Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jul 02 2018 21:04

    MaKyOtOx on master

    Updating RELEASE.md and .gitign… (compare)

p00ki d4t yew?
@jdsec1_twitter
Going to carry on try get my patrowl scans working but will first see if any similar issues were had
p00ki d4t yew?
@jdsec1_twitter

So Im trying to create a new nmap scan to run but it doesnt seem to work - the management interface freezes up and starts loading but never really finishes the request.
I think I have my engines correctly set up ( tested both docker container name in API url & docker container IP: docker-nmap-001 and 172.18.0.7 )
Both the engine lights are green and i assume this means to show its good.

I can communicate with the engine from the patrowl-django container, which you can see here

[root@localhost scripts]# docker exec -it patrowl-django bash
root@d4f2ed7cd604:/opt/patrowl-manager# curl docker-nmap-001:5001/engines/nmap/status
{"page":"status","scanner":{"allowed_asset_types":["ip","domain","fqdn","url","ip-range","ip-subnet"],"description":"Network Scanner","name":"Nmap","options":{"aggressive_scan":{"type":"optional","value":"-T4"},"all_scan":{"type":"optional","value":"-A"},"detect_os":{"type":"optional","value":"-O --osscan-guess --max-os-tries 1"},"detect_service_version":{"type":"optional","value":"-sV"},"hosts":{"type":"required"},"no_dns":{"type":"optional","value":"-n"},"no_ping":{"type":"optional","value":"-Pn"},"perfs":{"type":"optional","value":"--defeat-rst-ratelimit"},"ping_scan":{"type":"optional","value":"-sP"},"ports":{"type":"optional","value":"-p"},"scan_udp":{"type":"optional","value":"-sU --max-retries 3"},"script":{"type":"optional","value":"--script"},"script_args":{"type":"optional","value":"--script-args"},"script_output_fields":{"type":"optional","value":[""]},"script_scan":{"type":"optional","value":"-sC"},"show_open_ports":{"type":"optional","value":"--open"},"slow_scan":{"type":"optional","value":"-T1"},"syn_scan":{"type":"optional","value":"-sS"},"tcp_scan":{"type":"optional","value":"-sT"}},"path":"/usr/bin/nmap","status":"READY","version":"1.0"},"scans":{},"status":"READY"}

in the patrowl-rabbitmq container i listed the queue to see if anything was getting there but it doesnt look that way:
Every 2.0s: rabbitmqctl list_queues | grep nmap 0dc6435c8682: Tue Feb 26 19:44:12 2019 scan-nmap 0 monitor-nmap 0 nmap-node@d4f2ed7cd604.celery.pidbox 0

Im not 100% sure of the flow of things or if im looking in the right place/

Nicolas Mattiocco
@MaKyOtOx
It seems the Manager correctly interact with the Nmap Engine
Which scan policy do you use ?
The rabbitmq output indicates the queues are correctly set but no messages have been sent to them
p00ki d4t yew?
@jdsec1_twitter
in this previous scan: NMAP List open ports (TCP/53,56,80,443,8080)
Ok thats what i figured
Nicolas Mattiocco
@MaKyOtOx
Dumb question: are you sure the Nmap engine is able to contact the targets ?
(I have been tricked more than once ...)
p00ki d4t yew?
@jdsec1_twitter
there's never a dumb quesiton when digging for bugs
let me check
yes - nmap can reach the subnet
so im thinking there is something happening between submission of SCAN request -> and inserting into the NMAP queue
manager -> RMQ -><- NMAP
___^^^
is there anything i should be aware of when trying to debug this locally?
"dev tips" :p
Nicolas Mattiocco
@MaKyOtOx
lol
Set the env variable LOGGING_LEVEL = "INFO,WARNING,ERROR,DEBUG"
when starting the PatrowlManager
Do you use the docker-compose ?
p00ki d4t yew?
@jdsec1_twitter
yeah,
ok so the docker env variable needs to be added?

` environment:

  - DB_PORT_5432_TCP_HOST=db
  - DEBUG=True
  - RABBIT_PORT_5672_TCP=rabbitmq:5672
  - LOGGING_LEVEL = "INFO,WARNING,ERROR,DEBUG"`

im assuming

Nicolas Mattiocco
@MaKyOtOx
Exactly
p00ki d4t yew?
@jdsec1_twitter
thanks
let the testing commence
thanks for the handholding Nicolas
Nicolas Mattiocco
@MaKyOtOx
The next step is to start a new scan and review the "Events" tab in the scan results
other tip (need to be improved): details of error message are displayed in tooltip popups (when you move you cursor on the error)
p00ki d4t yew?
@jdsec1_twitter

aargh had to readd my engine after upping my cotainers - and when i went back to edit the engine .. manager froze again...
patrowl-django | <ul class="errorlist"><li>title<ul class="errorlist"><li>This field is required.</li></ul></li><li>engine_policy<ul class="errorlist"><li>This field is required.</li></ul></li><li>scan_type<ul class="errorlist"><li>This field is required.</li></ul></li></ul> patrowl-django | <ul class="errorlist"><li>title<ul class="errorlist"><li>This field is required.</li></ul></li><li>engine_policy<ul class="errorlist"><li>This field is required.</li></ul></li><li>scan_type<ul class="errorlist"><li>This field is required.</li></ul></li></ul> patrowl-rabbitmq | 2019-02-26 20:05:09.016 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-rabbitmq | 2019-02-26 20:09:49.011 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-rabbitmq | 2019-02-26 20:14:29.012 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-rabbitmq | 2019-02-26 20:19:09.008 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-rabbitmq | 2019-02-26 20:23:49.013 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-rabbitmq | 2019-02-26 20:28:29.017 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-rabbitmq | 2019-02-26 20:33:09.015 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-django | [2019-02-26 20:34:14 +0000] [54] [CRITICAL] WORKER TIMEOUT (pid:58) patrowl-django | [2019-02-26 21:34:14 +0000] [58] [INFO] Worker exiting (pid: 58) patrowl-django | [2019-02-26 20:34:15 +0000] [219] [INFO] Booting worker with pid: 219

are these MQ dropped messages normal?
lager_error_logger_h dropped 9 messages in the last second

FO] Worker exiting (pid: 58) . was from my request never finishing..

almost seems like there is a bottleneck with the manager - Would putting nginx infront of the manager as a reverse proxy maybe help with the requests, sessions management and connection caching? https://www.nginx.com/blog/maximizing-python-performance-with-nginx-parti-web-serving-and-caching/ .

BTW
Where would I see this "EVENTS" tab?

In scan results

p00ki d4t yew?
@jdsec1_twitter
weird -overlooked nginxs existance
Nicolas Mattiocco
@MaKyOtOx
image.png
There for example
p00ki d4t yew?
@jdsec1_twitter
thanks
theking750156
@theking750156
hello guys ,
did someone test to deploy patrowl on azure ? using a webapp for container ?
i'm trying to do it, not that easy
Jean Lien
@vuln3rs_gitlab
hello guys, did someone tried to deploy patrowl on an offline environment. I tried two different ways but they both failed. The first try was to pull the image from a local registry and then build the image -> when the volume "web" is built, it fail because it try to connect to registry-1.docker.io. The second try was to pull the image from an other system and save it to load it in my offline environment. It fails because it can't connect postgres, i don't know why . Do you have an idea to help me ?
Nicolas Mattiocco
@MaKyOtOx
Hi @vuln3rs_gitlab, for offline deployment using Docker images, several options are possible:
1/ download the GitHub repos and build the docker images
2/ synchronize your local registry with all required images: patrowl/patrowl-manager-community-edition, rabbitmq:3-alpine, postgres:11-alpine and nginx
Jean Lien
@vuln3rs_gitlab
Hi @MaKyOtOx . Thanks for your reply. I will try adding all the required images in my local registry. Now, I have just patrowl and postgres, but it's not the good version.
Nicolas Mattiocco
@MaKyOtOx
Keep us updated :)
Jean Lien
@vuln3rs_gitlab
;)
Jean Lien
@vuln3rs_gitlab
I solved my problem. Thanks. Now, I just have to configure the patrowl engines. Let's read the doc :)
Nicolas Mattiocco
@MaKyOtOx
What was the root causes ? and how did you solve it ? Thanks :)
htsec2019
@htsec2019
Hi any one recently configured patrowl with nessus?, namp seems to be working however other engines like nessus Arachni etc not working, tried both centos 7.6 and ubuntu
xytnba
@xytnba
@htsec2019 I have the same problem now. Have you solved it?
xytnba
@xytnba
@htsec2019 Could you share the method of configuring namp in patrowl? Here is too little sources to learn it that how edit the configured file in patrowl?
Nicolas Mattiocco
@MaKyOtOx
Hi all, could you please give us more details, share error messages and screenshots ?
MinhNamNguyen
@MinhNamNguyen
Hi
When i try to start all engines using the script " start-engines.sh", i got an error
"scripts/start-engines.sh: line 22: env/bin/python No such file or directory"
Do you know how i can resolve this problem?
Thank you
ArnoLille
@ArnoLille
HI, I just start PatrowlManager and PatrowlEngine NMAP,My goal is to scan one IP.. I created an asset (value 10.70.30.23/ Type IP), Add and nmap engine (Funct. Status Enabled Oper.State Ready)
ArnoLille
@ArnoLille
My scan fail with bad scanner status: ERROR, someone know how to investigate this error?
franruiz
@franruiz
Anyone alive? I'm trying to use v1.1.0 of Manager and 1.0.0 of Engines after trying several times with the latest version from Github with no luck.
With those versions I'm not able to make Engines go into Available State. Even though they are indeed ALIVE when querying them through HTTP or through the Info button on Manager. Absolute fresh install without any modifications. I indeed see permanent status requests onto one example engine -NMAP- but still they is not going available onto the Manager and thus it's not executing scans; it just enqueues them.
Screenshot from 2019-08-27 14-24-14.png
Screenshot from 2019-08-27 14-24-28.png
no further errors onto Manager's console or NMAP engine's one