Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Mar 06 21:55

    santiagolizardo on master

    Add document preview component (compare)

  • Mar 06 21:37

    santiagolizardo on master

    Remove use of container->get fr… Refactor exporter class Refactor importers code (compare)

  • Mar 04 23:45

    santiagolizardo on master

    Remove line that floods the logs (compare)

  • Mar 04 22:55

    santiagolizardo on master

    Remove unused constant Bump POST max body size (compare)

  • Mar 04 22:09
    Travis Reconmap/rest-api (master) passed (299)
  • Mar 04 22:01

    santiagolizardo on master

    Add permissions list (compare)

  • Mar 04 21:55

    santiagolizardo on master

    Use permissions from server (compare)

  • Mar 04 20:28

    santiagolizardo on master

    Fix isuse on project notes tab (compare)

  • Mar 03 23:05
    Travis Reconmap/rest-api (master) errored (298)
  • Mar 03 23:04

    santiagolizardo on master

    Add test for the DeleteQueryBui… (compare)

  • Mar 03 22:39

    santiagolizardo on master

    Add Nessus scanner (compare)

  • Mar 03 22:27

    santiagolizardo on master

    Add solution field to vulnerabi… (compare)

  • Mar 03 18:37

    santiagolizardo on master

    Use constructor DI in more clas… Use more DI Upgrade deps and 1 more (compare)

  • Mar 03 16:49

    santiagolizardo on master

    Upgrade dependencies Add new documents section (compare)

  • Mar 02 22:39
    santiagolizardo opened #74
  • Mar 02 22:39

    santiagolizardo on snyk-upgrade-1191c6115c01bd2d8963c529bfc210d6

    fix: upgrade react-dropzone fro… (compare)

  • Mar 02 22:39

    santiagolizardo on snyk-upgrade-1191c6115c01bd2d8963c529bfc210d6

    (compare)

  • Mar 02 22:39
    santiagolizardo opened #73
  • Mar 02 22:39

    santiagolizardo on snyk-upgrade-fdeabae255e7c512584ac10c9782e2b1

    fix: upgrade recharts from 2.0.… (compare)

  • Mar 02 22:39

    santiagolizardo on snyk-upgrade-fdeabae255e7c512584ac10c9782e2b1

    (compare)

Santiago Lizardo
@santiagolizardo
I just added a makefile target to do the db migration :
make db-migrate MIGRATE_FROM_VERSION=0.7.0 MIGRATE_TO_VERSION=0.7.5
Essentially what it does is to run this SQL script:
DROP TABLE IF EXISTS note;
CREATE TABLE note
(
    id          INT UNSIGNED                      NOT NULL AUTO_INCREMENT,
    insert_ts   TIMESTAMP                         NOT NULL DEFAULT CURRENT_TIMESTAMP,
    user_id     INT UNSIGNED                      NOT NULL REFERENCES user,
    parent_type ENUM ('project', 'vulnerability') NOT NULL,
    parent_id   INT UNSIGNED                      NOT NULL,
    visibility  ENUM ('private', 'public')        NOT NULL DEFAULT 'private',
    content     TEXT                              NOT NULL,

    PRIMARY KEY (id),
    INDEX (parent_type, parent_id)
) ENGINE = InnoDB;

ALTER TABLE task
    RENAME COLUMN description TO command,
    RENAME COLUMN parser TO command_parser,
    ADD COLUMN description VARCHAR(2000);
(from database/migrations/changes0.7.0-0.7.5.sql)
Laser Guy
@laserguy1231_gitlab
awesome, worked thanks
Santiago Lizardo
@santiagolizardo
:+1:
chelchelchong
@chelchelchong
Hi, currently I've been trying out ReconMap on my ubuntu VM. Currently I am only able to access the ReconMap, when using localhost:3001. Is there any ways I can do this to allow others to access via a public URL?
chelchelchong
@chelchelchong

Hi, currently I've been trying out ReconMap on my ubuntu VM. Currently I am only able to access the ReconMap, when using localhost:3001. Is there any ways I can do this to allow others to access via a public URL?

Currently running the api-backend, creating an environment to access the web client, as it doesn't seem to work for me if I were to run both api-backend and web-client. The web-client upon running the command "make start", it produces <error Couldn't find a package.json file in "/var/www/webapp">

Santiago Lizardo
@santiagolizardo
Hi @chelchelchong ; Thanks for trying our tool!
The easiest ways to let people outside your network connect are:
1) To put API and Web client on a cloud server (eg Digital Ocean, 5USD/month, AWS or similars) This is how the demo server is setup
2) To subscribe to reconmap.com to have your own (chelchelchong.reconmap.com or similar). This is a more expensive option but comes with better support, hosting, backup and other things included.
The package.json comes from this repo: https://github.com/reconmap/web-client. Have you cloned both API and Web clients on different directories?
You don't need to clone the frontend if you are only planning to run it (compared to develop it)
As a user is simpler to create the environment.js and run the container
Santiago Lizardo
@santiagolizardo
docker run --rm -d -p 3001:80 \
    -v "$PWD/environment.js:/usr/share/nginx/html/environment.js" \
    --name rmap-web-client quay.io/reconmap/web-client:master
chelchelchong
@chelchelchong

The package.json comes from this repo: https://github.com/reconmap/web-client. Have you cloned both API and Web clients on different directories?

I see, currently i cloned both API and Web Client into the same directory, do I have to place them in 2 separate directories?

image.png
chelchelchong
@chelchelchong

The package.json comes from this repo: https://github.com/reconmap/web-client. Have you cloned both API and Web clients on different directories?

I see, currently i cloned both API and Web Client into the same directory, do I have to place them in 2 separate directories?

I've tried to clone the API and Web Client in different directories, and run them, but when running the Web Client, the same error occurs

Jamie
@Ned-Flanders

Hi, I'm having some issues getting reconmap to work. On the api side when I do make start, I don't get any errors but if I curl/visit http://localhost:8080 I get a 403 forbidden, could this be something to do with permissions?
I also get the same error as @chelchelchong when trying to start the web client, I tried to run the command you mentioned @santiagolizardo but that errored as I don't have an environment.js in /usr/share/nginx/html/, am I supposed to copy the environment.local.js and rename it?

Apologies if it's something obvious I just couldn't find anyone else experiencing these errors and couldn't find any documentation on it

chelchelchong
@chelchelchong
@Ned-Flanders when i try to curl/visit http://localhost:8080 i get 405 method not allowed 😩
Jamie
@Ned-Flanders
Sounds like we're both having issues, did you get that through running make, make start after pulling the git repo?
chelchelchong
@chelchelchong
@Ned-Flanders i ran both make and make start for the api-backend git repo, the error occured after “make start” command
Santiago Lizardo
@santiagolizardo
Hi @chelchelchong ; Sorry to read you are having problems. The 405 response code was a problem in the API router that I fixed here Reconmap/rest-api@e76ff26
A healthy API should return 404 to curl http://localhost:8080 and 403 for example to curl http://localhost:8080/tasks.
Have a look at the logs/application.log file to see if there are any errors logged there
Santiago Lizardo
@santiagolizardo
Hi @Ned-Flanders ! You shouldn't get a 403 when curling http://localhost:8080. It should return 405 (old code) or 404 with the latest commit I made to fix the router. Have a look at the logs/application.log file to see if there is any clue in there.
Santiago Lizardo
@santiagolizardo

In regards to the missing package.json, not sure what the problem could be... are you running this on Macos/Linux or Windows?
Also, you don't need to clone the web-client. Probably easier if you just start the frontend with this command:

docker run --rm -d -p 3001:80 \
    -v "$PWD/environment.js:/usr/share/nginx/html/environment.js" \
    --name rmap-web-client quay.io/reconmap/web-client:master

The only requirement is to have an environment.js file in the directory from where you are running this command

In any case, don't hesitate to ask more questions. Happy to help as much as I possibly can
dst-mx559
@dst-mx559
excited to use reconmap thanks Santiago :)
Jamie
@Ned-Flanders
Thanks for the help @santiagolizardo, it's all up and running now!
Jamie
@Ned-Flanders
Hi again @santiagolizardo, I'm just wondering how do I process nessus XML documents? When I try to use import data it gives me an error "Network error
Please check connectivity with the API.". I can see Nessus is on the integrations list, but I can't see any command for it
Jamie
@Ned-Flanders
Does anyone know how to process nessus files?
Santiago Lizardo
@santiagolizardo
Hi @Ned-Flanders ; Sorry, I just noticed your previous message.
Some integrations have not been made public yet, but considering you are asking for it I 'll make it public Today
You would need to pull the new changes once I push them to Github
Jamie
@Ned-Flanders
Hi @santiagolizardo No problem! If you could that would be great, I'm hoping to get Nessus integrated into reconmap since Nessus has put any kind of dashboard behind a paywall
Santiago Lizardo
@santiagolizardo
That's the code pushed @Ned-Flanders . Let me know if everything works fine on your side and if you need any additional parsers.
Jamie
@Ned-Flanders
Hi @santiagolizardo, thanks for pushing those changes. I've downloaded pulled the changes and checked I've got the new files, I also rebuilt the docker containers. I'm sure it's updated as the test vulnerabilities are gone now (I didn't delete them) but I'm having similar issues to before where I'm getting the "Network error
Please check connectivity with the API." when trying to use import data and I can't see any commands for nessus. Would you be able to help?
Santiago Lizardo
@santiagolizardo
Sure @Ned-Flanders ; Check the logs in logs/application.log
Also check for any error messages in the response from the API from the browser
(open chrome dev tools and look for any 500 status codes or similars)
Santiago Lizardo
@santiagolizardo
Do you still have the config.json ? which sections do you have in there?
It needs to be similar to https://github.com/Reconmap/rest-api/blob/master/config-template.json
Jamie
@Ned-Flanders

Thank you for the quick response, the logs/application.log is just showing this

[2021-03-04T19:28:01.925029+00:00] cron.DEBUG: Running queue processor {"class":"Reconmap\Tasks\EmailTaskProcessor"} []
[2021-03-04T19:28:01.925604+00:00] cron.DEBUG: Running queue processor {"class":"Reconmap\Tasks\TaskResultProcessor"} []
[2021-03-04T19:29:02.152991+00:00] cron.DEBUG: Running queue processor {"class":"Reconmap\Tasks\EmailTaskProcessor"} []
[2021-03-04T19:29:02.153762+00:00] cron.DEBUG: Running queue processor {"class":"Reconmap\Tasks\TaskResultProcessor"} []

I'm also getting a "413 Request Entity Too Large" when trying to import the .nessus file, could that be that the file is too big?

My config.json is exactly the same as the template there
Jamie
@Ned-Flanders
@santiagolizardo sorry forgot to tag you
Santiago Lizardo
@santiagolizardo
Hi @Ned-Flanders ; That's surely the file size. How big it is?
Jamie
@Ned-Flanders
Hi @santiagolizardo, the nessus file I'm using is 2.1mb
Is there a file size limit?
Santiago Lizardo
@santiagolizardo
There is one by default on the docker images, I just bumped it to 20mb for the POST body size
Reconmap/rest-api@a95dc19
Santiago Lizardo
@santiagolizardo
If you pull the latest changes (both API and Web client) things should work.