-
Notifications
You must be signed in to change notification settings - Fork 309
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'panic' error #463
Comments
Huh, I didn’t even realize there was a Specifying zgrab2/modules/http/scanner.go Line 86 in 6cdc779
That is passed along here: zgrab2/modules/http/scanner.go Line 460 in 6cdc779
I’ll take a look and add a little more detail, I’m on mobile so I can’t look at all of the code at once very easily The Line 205 in 6cdc779
That causes a member of the Line 1136 in 6cdc779
That tee is set here: Line 1035 in 6cdc779
Line 1146 in 6cdc779
I wonder if in some case, the I’ll have to look more at a computer, but it may be as simple as a missing write into the |
Can you elaborate a little on what is at 192.168.20.1? And can you confirm you're using a build from the master branch of git? I'm trying to reproduce but haven't been able to do so on a few randomly chosen web servers |
Or, even better, if you can reproduce it with plaintext HTTP and provide a packet capture, that would be best (@Yulian83 ) |
Here is a set of commands from my installation script |
I see, thanks for those details I wouldn't expect the location of the service (VM, LAN, local, WAN) to be all that important for this case- I think what is most important is how the service on the target behaves and what the response looks like. I'm assuming they are different HTTP implementations, which could be a major factor. My main interest is in reproducing the issue on my system Do you see any additional output when adding |
If you can attach output from --debug or pipe it through a TLS terminating proxy (such as BurpSuite) and attach the request/response, I will take a deeper look and try to reproduce/diagnose/propose a fix Unfortunately, I'm not comfortable proposing any changes to the code until I'm able to reproduce the issue. And I'm not strong enough in golang to confidently diagnose the issue via only static analysis |
An error occurs when entering the following command
echo '192.168.20.1' | zgrab2 http --raw-headers --max-redirects=10 --with-body-size --use-https --port=443
And the error itself looks like this:
At the same time, when I remove the --raw-headers flag, or scan regular http with this flag, the error disappears
echo '192.168.20.1' | zgrab2 http --max-redirects=10 --with-body-size --use-https --port=443
echo '192.168.20.9' | zgrab2 http --raw-headers --max-redirects=10 --with-body-size --port=80 | jq
OS: Ubuntu 22.0.4
Go version: go1.22.2 linux/amd64
The text was updated successfully, but these errors were encountered: