Comments (21)
I have the same isue with scalp-0.4.py on SUSE Linux Enterprise Server 11
(x86_64)2.6.32.12-0.7-default.
Output:
The rule
'(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:li
ke\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not
|\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(
]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,"-]+from)|(?:find_in_set\s*\()
' cannot be compiled properly
Original comment by [email protected]
on 10 Oct 2011 at 12:13
from apache-scalp.
Same issue :
The rule
'(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:li
ke\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not
|\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(
]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,"-]+from)|(?:find_in_set\s*\()
' cannot be compiled properly
Operating system :
Debian Linux 5.0.8 with Python 2.5.2 and scalp 0.4
Log format used for my access logs :
%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"
Original comment by [email protected]
on 26 Oct 2011 at 10:15
from apache-scalp.
Same problem:
Fedora Core 15
python-2.7.1-7.fc15.x86_64
Original comment by [email protected]
on 12 Nov 2011 at 6:45
from apache-scalp.
any news about? I have the sape problem
Red Hat Enterprise Linux ES release 4 (Nahant Update 6)
python-2.3.4-14.4
when trying to exclude the rules, another rule gives the error...
thanks
Original comment by [email protected]
on 3 Jan 2012 at 4:50
from apache-scalp.
$ ./scalp-0.4.py --log all.parsed --attack xss,sqli,lfi,ref
Loading XML file 'default_filter.xml'...
The rule
'(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:li
ke\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not
|\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(
]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,"-]+from)|(?:find_in_set\s*\()
' cannot be compiled properly
$ python --version
Python 2.7.1
Original comment by [email protected]
on 9 Jan 2012 at 8:13
from apache-scalp.
Same here.
Python 2.5.2
Original comment by [email protected]
on 9 Jan 2012 at 11:23
from apache-scalp.
Ok, it seems that there is an extra \ in (?:\w+\s+like\s+\") in front of the ".
But removing it leads to:
sre_constants.error: nothing to repeat
it usually appears with nested 0 something quantifiers (like (x?)* or (x*)*),
but don't see where that case happens.
Original comment by [email protected]
on 10 Jan 2012 at 12:39
from apache-scalp.
Ok, found it... (?:all|distinct|[(!@]*)? should be (?:all|distinct|[(!@]+)?
Original comment by [email protected]
on 10 Jan 2012 at 12:44
from apache-scalp.
Next: The rule '(?i:(\%SYSTEMROOT\%))' cannot be compiled properly... the
construct (?i: (case insensitive non-capturing group) is not supported...
should be uglyfied as
(?:(\%[sS][yY][sS][tT][eE][mM][rR][oO][oO][tT]\%))
And that's it, for me default.xml is loaded after those two changes.
Original comment by [email protected]
on 10 Jan 2012 at 12:51
from apache-scalp.
Thanks! Got mine to run!
Original comment by [email protected]
on 26 Mar 2012 at 4:31
from apache-scalp.
default_filter.xml with [email protected] fixes applied available here:
http://pastebin.com/uDziqcD5
Original comment by [email protected]
on 30 Apr 2012 at 4:37
from apache-scalp.
Thank you! Helped me out :)
Original comment by [email protected]
on 21 May 2012 at 8:46
from apache-scalp.
Thanks, the two fixes mentioned here fixed the issue. Why is the xml file not
updated on the home page of the scalp project?
Original comment by [email protected]
on 28 May 2012 at 8:48
from apache-scalp.
Thanks! Mine worked smooth after the fix :)
Original comment by [email protected]
on 1 Aug 2012 at 1:46
from apache-scalp.
thank you guys :)
Original comment by [email protected]
on 7 Oct 2012 at 10:06
from apache-scalp.
Thanks for the fix and the pastebin.
Original comment by [email protected]
on 23 Jan 2013 at 3:56
from apache-scalp.
Worked for me too (Python 2.5.1 on Windows), thanks.
Original comment by [email protected]
on 18 Aug 2013 at 9:04
from apache-scalp.
Yey its working so you have to replace
(?:all|distinct|[(!@]*)? with (?:all|distinct|[(!@]+)?
and
(?i:(\%SYSTEMROOT\%)) with
(?:(\%[sS][yY][sS][tT][eE][mM][rR][oO][oO][tT]\%))
It will then run :D have a nice day
Original comment by [email protected]
on 21 Mar 2014 at 9:45
from apache-scalp.
Had the same issue on centos , those fixes mention fixed it.
Original comment by [email protected]
on 19 Aug 2014 at 12:23
from apache-scalp.
Excelente solution by [email protected] just replace
(?:all|distinct|[(!@]*)? with (?:all|distinct|[(!@]+)?
and
(?i:(\%SYSTEMROOT\%)) with
(?:(\%[sS][yY][sS][tT][eE][mM][rR][oO][oO][tT]\%))
Thank you.
Original comment by [email protected]
on 14 Oct 2014 at 6:58
from apache-scalp.
Related Issues (19)
- scalp 0.4 : error: the log file doesn't exist HOT 2
- Default filter file is at a new URL.
- issue when running sclep HOT 1
- Show ip for each match
- while using --period (IndexError: list index out of range) HOT 2
- error while using --period
- cannot be compiled properly issue HOT 4
- Feature Request
- C++ Changes and output
- XML file isn't available HOT 1
- Running on Windows ?
- SyntaxError: invalid syntax with python 2.5, need 2.4/2.3 compatibility HOT 19
- A bunch of false positives HOT 7
- PHPIDS regex cannot be compiled HOT 10
- SyntaxError: invalid syntax HOT 1
- Scalp not able to compile rule propery HOT 4
- Link to default_filters.xml on the Project Home page is incorrect
- Scalp processes zero lines HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apache-scalp.