ullaakut / gorsair Goto Github PK

Hello,

I tried installing the tool on my MacBook and I got this err cmd/gorsair.go:68:18: assignment mismatch: 2 variables but scanner.Run returns 3 values. I looked at the code block and noticed the potential issue:

	results, err := scanner.Run()
	if err != nil {
		fmt.Println(err)
		os.Exit(1)
	}

I changed it to handle 3 outputs. I am only creating it here rather than a pool request bc I wasn't sure if it would break anything

	results, _, err := scanner.Run()
	if err != nil {
		fmt.Println(err)
		os.Exit(1)
	}

检测到 Ullaakut/Gorsair 一共引入了191个开源组件，存在7个漏洞

漏洞标题：Docker 路径遍历漏洞
缺陷组件：github.com/docker/[email protected]
漏洞编号：CVE-2014-9356
漏洞描述：Docker是美国Docker公司的一款开源的应用容器引擎。该产品支持在Linux系统上创建一个容器（轻量级虚拟机）并部署和运行应用程序，以及通过配置文件实现应用程序的自动化安装、部署和升级。
Docker 1.3.3之前版本中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
影响范围：(∞, 1.3.3)
最小修复版本：1.3.3
缺陷组件引入路径：main@->github.com/docker/[email protected]

另外还有7个漏洞，详细报告：https://mofeisec.com/jr?p=ae8c99

Integrating Disgo will make the code clearer.

• Add Dockerfile
• Upload to DockerHub
• Add DockerHub build hook

• Add option for idle scanning through a zombie host
• Add option for passing a proxy during nmap scan
• Add option for IP spoofing
• Add option for MAC spoofing
• Add option for cloaking scan using decoys
• Add option to specify network interface

Dependabot couldn't parse the go.mod found at /go.mod.

The error Dependabot encountered was:

go: github.com/spf13/[email protected] requires
	gopkg.in/[email protected] requires
	gopkg.in/[email protected]: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /opt/go/gopath/pkg/mod/cache/vcs/9241c28341fcedca6a799ab7a465dd6924dc5d94044cbfabb75778817250adfc: exit status 128:
	error: RPC failed; curl 18 transfer closed with outstanding read data remaining
	fatal: The remote end hung up unexpectedly
	fatal: early EOF
	fatal: index-pack failed

View the update logs.

Vulnerable docker API found:
Endpoint address: xx.xxxx.xxxx.xxxx
Endpoint API port: 2376
Docker version: UNKNOWN
Docker API was unreachable: Get http://xxxx.xxx.xxx.xxxx:2376/v1.39/info: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02".

• Are you trying to connect to a TLS-enabled daemon without TLS?

Any setting to remediate this? I saw in this article need to set the environment to enable TLS for client
https://tech.paulcz.net/blog/secure-docker-with-tls/

Currently, the user is given commands to run themselves. It would be better to:

• Exploit the docker socket using the docker library in order to gather more precise information on the system (what is available through docker info, docker ps -a and docker images for example.)
• Attempt to gain root access for the user and open an interactive terminal on the container within gorsair

my docker api version is 1.37 ,Echo is Docker API was unreachable: Error response from daemon: client version 1.39 is too new. Maximum supported API version is 1.37 ;Docker API was unreachable:error during connect: Get "http://00:0C:29:C6:5D:36:2375/v1.39/info": dial tcp: lookup 00:0C:29:C6:5D:36: no such host

Hello,

When I run "go install" I'm receiving the following error.

can't load package: package github.com/Ullaakut/Gorsair: unknown import path "github.com/Ullaakut/Gorsair": cannot find module providing package github.com/Ullaakut/Gorsair

Dependabot can't resolve your Go dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

Cannot detect VCS for gopkg.in/alecthomas/kingpin.v3-unstable. Attempted to detect VCS because the version looks like a git revision: v3.0.0-20180810215634-df19058c872c

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

View the update logs.

Dependabot couldn't parse the go.mod found at /go.mod.

The error Dependabot encountered was:

go: github.com/spf13/[email protected] requires
	github.com/grpc-ecosystem/[email protected] requires
	gopkg.in/[email protected]: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /opt/go/gopath/pkg/mod/cache/vcs/748bced43cf7672b862fbc52430e98581510f4f2c34fb30c0064b7102a68ae2c: exit status 128:
	fatal: The remote end hung up unexpectedly

View the update logs.

• Add travisCI config file
• Add this repo in enabled travis repositories
• Hopefully TravisCI has a go version that supports go modules

After I run:
curl https://github.com/Ullaakut/Gorsair/releases/download/1.1.0/gorsair_linux_amd64 --output /usr/local/bin/gorsair

and chmod 777 /usr/local/bin/gorsair.

I run gorsair and I get an error:

/usr/local/bin/gorsair: line 1: syntax error near unexpected token `<'
/usr/local/bin/gorsair: line 1: `<html><body>You are being <a href="https://github-production-release-asset-2e65be.s3.amazonaws.com/143321747/f74b3900-2d70-11e9-8129-9506787cd596?X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190214%2Fus-east-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20190214T143347Z&amp;X-Amz-Expires=300&amp;X-Amz-Signature=0783c1cf5b49ae9ce92c677a923efa3f613060f1d9e67719f35d4e5801a33c4f&amp;X-Amz-SignedHeaders=host&amp;actor_id=0&amp;response-content-disposition=attachment%3B%20filename%3Dgorsair_linux_amd64&amp;response-content-type=application%2Foctet-stream">redirected</a>.</body></html>'

It seems that the command you mentioned on the main page doesn't download the file correctly.