哈喽大家好:wave:, 这里是钰棽. 由于左边的菜鸡正在学习所以让我介绍他:no_mouth:
Let's connect and chat! 📨
Open to anything under the stars ✨
:cat2:Medusa是一个红队武器库平台,目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能,持续开发中
Home Page: http://medusa.ascotbe.com
License: GNU General Public License v3.0
哈喽大家好:wave:, 这里是钰棽. 由于左边的菜鸡正在学习所以让我介绍他:no_mouth:
Let's connect and chat! 📨
Open to anything under the stars ✨
执行./install.sh xxx npm报错
npm ERR! code ENOTFOUND
npm ERR! errno ENOTFOUND
npm ERR! network request to http://registry.cnpmjs.org/highcharts failed, reason: getaddrinfo ENOTFOUND registry.cnpmjs.org registry.cnpmjs.org:80
npm ERR! network This is a problem related to network connectivity.
npm ERR! network In most cases you are behind a proxy or have bad network settings.
npm ERR! network
npm ERR! network If you are behind a proxy, please make sure that the
npm ERR! network 'proxy' config is set properly. See: 'npm help config'
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2022-10-08T12_07_18_794Z-debug.log
The command '/bin/sh -c npm install highcharts --save --registry=http://registry.cnpmjs.org' returned a non-zero code: 1
Unable to find image 'medusa_web:latest' locally
docker: Error response from daemon: pull access denied for medusa_web, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
lllsdfsdf
llldsfdfs
ssdfsdfsdf
docker 运行出错,无法成功构建,按照bug排查,尝试了多种可能问题,一天了任无法解决。
1.ascotbe/medusa:latest镜像打包成Medusa.tat.gz放入本地Medusa目录
2.腾讯云服务器和MACOS 上运行docker build -t medusa_web .均报错,无法成功构建
bug1:
#36 3.187 npm ERR! code ENOENT
#36 3.190 npm ERR! syscall open
#36 3.190 npm ERR! path /Medusa/Vue/package.json
#36 3.195 npm ERR! enoent ENOENT: no such file or directory, open '/Medusa/Vue/package.json'
bug2:
Fail at the [email protected] serve script
3.本地服务器搭建后首次运行登录图片验证码无法刷新。重启重新再运行无法跑成功。Vue 目录下运行npm run serve 先是崩溃,后直接报错
问题排查了一天,无法解决。希望能获取帮助。帮忙解决问题
null
腾讯云服务器
Linux VM-4-13-ubuntu 5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
python3.8
MACOS M1 arm内核
[32/41] RUN npm run serve:
#36 3.187 npm ERR! code ENOENT
#36 3.190 npm ERR! syscall open
#36 3.190 npm ERR! path /Medusa/Vue/package.json
#36 3.191 npm ERR! errno -2
#36 3.195 npm ERR! enoent ENOENT: no such file or directory, open '/Medusa/Vue/package.json'
#36 3.196 npm ERR! enoent This is related to npm not being able to find a file.
#36 3.196 npm ERR! enoent
#36 3.210
#36 3.210 npm ERR! A complete log of this run can be found in:
#36 3.211 npm ERR! /root/.npm/_logs/2022-01-02T10_53_10_314Z-debug.log
executor failed running [/bin/sh -c npm run serve]: exit code: 254
2.服务器Vue目录下执行后bug日志
dokcer搭建后,点击注册一直提示服务器崩溃啦
第一个:qq群密码是什么啊?我试过了
https://github.com/Ascotbe/Medusa.git
http://medusa.ascotbe.com/Documentation/#/
https://www.ascotbe.com/Loophole
全部不对。。。。。。
第二个问题:
我部署的是docker环境,已经部署好了,但是打开之后验证码显示不出来,提示网络错误。这种情况应该怎么解决?
按理说docker环境应该是开箱即用啊,不存在需要进去再调整前后端对接。
而且我用docker exec id号进去想执行命令,发现docker自动死掉了。
使用命令 python3 MedusaScan.py -f -test.txt -PR 1-65535 扫描端口 报错
Process Process-1:
Traceback (most recent call last):
File "/usr/local/python3/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap
self.run()
File "/usr/local/python3/lib/python3.8/multiprocessing/process.py", line 108, in run
self._target(*self._args, **self._kwargs)
File "MedusaScan.py", line 150, in Port
ClassCongregation.PortScan(Url).Start(**kwargs)
File "/root/Medusa/ClassCongregation.py", line 129, in Start
for Port in self.CustomizePortList:
AttributeError: 'PortScan' object has no attribute 'CustomizePortList'
那个pip3 install -r Medusa.txt 安装时候没有报错 nmap 也安装了
建议增加
1、CVE监控
2、自定义推送功能,可将平台信息通过Server酱、BARK等平台推送到手机
3、部署文档在Ubuntu 20.04.3 LTS已不适用,建议更新。
建议增加
1、CVE监控
2、自定义推送功能,可将平台信息通过Server酱、BARK等平台推送到手机
3、部署文档在Ubuntu 20.04.3 LTS已不适用,建议更新。
建议增加
1、CVE监控
2、自定义推送功能,可将平台信息通过Server酱、BARK等平台推送到手机
3、部署文档在Ubuntu 20.04.3 LTS已不适用,建议更新。
Describe the bug||描述错误
A clear and concise description of what the bug is.||清楚简洁地说明错误是什么。
web版本按照docker安装的步骤进行,搭建完成中间没有报错,但登录时提示“Network Error”
To Reproduce||重现
Steps to reproduce the behavior and paste the relevant data package:||重现行为的步骤,并贴上相关的数据包:
Screenshots||截图
If applicable, add screenshots to help explain your problem.||如果适用,请添加屏幕截图以帮助解释您的问题。
报错截图如下:https://raw.githubusercontent.com/si1entgr0/si1egimg/master/20210310145117.png
Related system description:||相关系统说明:
Linux localhost.localdomain 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Docker version 20.10.2, build 2291f61
Log content||日志内容
Please post the log content of the error time period||请贴上报错时间段的日志内容关内容
Additional context||其他内容
Write relevant content that needs to be added here.||这边写上需要补充的相关内容
Vue的部分建议直接build好了放到镜像来,docker重编译总会出现很多奇奇怪怪的问题~
PS:你们这个commit记录真的看着不迷糊吗?
简化安装
No response
Describe the bug||描述错误
当redis的密码包含 !@# 等特殊符号,时 redis连接不上
To Reproduce||重现
Steps to reproduce the behavior and paste the relevant data package:||重现行为的步骤,并贴上相关的数据包:
Related system description:||相关系统说明:
Linux Centos7
python 3.7
java 8
Medusa Web master分支代码
猜测: 配置文件里的密码可能需要转义
如果密码不用单引号 和 双引号 包围, 并用“\” 转译字符 实际测试无效
配置咨询
我自用域名test.aaaa.com,目前xss服务正常,配置dns设置如下:
新建A记录
ns1.aaaa.com 服务器ip
ns2.aaaa.com 服务器ip
修改第二个域名bbbb.com的NS解析为ns1.aaaa.com ,ns2.aaaa.com
修改nginx配置为:
server { #这个是接管所有的关于dnslogtest.ascotbe.com的子域名
listen 80;
server_name *.bbbb.com;
location / {
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
}
}
修改config.py配置为:
domain_name_system_address="bbbb.com" #用户用来接收数据的DNSLOG域名
因为一直无法获取dns记录,所以想请教一下
无
无
无
WARNING: Illegal reflective access by ysoserial.payloads.CommonsCollections5 (file:/aa/tools/Medusa/Tool/ysoserial.jar) to field javax.management.BadAttributeValueExpException.val
WARNING: Please consider reporting this to the maintainers of ysoserial.payloads.CommonsCollections5
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2021-01-02 19:57:02,550 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:Struts2RemoteCodeExecutionVulnerability59 || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:02,550 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: list index out of range
2021-01-02 19:57:02,982 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:Struts2RemoteCodeExecutionVulnerability61 || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:02,983 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: list index out of range
2021-01-02 19:57:03,710 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:OneCaitongElectronicProcurementSystemUploadsArbitraryFiles2 || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:03,710 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: 'latin-1' codec can't encode characters in position 260-261: Body ('提交') is not valid Latin-1. Use body.encode('utf-8') if you want to send it encoded in UTF-8.
2021-01-02 19:57:03,982 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:B2BbuilderHeadSQLInjectionVulnerability || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:03,983 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: Value for header {Accept: ('text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',)} must be of type str or bytes, not <class 'tuple'>
2021-01-02 19:57:04,763 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:PhpwebArbitraryFileUploadVulnerability || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:04,763 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: 'NoneType' object has no attribute 'group'
2021-01-02 19:57:05,106 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:CsCMSSQLInjectionVulnerability || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:05,106 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: Failed to parse: http://192.168.1.1:9090%s/index.php/dance/so/key/?key=%252527)%20%2561%256E%2564%201=2%20union%20%2573%2565%256C%2565%2563%2574%201,md5(1231231234),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42%23
2021-01-02 19:57:06,482 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:EnableQArbitraryFileUploadVulnerability || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:06,482 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: 'latin-1' codec can't encode characters in position 282-283: Body ('提交') is not valid Latin-1. Use body.encode('utf-8') if you want to send it encoded in UTF-8.
2021-01-02 19:57:06,923 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:EmlogSQLInjectionVulnerability || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:06,923 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: Failed to parse: http://192.168.1.1:9090content/plugins/kl_album/kl_album_ajax_do.php
2021-01-02 19:57:07,632 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:CitrixGatewayPathTraversalVulnerability || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:07,632 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: Value for header {Content-Type: ('application/x-www-form-urlencoded',)} must be of type str or bytes, not <class 'tuple'>
2021-01-02 19:57:07,663 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:Struts2RemoteCodeExecutionVulnerability1 || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:07,663 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: HTTPConnectionPool(host='192.168.1.1', port=9090): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x10f601e80>, 'Connection to 192.168.1.1 timed out. (connect timeout=5)'))
2021-01-02 19:57:07,837 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:NginxDirectoryTraversalVulnerability || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:07,837 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: HTTPConnectionPool(host='192.168.1.1', port=9090): Max retries exceeded with url: /files../ (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x110f313a0>, 'Connection to 192.168.1.1 timed out. (connect timeout=5)'))
2021-01-02 19:57:07,942 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:SeeyouSystemFrameworkVulnerability || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:07,942 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: can only concatenate list (not "str") to list
2021-01-02 19:57:07,942 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:SeeyouSystemFrameworkVulnerability || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:07,942 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: can only concatenate list (not "str") to list
2021-01-02 19:57:07,971 - /aa/tools/Medusa/ClassCongregation.py[line:449] - INFO: Plugin Name:SolrRemoteCodeExecutionVulnerability2 || Target Url:http://192.168.1.1:9090
2021-01-02 19:57:07,971 - /aa/tools/Medusa/ClassCongregation.py[line:450] - WARNING: Expecting value: line 1 column 1 (char 0)
Describe the bug||描述错误
冲着有中文提示的 DEMO 来的, 英文早都看腻了。
To Reproduce||重现
两个错误,
一个是安装时
pip3 install -r Medusa.txt
ERROR: Cannot install -r Medusa.txt (line 25) and cryptography==3.1.1 because these package versions have conflicting dependencies.
The conflict is caused by:
The user requested cryptography==3.1.1
mitmproxy 4.0.4 depends on cryptography<2.4 and >=2.1.4
To fix this you could try to:
ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/user_guide/#fixing-conflicting-dependencies
一个是运行时
python3 MedusaScan.py -u www.xxxxxxx.com or python3 MedusaScan.py -u https://www.xxxxxxx.com
都会提示 unsupported operand type(s) for +: 'NoneType' and 'str'
Process Process-116:
Traceback (most recent call last):
File "/usr/Medusa/Modules/Cms/EasyTalk/EasyTalkSQLInjectionVulnerability10.py", line 28, in medusa
payload_url = url + payload
TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap
self.run()
File "/usr/lib/python3.8/multiprocessing/process.py", line 108, in run
self._target(*self._args, **self._kwargs)
File "/usr/Medusa/Modules/Cms/EasyTalk/EasyTalkSQLInjectionVulnerability10.py", line 41, in medusa
l = ErrorLog().Write("Plugin Name:"++" || Target Url:"+url,e)#调用写入类
TypeError: can only concatenate str (not "NoneType") to str
[ + ] Medusa scan progress bar: 79%|################################################################################################################################7 | 190/242 [00:01<00:00, 97.58it/s]Process Process-199:
Traceback (most recent call last):
File "/usr/Medusa/Modules/OA/Seeyou/SeeyouMultipleSQLInjectionVulnerabilities.py", line 34, in medusa
payload_url = url+payload
TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap
self.run()
File "/usr/lib/python3.8/multiprocessing/process.py", line 108, in run
self._target(*self._args, **self._kwargs)
File "/usr/Medusa/Modules/OA/Seeyou/SeeyouMultipleSQLInjectionVulnerabilities.py", line 47, in medusa
l = ClassCongregation.ErrorLog().Write("Plugin Name:"++" || Target Url:"+url,e)#调用写入类
TypeError: can only concatenate str (not "NoneType") to str
[ + ] Medusa scan progress bar: 88%|################################################################################################################################################# | 214/242 [00:02<00:00, 96.96it/s]Process Process-214:
Traceback (most recent call last):
File "/usr/Medusa/Modules/OA/Weaver/WeaverDatabaseConfigurationLeakVulnerability.py", line 29, in medusa
payload_url = url+payload
TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap
self.run()
File "/usr/lib/python3.8/multiprocessing/process.py", line 108, in run
self._target(*self._args, **self._kwargs)
File "/usr/Medusa/Modules/OA/Weaver/WeaverDatabaseConfigurationLeakVulnerability.py", line 41, in medusa
l = ClassCongregation.ErrorLog().Write("Plugin Name:"++" || Target Url:"+url,e)#调用写入类
TypeError: can only concatenate str (not "NoneType") to str
[ + ] Medusa scan progress bar: 100%|####################################################################################################################################################################| 242/242 [00:04<00:00, 58.69it/s]
[ + ] Medusa cleanup thread progress: 0%| | 0/242 [00:00<?, ?it/s]Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by ysoserial.payloads.CommonsCollections5 (file:/usr/Medusa/Tool/ysoserial.jar) to field javax.management.BadAttributeValueExpException.val
WARNING: Please consider reporting this to the maintainers of ysoserial.payloads.CommonsCollections5
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
WARNING:root:got EOF error, stop recv loop!
[ ! ] Unable to get dnslog, please replace ceye!
[ ! ] Unable to get dnslog, please replace ceye!
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
WARNING:root:
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Related system description:||相关系统说明:
Kali Lunix
Additional context||其他内容
是这个样子的,你按照项目更新时间来排序,有些很久的项目更新了就置顶了,GIThub监控是想看最新有什么漏洞出现
谢谢
是这个样子的,你按照项目更新时间来排序,有些很久的项目更新了就制定了,GIThub监控是想看最新有什么漏洞出现
所以你能不能【按照项目创建时间】来排序
谢谢
No response
Could you provide a way to build the project in own local environment without domain .Just for test and know about medusa
to run in local environment
No response
登录注册界面提示Request failed with status code 404
用的宝塔面板搭建
http://medusa.lilysama.top/#/login
python 3.8
ubuntu
Please specify a different user using the --uid option.
User information: uid=0 euid=0 gid=0 egid=0
warnings.warn(RuntimeWarning(ROOT_DISCOURAGED.format(
-------------- celery@VM-4-10-ubuntu v5.0.5 (singularity)
--- ***** -----
-- ******* ---- Linux-5.4.0-42-generic-x86_64-with-glibc2.29 2022-05-19 15:21:33
[tasks]
. Web.ApplicationCollection.CollectionWork.AppleCollectionWork
. Web.CVE.GithubMonitoring.Github.Monitor
. Web.FileAcquisition.Receive.Pack
. Web.Mail.Email.SendMail
. Web.SystemInfo.HardwareInfo.Monitor
. Web.TrojanOrVirus.TrojanInterface.CompileCode
. Web.TrojanOrVirus.TrojanInterface.CompilePortableExecutableFile
[2022-05-19 15:21:33,250: INFO/Beat] beat: Starting...
[2022-05-19 15:21:33,252: INFO/MainProcess] Connected to redis://:**@127.0.0.1:6379/6
[2022-05-19 15:21:33,255: INFO/MainProcess] mingle: searching for neighbors
[2022-05-19 15:21:33,259: INFO/Beat] Scheduler: Sending due task GithubCveMonitor (Web.CVE.GithubMonitoring.Github.Monitor)
[2022-05-19 15:21:33,266: INFO/Beat] Scheduler: Sending due task HardwareInfoMonitor (Web.SystemInfo.HardwareInfo.Monitor)
[2022-05-19 15:21:34,264: INFO/MainProcess] mingle: all alone
[2022-05-19 15:21:34,272: WARNING/MainProcess] /usr/local/lib/python3.8/dist-packages/celery/fixups/django.py:203: UserWarning: Using settings.DEBUG leads to a memory
leak, never use this setting in production environments!
warnings.warn('''Using settings.DEBUG leads to a memory
[2022-05-19 15:21:34,272: INFO/MainProcess] celery@VM-4-10-ubuntu ready.
[2022-05-19 15:21:34,274: INFO/MainProcess] Received task: Web.CVE.GithubMonitoring.Github.Monitor[3e43d6f6-8907-4774-ba3f-f83beab745ba]
[2022-05-19 15:21:34,912: INFO/MainProcess] Task Web.CVE.GithubMonitoring.Github.Monitor[3e43d6f6-8907-4774-ba3f-f83beab745ba] succeeded in 0.6376296439993894s: None
[2022-05-19 15:21:34,914: INFO/MainProcess] Received task: Web.SystemInfo.HardwareInfo.Monitor[402ae60a-091b-40c5-8eb4-3edabb87417b]
[2022-05-19 15:21:35,916: INFO/MainProcess] Web_DatabaseHub_HardwareUsageRateInfo(class)_init(def)
[2022-05-19 15:21:35,916: WARNING/MainProcess] table HardwareUsageRateInfo already exists
[2022-05-19 15:21:35,925: INFO/MainProcess] Task Web.SystemInfo.HardwareInfo.Monitor[402ae60a-091b-40c5-8eb4-3edabb87417b] succeeded in 1.0106860129999404s: None
[2022-05-19 15:21:53,273: INFO/Beat] Scheduler: Sending due task HardwareInfoMonitor (Web.SystemInfo.HardwareInfo.Monitor)
[2022-05-19 15:21:53,275: INFO/MainProcess] Received task: Web.SystemInfo.HardwareInfo.Monitor[45ffadc6-9373-49a3-b4e3-4f4717190118]
[2022-05-19 15:21:54,277: INFO/MainProcess] Web_DatabaseHub_HardwareUsageRateInfo(class)_init(def)
[2022-05-19 15:21:54,277: WARNING/MainProcess] table HardwareUsageRateInfo already exists
[2022-05-19 15:21:54,286: INFO/MainProcess] Task Web.SystemInfo.HardwareInfo.Monitor[45ffadc6-9373-49a3-b4e3-4f4717190118] succeeded in 1.010255667999445s: None
[2022-05-19 15:22:13,281: INFO/Beat] Scheduler: Sending due task HardwareInfoMonitor (Web.SystemInfo.HardwareInfo.Monitor)
[2022-05-19 15:22:13,283: INFO/MainProcess] Received task: Web.SystemInfo.HardwareInfo.Monitor[6ac1b7ed-cda9-4b31-9780-67916629ed59]
[2022-05-19 15:22:14,285: INFO/MainProcess] Web_DatabaseHub_HardwareUsageRateInfo(class)_init(def)
[2022-05-19 15:22:14,285: WARNING/MainProcess] table HardwareUsageRateInfo already exists
[2022-05-19 15:22:14,294: INFO/MainProcess] Task Web.SystemInfo.HardwareInfo.Monitor[6ac1b7ed-cda9-4b31-9780-67916629ed59] succeeded in 1.0110462570009986s: None
[2022-05-19 15:22:33,264: INFO/Beat] Scheduler: Sending due task GithubCveMonitor (Web.CVE.GithubMonitoring.Github.Monitor)
[2022-05-19 15:22:33,266: INFO/MainProcess] Received task: Web.CVE.GithubMonitoring.Github.Monitor[b99341ea-fd88-4471-a2a0-c37ce1451906]
[2022-05-19 15:22:33,281: INFO/Beat] Scheduler: Sending due task HardwareInfoMonitor (Web.SystemInfo.HardwareInfo.Monitor)
[2022-05-19 15:22:37,927: INFO/MainProcess] Task Web.CVE.GithubMonitoring.Github.Monitor[b99341ea-fd88-4471-a2a0-c37ce1451906] succeeded in 4.66045487700103s: None
[2022-05-19 15:22:37,929: INFO/MainProcess] Received task: Web.SystemInfo.HardwareInfo.Monitor[e991e80d-19dc-443f-9ab1-c410e217855c]
[2022-05-19 15:22:38,931: INFO/MainProcess] Web_DatabaseHub_HardwareUsageRateInfo(class)_init(def)
[2022-05-19 15:22:38,931: WARNING/MainProcess] table HardwareUsageRateInfo already exists
[2022-05-19 15:22:38,939: INFO/MainProcess] Task Web.SystemInfo.HardwareInfo.Monitor[e991e80d-19dc-443f-9ab1-c410e217855c] succeeded in 1.010053665999294s: None
it need py3 and a lot of modules , it's very convenient to make it as docker image
ascotbe/medusa:latest image can't pull
docker pull ascotbe/medusa:latest
null
Docker Engine
v20.10.11
python 3.8
[ + ] Scanning across modules: AllMod
[ + ] Medusa scan progress bar: 100%|####################################################################################################################################################################| 241/241 [00:09<00:00, 24.99it/s]
[ + ] Medusa cleanup thread progress: 100%|##############################################################################################################################################################| 241/241 [02:04<00:00, 1.93it/s]
[ ! ] Scan is complete, please see the ScanResult file
部署失败
docker部署失败了
https://github.com/Ascotbe/Medusa/
一键安装
我装了3个小时没成功,各位大佬麻烦了
No response
可以不配置域名或证书吗
可以不配置域名或证书吗
可以不配置域名或证书吗
安装吐了 手动 docker 都安装不起 不是npm 报错就是网络问题 就算勉强安装起验证码还加载不出来
安装吐了 手动 docker 都安装不起 不是npm 报错就是网络问题 就算勉强安装起验证码还加载不出来
安装吐了 手动 docker 都安装不起 不是npm 报错就是网络问题 就算勉强安装起验证码还加载不出来
安装吐了 手动 docker 都安装不起 不是npm 报错就是网络问题 就算勉强安装起验证码还加载不出来
安装吐了 手动 docker 都安装不起 不是npm 报错就是网络问题 就算勉强安装起验证码还加载不出来
Describe the bug||描述错误
from Modules.OA.Tongda import TongdaOfficeAnywhereArbitraryFileUploadAndFileInclusionVulnerability
ValueError: source code string cannot contain null bytes
s2wcn@debian:/Medusa$ pip3 install dubbo-py/Medusa$ sudo python3 MedusaScan.py -u https://www.ascotbe.com
Requirement already satisfied: dubbo-py in /home/s2wcn/.local/lib/python3.7/site-packages (0.2.2)
Requirement already satisfied: kazoo in /home/s2wcn/.local/lib/python3.7/site-packages (from dubbo-py) (2.8.0)
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from kazoo->dubbo-py) (1.12.0)
s2wcn@debian:
Traceback (most recent call last):
File "MedusaScan.py", line 17, in
from Modules.Dubbo import Dubbo
File "/home/s2wcn/Medusa/Modules/Dubbo/Dubbo.py", line 3, in
from Modules.Dubbo import DubboProviderDefaultAntiSequenceVulnerability
File "/home/s2wcn/Medusa/Modules/Dubbo/DubboProviderDefaultAntiSequenceVulnerability.py", line 7, in
from dubbo.codec.hessian2 import new_object
ModuleNotFoundError: No module named 'dubbo'
1.web版本 docker 里面木有 start.sh文件
2.qq群收费金额显示NaN元 无法加入群
1 bs4
2 fake-useragent
3 requests
4 urllib3
5 python-nmap
6 PyMySQL
7 IPy
8 scrapy
9 tqdm
10 dnspython
11 tldextract
12 random <-------------
root@kali:~/Desktop/Medusa-master# python3 MedusaScan.py -f sub.txt
| / |____ ||__ |_ |____ | | | | | |
| |/| | _ | | | | | | | || | | | | |
| | | || | |_____| | | | | || |/ // /
|| ||| | //_|| |||_____/
||
Blog https://www.ascotbe.com | v0.92
Traceback (most recent call last):
File "MedusaScan.py", line 158, in
Subdomain=args.Subdomain#开启子域名枚举
AttributeError: 'Namespace' object has no attribute 'Subdomain'
docker版本安装不成功
docker版本安装不成功
ubuntu20
Step 33/45 : RUN npm install highcharts --save --registry=https://registry.npmmirror.com/
---> Running in efaf780b62b1
npm notice created a lockfile as package-lock.json. You should commit this file.
[email protected] build /Medusa/Vue
vue-cli-service build
sh: 1: vue-cli-service: not found
npm ERR! code ELIFECYCLE
npm ERR! syscall spawn
npm ERR! file sh
npm ERR! errno ENOENT
npm ERR! [email protected] build: vue-cli-service build
npm ERR! spawn ENOENT
npm ERR!
npm ERR! Failed at the [email protected] build script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2022-10-03T19_36_28_284Z-debug.log
The command '/bin/sh -c npm run build' returned a non-zero code: 1
Unable to find image 'medusa_web:latest' locally
docker: Error response from daemon: pull access denied for medusa_web, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
[ + ] redis password change to ---> xxx
[ + ] modify registration required key ---> xxx
[ + ] modify the secret required for forgot password ---> xxx
s2wcn@debian:~/Medusa$ sudo python3 MedusaScan.py -u https://www.ascotbe.com
Traceback (most recent call last):
File "MedusaScan.py", line 3, in
from Modules.Confluence import Confluence
File "/home/s2wcn/Medusa/Modules/Confluence/Confluence.py", line 3, in
from Modules.Confluence import AtlassianConfluencePathTraversalAndCommandExecutionVulnerability
File "/home/s2wcn/Medusa/Modules/Confluence/AtlassianConfluencePathTraversalAndCommandExecutionVulnerability.py", line 5, in
import ClassCongregation
File "/home/s2wcn/Medusa/ClassCongregation.py", line 3, in
from fake_useragent import UserAgent
ModuleNotFoundError: No module named 'fake_useragent'
部署失败
不是完整版的吗
http
系统环境ubuntu18.04
1、使用docker安装,按照文档来,提示Unable to find image 'medusa_web:latest' locally
去dockerhub找了下,没有这个镜像,该如何解决
2、直接http安装,安装步骤来,run.sh执行中爆错,提示80端口已经被占用(服务器新建的服务器,不存在其他任何服务干扰)
无
无
无
您好,我通过手动安装无法安装,只能按照您所提供文档中的docker安装进行,在执行完./install.sh -u xxxx.com -d xxxxxxx.com -s xxxxxx.com此条命令后该去哪里配置文档中所说的dnslog、主站与邮件域名,文档中图片内容无法找到,而且./install.sh执行完毕后并没有看到容器产生,该去哪里运行medusa容器呢
1
No response
s2wcn@debian:~/Medusa$ sudo python3 MedusaScan.py -u https://www.ascotbe.com
Traceback (most recent call last):
File "MedusaScan.py", line 17, in
from Modules.Dubbo import Dubbo
File "/home/s2wcn/Medusa/Modules/Dubbo/Dubbo.py", line 3, in
from Modules.Dubbo import DubboProviderDefaultAntiSequenceVulnerability
File "/home/s2wcn/Medusa/Modules/Dubbo/DubboProviderDefaultAntiSequenceVulnerability.py", line 7, in
from dubbo.codec.hessian2 import new_object
ModuleNotFoundError: No module named 'dubbo'
s2wcn@debian:~/Medusa$ pip3 install dubbo
Collecting dubbo
Could not install packages due to an EnvironmentError: 404 Client Error: Not Found for url: https://pypi.org/simple/dubbo/
./python3.9/bin/python MedusaScan.py -u http://192.168.1.1:9090
[ + ] Use default port detection module
[ + ] Scanning target domain: http://192.168.1.1:9090
[ + ] Scanning across modules: AllMod
[ + ] Medusa scan progress bar: 50%|####4 | 121/244 [00:01<00:01, 70.89it/s]
[ ! ] Scan is complete, please see the ScanResult file
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.