Thanks for the python 3 update.

The docker file should be updated and tested as well, I haven’t tested whether it currently works, but it looks like python3 is not installed, so I think the Dockerfile is currently broken.

stomping over the same file with all sorts of results... well... not even worth a pull request... but I added a few lines to disambiguate them - the main bit is:

date = subprocess.Popen(["date", "+%Y-%m-%d.%s"],stdout=subprocess.PIPE).stdout.read()[:-1].decode("utf-8") debuglog = "rs.dbg.%s.%s" % (target, date) vulreport = "rs.vul.%s.%s" % (target, date)

That will create files that look like "rs.vul.google.com.2022-01-03.1641255361" or w/e.

I'd also advocate creating a vulnerability file even if nothing was found; e.g. change this:

if len(rs_vul_list)==0: print("\t"+bcolors.OKGREEN+"No Vulnerabilities Detected."+bcolors.ENDC)

To be a report.write(*) with the same text or w/e (not blank, since it could die in mid run and you wouldn't know if it really was zero vuls or not.) First time I ran it I wasn't sure if there was a bug or what, since no result file was created.

YMMV, IMHO, etc.

Hi, it looks like the docker image cannot be build with the latest kali distributions :/

I'm unsure which python dependencies have docutils as a requirements, tho.

Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 python-docutils : Depends: docutils-common (= 0.12+dfsg-1) but 0.16+dfsg-4 is to be installed
                   Recommends: python-pil but it is not going to be installed
                   Recommends: python-pygments but it is not going to be installed
                   Recommends: libpaper-utils but it is not going to be installed
                   Recommends: docutils-doc (= 0.12+dfsg-1) but it is not going to be installed
 python-requests : Depends: python-chardet but it is not installable
E: Unable to correct problems, you have held broken packages.
The command '/bin/sh -c apt-get install -y   python2.7   wget   dmitry   dnsrecon   wapiti   nmap   sslyze   dnsenum   wafw00f   golismero   dirb   host   lbd   xsser   dnsmap   dnswalk   fierce   davtest   whatweb   nikto   uniscan   whois   theharvester' returned a non-zero code: 100

I have nikto dimtry sslyze dnsrecon and golismer and other tool the script rapid scan still tell me that tool unavailable above script and on scan progress??

Hi @sh4nx0r ,

This PR adds some changes such that the code is using argparse to parse the arguments.

And it fixes #22 with argument --skip.

Edit: we should read 22 on the commit message not 12...

Hi,

I've been running into issues with DMitry, the scan takes more than 48h, which is not acceptable.

I was wondering if there is an option to disable a specific tool using the rapidscan docker container ?

Thanks

I got unrecognized -dns arguments error.

Fierce Subdomains Bruter - Brute Forces Subdomain Discovery.

usage: fierce [-h] [--domain DOMAIN] [--connect] [--wide] [--traverse TRAVERSE] [--search SEARCH [SEARCH ...]] [--range RANGE] [--delay DELAY] [--subdomains SUBDOMAINS [SUBDOMAINS ...] | --subdomain-file SUBDOMAIN_FILE] [--dns-servers DNS_SERVERS [DNS_SERVERS ...] | --dns-file DNS_FILE] [--tcp] fierce: error: unrecognized arguments: -dns example.com

Hello!

I really liked your tool, you surely have put a lot of effort into this tool, and I see that the development is still under progress. Don't you think that it will be a better idea to shift this tool to Python 3 as this is the future. Python 2 is deprecating with the passage of time. If you're willing to make the transition, I can work with you, we can together make the proper changings to shift from Python 2 to Python 3. Waiting for your thoughts on it. Thanks

Good day, I wanted to do push for your code cause harvester is not working on latest Kali because of the name. So here you go the code, you can review it and make push. Its not big modification but theharvester is now theHarvester, if you go with theharvester it will tell you bash command not found.

line 216 ["theHarvester","The Harvester - Scans for emails using Google's passive search.","theHarvester",1], line 301 ["theHarvester -l 50 -b google -d ",""], line 665 ["wapiti"], ["whatweb"], ["nmap"], ["golismero"], ["host"], ["wget"], ["uniscan"], ["wafw00f"], ["dirb"], ["davtest"], ["theHarvester"], ["xsser"], ["dnsrecon"],["fierce"], ["dnswalk"], ["whois"], ["sslyze"], ["lbd"], ["golismero"], ["dnsenum"],["dmitry"], ["davtest"], ["nikto"], ["dnsmap"] line

Traceback (most recent call last): File "/Users/ayhan/Downloads/rapidscan-master/rapidscan.py", line 1514, in rs_tool_output_file = open(temp_file).read() File "/usr/local/Cellar/[email protected]/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/codecs.py", line 322, in decode (result, consumed) = self._buffer_decode(data, self.errors, final) UnicodeDecodeError: 'utf-8' codec can't decode byte 0xdd in position 1541: invalid continuation byte

MacOS 10.15.7 (Catalina)

TLDR; run an apt-get before anything else... you either need to ignore keys altogether or use some alternate method to get the Kali pubkey (curl, wget, etc. aren't in the baseimage.) Alternate workaround after errors building:

Sending build context to Docker daemon 3.565MB Step 1/10 : FROM kalilinux/kali-rolling ---> c2fadbc65f8d Step 2/10 : ENV DEBIAN_FRONTEND noninteractive ---> Using cache ---> fd58a73e4d8b Step 3/10 : RUN apt-get update && apt-get -yu dist-upgrade -y ---> Running in 73b26ccf950e Get:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease [30.6 kB] Err:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED444FF07D8D0BF6 Reading package lists... W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: http://http.kali.org/kali/dists/kali-rolling/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/kali-archive-keyring.gpg are ignored as the file is not readable by user '_apt' executing apt-key. W: GPG error: http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED444FF07D8D0BF6 E: The repository 'http://http.kali.org/kali kali-rolling InRelease' is not signed. The command '/bin/sh -c apt-get update && apt-get -yu dist-upgrade -y' returned a non-zero code: 100

You can do the somewhat crazy :

RUN apt -o Acquire::AllowInsecureRepositories=true -o Acquire::AllowDowngradeToInsecureRepositories=true update

Or actually get the key somehow. If you do the above, three more changes were necessary to make the dockerfile work -

1. add the "--allow-unauthenticated" to apt-get RUN line
2. change python to python3 in the apt-get package listing.
3. change the last line from: ENTRYPOINT ["/usr/local/bin/rapidscan.py"] -> ENTRYPOINT ["python3", "/usr/local/bin/rapidscan.py"]

It seems that scans take quite long to complete or maybe there is some issue.

I have run the scan and nmap was running for 2 hours before i killed it and Fierce subdomains bruter is the same story (haven't killed it yet).

Is this normal? Shall I wait for more, or is there something wrong?

That would be nice to be able to check if we're running the latest version of rapidscan.

I wouldn't trust the --update flag to update rapidsan, it's likely resulting in permission error.

Hello,

I've run rapidscan via docker and it seems like all report files are fine. The temp_uniscan_rfi file says:

HTML report saved in: report/www.my-domain.com.html

But there is no HTML document. Any ideas?