Can't parse Masscan XML #238
Comments
|
So, this should be working. The one scenario I've seen this issue arise is when it parses XML output, but there's no webservers in it, EieWitness will throw this error (as if there is no file vs. there just aren't any web servers within the XML file. Can you validate there are active web servers within the XML scan? |
|
I actually just added in a check, where EyeWitness will now parse the XML file, and if it doesn't find any active web servers within it, then it alerts you that that is the issue. Now, if you can validate there are active web servers, and EyeWitness is missing it, then that's a different issue and would love to know if that's the case. But hopefully this will help at least eliminate this as being a problem. |
|
Chris, Thanks for the quick turnaround. There are no banners that say "http" however there are several hosts with 80 and 443 open in the file. Here's an excerpt from the xml: S |
|
Any way that you’d be able to e-mail me that XML file so that I can look
into it later?
…-----------------------------------------------------------------------------------------
Christopher Truncer
@ChrisTruncer <http://www.twitter.com/christruncer>
On December 21, 2016 at 7:54:22 AM, Slade (notifications@github.com) wrote:
Chris,
Thanks for the quick turnaround. There are no banners that say "http"
however there are several hosts with 80 and 443 open in the file. Here's an
excerpt from the xml:
<host endtime="1482258241"><address addr="redacted"
addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state
state="open" reason="syn-ack" reason_ttl="61"/></port></ports></host>
S
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://github.com/ChrisTruncer/EyeWitness/issues/238#issuecomment-268541841>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABmORjWPF9vUmr4uR_qKAH8kUpDTG7dmks5rKT2cgaJpZM4LSNmW>
.
|
|
I just pushed an update which should help address this. EyeWitness specifically looks for the service tag in xml output to help determine what the port might be. However, the latest update will build web urls as long as the port is open, and in the http or https list of known ports. Hopefully this should help. |
NMAP has not been finishing scans for me so I've started using masscan. Eyewitness has been a great tool however it isn't working for me right now. Any assistance would be greatly appreciated.
I tried to use a masscan XML with this syntax:
./EyeWitness.py -x /root/x/scans/masscan/citrix.xml --all-protocols
OS Used - ALL Information (architecture, linux flavor, etc.)
Linux Kali2 4.8.0-kali2-amd64 #1 SMP Debian 4.8.11-1kali1 (2016-12-08) x86_64 GNU/Linux
##error you are encountering
ERROR: You didn't give me a valid file name! I need a valid file containing URLs!
Expected behavior (vs. what you encountered)
Parse xml and grab screenshots
The text was updated successfully, but these errors were encountered: