most recent call last):
File "ASM.py", line 890, in
main(keychain,sw1,output_path,c1)
File "ASM.py", line 672, in main
hosthunter.dnslookup(target_list[key]) # Passive
File "/home/user/AttackSurfaceMapper/modules/hosthunter.py", line 96, in dnslookup
if (word[4] == "TXT") and ("v=spf1" in word[5]):
IndexError: list index out of range

selenium is required, but not listed in requirements.txt

After running this overnight because I am trying to use the 100k list, I got this error message due to using the screenshot feature. Yes I did a pip install on selenium.

Command I used was

python3 ASM.py -t url.com -ln -o URL_com -w resources/bitquark_top100k_sublist.txt -sc

url.com and URL_com are sort of sensitive info so I just changed those.