r-s0n / ars0n-framework Goto Github PK
View Code? Open in Web Editor NEWA Modern Framework for Bug Bounty Hunting
License: MIT License
A Modern Framework for Bug Bounty Hunting
License: MIT License
Hi. First off, thanks so much for this very advanced security framework, that's 100% free! :3 <3
Well, I've gotten issues pulling files at times, even after turning off my firewall. At one time, it said I had some stuff already in the system, and if I want to replace them, and since I got them from the install of yours, I said no. I'm guessing no error from that. Then it tries to install your framework, and it keeps on failing. I've attached some screenshots and the install log file.
it was work perfectly before i install some tools like assetfinder and wayback url
on terminal give me this:
MongoDB is running. Continuing...
Compiled with problems:
ERROR
[eslint] EACCES: permission denied, mkdir '/home/kaskovish/ars0n-framework/client/node_modules/.cache'
Sir, could you please resolve this issue? I have installed this framework in Clein Kali Linux (2023.3), but I cannot get it to run in the browser, and I cannot add domains to the framework. The framework was suddenly stuck, and I cannot operate. If you have solved this issue, I would like to thank you. This framework helps me a lot, and I need it a lot.
[ERROR] 2024-02-06 18:40:12.225713 | Fire-Starter.py -- Amass Exception: [Errno 2] No such file or directory: './temp/amass.tmp'
and i do not have this directory i tried to find it and nothing
I recently made a docker container for ars0n framework so I can run it on one of my servers. The problem is the website is not fully accessible unless you are accessing it on localhost. Same goes for just a regular install. Switch to bridged adapter in vbox and try to access the website from the host box and you will see what I mean.
W: https://repo.mongodb.org/apt/debian/dists/buster/mongodb-org/4.4/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
--2024-02-29 19:35:33-- http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_arm64.deb
Resolving archive.ubuntu.com (archive.ubuntu.com)... 91.189.91.82, 91.189.91.83, 185.125.190.36, ...
Connecting to archive.ubuntu.com (archive.ubuntu.com)|91.189.91.82|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2024-02-29 19:35:33 ERROR 404: Not Found.
dpkg: error: cannot access archive 'libssl1.1_1.1.1f-1ubuntu2_arm64.deb': No such file or directory
rm: cannot remove 'libssl1.1_1.1.1f-1ubuntu2_arm64.deb': No such file or directory
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package 'mongodb-server-core' is not installed, so not removed
The following packages were automatically installed and are no longer required:
cython3 kali-debtags libboost-dev libboost1.74-dev libhiredis0.14 libjavascriptcoregtk-4.0-18 libopenblas-dev libopenblas-pthread-dev libopenblas0
libperl5.36 libpython3-all-dev libpython3.12 libpython3.12-dev libqt5multimedia5 libqt5multimedia5-plugins libqt5multimediagsttools5
libqt5multimediawidgets5 librtlsdr0 libucl1 libwebkit2gtk-4.0-37 libxsimd-dev libzxing2 perl-modules-5.36 python3-all-dev python3-backcall
python3-beniget python3-future python3-gast python3-pickleshare python3-pythran python3-requests-toolbelt python3-rfc3986 python3-unicodecsv
python3.12-dev xtl-dev
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package mongodb-org
Failed to start mongod.service: Unit mongod.service not found.
Failed to enable unit: Unit file mongod.service does not exist.
[!] Something went wrong! MongoDB was NOT installed successfully...
Hi ars0n,
firstable you have a great idea and a framework. Unfortunately i cannot use it and i don't know if i miss something or it has something to do with Kali and the MongoDB version.
Installation works fine but after running the first scan i see the command output but don't the results in the Web GUI.
I make some observations and here are some points that i found out. Maybe i don't understand or i'm confused, but i want to to let you know what makes me confusing.
If you need further information on specific data i will do the best that i can to collect the needed data and will provide this for you.
Many thanks from Düsseldorf, Germany :)
In the run.sh script there's mongodb mentioned.
#!/bin/bash
sudo systemctl enable mongodb 2>/dev/null
sudo systemctl start mongodb 2>/dev/null
node server/server.js &
cd client
npm run start
But the only service/unit related to MongoDB is "mongod" and NOT "mongodb"
See results below
systemctl status mongodb
Unit mongodb.service could not be found.
┌──(root㉿kali)-[~]
└─# systemctl status mongod
● mongod.service - MongoDB Database Server
Loaded: loaded (/lib/systemd/system/mongod.service; enabled; preset: di>
Active: active (running) since Wed 2023-09-20 05:42:49 EDT; 33min ago
Docs: https://docs.mongodb.org/manual
Main PID: 733 (mongod)
Memory: 251.9M
CPU: 17.600s
CGroup: /system.slice/mongod.service
└─733 /usr/bin/mongod --config /etc/mongod.conf
Sep 20 05:42:49 kali systemd[1]: Started mongod.service - MongoDB Database S>
Sep 20 05:42:49 kali mongod[733]: {"t":{"$date":"2023-09-20T09:42:49.475Z"},>
Next thing under "/etc/mongod.conf"
The port is 27017 and on your setup it's 8000. But if try to change it in the conf file to 27017 it doesn't work. Also the same way if a try it in the wildfire.py script.
net:
port: 27017
bindIp: 127.0.0.1
This is my kali version :
Linux kali 6.4.0-kali3-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.4.11-1kali1 (2023-08-21) x86_64 GNU/Linux
[+] Done! Start: 14:27:19 | Stop: 14:27:19
Automatically stopping
System python is kind tough to work with dependency wise across multiple projects - what would the community's thoughts be on creating a virtual environment in a hidden directory with a virtualenv in the home dir of the user and sourcing it in run.sh?
executing "python3 wildfire.py --start --scan -b site,site,site,site,site" will result in
File "/root/tools/ars0n-framework/toolkit/toolkit/engulf.py", line 13, in get_target_url_string
return thisFqdn['targetUrls'][0]
~~~~~~~~~~~~~~~~~~~~~~^^^
IndexError: list index out of range
From what I understand, it's like we are not providing any argument to the script.
One suggestion: besides the blacklist option, it would be nice if we were able to select a specific a fqdn which we want to perform a scan on :)
I have installed the framework but facing this error
Traceback (most recent call last):
File "/home/kali/Downloads/ars0n-framework/toolkit/toolkit-service.py", line 1, in <module>
from flask import Flask, jsonify, request
File "/usr/lib/python3/dist-packages/flask/__init__.py", line 5, in <module>
from .app import Flask as Flask
File "/usr/lib/python3/dist-packages/flask/app.py", line 34, in <module>
from . import cli
File "/usr/lib/python3/dist-packages/flask/cli.py", line 15, in <module>
from click.core import ParameterSource
ImportError: cannot import name 'ParameterSource' from 'click.core' (/usr/local/lib/python3.11/dist-packages/click/core.py)
What is the issue here?
Hello there, Im unable to add a FQDN I had try already in different browsers but nothing please help, thanks in advanced.
so idk but there are a problems face while install nodjs maybe will put photo
Hey rs0n,
So I've seen previous issues where the FQDN button wouldn't click due to the misconfigured mongod.
The main issue here is that the latest Mongo version is not integrating well with the latest Kali build, so an older version is needed.
Manual installations for Mongo are offered for Debian 10 (buster) only while the latest Kali build is Debian 11 (bullseye); however, the v10 build still works.
I provided the commands below to get it up and running so you can add it to the install.py
script. If you'd like me to issue a pull request, I'd be more than happy to!
The mongodb-server-core
package needs to be removed due to a conflict it makes with the mongodb-org-server
.
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
echo "deb [arch=amd64] https://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main" >> /etc/apt/sources.list.d/mongodb-org-4.4.list
sudo apt-get update
sudo apt-get remove mongodb-server-core
sudo apt-get install mongodb-org
sudo systemctl start mongod
sudo systemctl enable mongod
This solved the problem for me, I tried all the fixes I can but this seemed to be the most stable.
Cheers!
[+] Assetfinder installed successfully!
[!] Gau is NOT already installed. Installing now...
--2023-12-17 11:31:06-- https://github.com/lc/gau/releases/download/v2.1.2/gau_2.1.2_linux_amd64.tar.gz
Resolving github.com (github.com)... 20.233.83.145
Connecting to github.com (github.com)|20.233.83.145|:443... connected.
HTTP request sent, awaiting response... 302 Found
----SNIP
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.110.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... connected.
(and its stuck here)
Hello,
I'm giving a look to this framework, and I gave a check to install.py
. I'm noting that all the dependency tools are saved in $HOME/Tools
folder.
If I have already a tool like sublist3r
installed by the package manager (so it is already installed in /bin
folder instead of $HOME/Tools
), the framework will still see it as "missing" tool?
I'm asking you this question because I was thinking to create an Arch Linux package for Athena OS of ars0n-framework (to be published in Athena repository) that could be installed easily by sudo pacman -S ars0n-framework
where all dependencies are automatically installed. My doubt is that, if the framework requires that tools must be stored in $HOME/Tools
it could not be effective.
Let me know please.
While running wildfire.py --scan, it kicks off Nuclei scans. The Nuclei scans open chrome windows for each test for prototype pollution. These aren't always closed automatically by the script, so would be good to have something that checks for stranded processes and kills them.
Traceback (most recent call last):
File "/home/kali/ars0n-framework/toolkit/wildfire.py", line 228, in
main(args)
File "/home/kali/ars0n-framework/toolkit/wildfire.py", line 212, in main
start(args)
File "/home/kali/ars0n-framework/toolkit/wildfire.py", line 36, in start
fqdn_json = json.loads(res.text)
^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/json/init.py", line 346, in loads
return _default_decoder.decode(s)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
how can i set up in parrot os ?
I am not sure why but after I executed the following command: python3 wildfire.py -S localhost -P 8000 --start --scan and I can see that nuclei scan is running there is no output in what pages exactly did it find potential flaws and in the CVE Testing at the front page there is zero cves after scan managed to find some
Hello,
This framework is really wonderful, and I was wondering if it's possible to add in the recon tab, within the list, a category for directory bruteforcing.
Is there an option on node.js when compiling the server to add this?
Thank you so much :)
aa
Hello, I have a problem, during installation I get an error that something went wrong, I am sending the logs attached:
logs.txt
Hi @R-s0n,
I was following your tutorial in youtube and i successfully run the wildfire script same in the video but the scan doesnt finish because of this error below
[!] Something went wrong! Exception: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with url: http://localhost:8000/api/auto/update (Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f413c1024d0>: Failed to establish a new connection: [Errno 111] Connection refused')))
[-] Running Assetfinder against domain.com
[!] Something went wrong! Exception: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with url: http://localhost:8000/api/auto/update (Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f413c100bd0>: Failed to establish a new connection: [Errno 111] Connection refused')))
[-] Running Get All URLs against domain.com
I am receiving an error when trying to run a nuclei scan. I think port 1337 is not being opened somewhere the config is incorrect and needs to be updated to 8000
Error: AxiosError: connect ECONNREFUSED 127.0.0.1:1337
at AxiosError.from (/home/kali/bug_bountys/ars0n-framework/server/node_modules/axios/dist/node/axios.cjs:837:14)
at RedirectableRequest.handleRequestError (/home/kali/bug_bountys/ars0n-framework/server/node_modules/axios/dist/node/axios.cjs:3016:25)
at RedirectableRequest.emit (node:events:513:28)
at eventHandlers. (/home/kali/bug_bountys/ars0n-framework/server/node_modules/follow-redirects/index.js:14:24)
at ClientRequest.emit (node:events:513:28)
at Socket.socketErrorListener (node:_http_client:496:9)
at Socket.emit (node:events:513:28)
at emitErrorNT (node:internal/streams/destroy:151:8)
at emitErrorCloseNT (node:internal/streams/destroy:116:3)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
Hi,
thinks for this excellent job .
Can you tel me how to continue scanning when i the scan is stopped with some reasons .
without starting from the beginning .
Or can i use only nuclei scan
is there a cmd for that.
installing on parrot OS
[+] Node is already installed. Checking version...
[-] Current Node Version: v12
[!] Node 18 is NOT already installed. Installing now...
[!] This can take 30+ minutes depending on your machine.
[!] Something went wrong! Please try to run the installer again or open an issue on the repo...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.