From 77483700457f5a7f6cdf5c56a300f3f4c58345ab Mon Sep 17 00:00:00 2001 From: Bharath Date: Fri, 27 Sep 2024 12:19:52 +0530 Subject: [PATCH 1/8] Updated subfinder: 2.6.3 to 2.6.6 --- Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9130e72..7dab84a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,6 +8,7 @@ RUN apt-get update --fix-missing && apt install git -y # Setup work directory WORKDIR /home/mantis + # Install amass RUN echo "Installing Amass" RUN wget https://github.com/owasp-amass/amass/releases/download/v4.1.0/amass_Linux_amd64.zip @@ -15,10 +16,10 @@ RUN unzip amass_Linux_amd64.zip RUN mv amass_Linux_amd64/amass /usr/bin RUN rm -rf * -# Install subfinder +# Install subfinder RUN echo "Installing subfinder" -RUN wget https://github.com/projectdiscovery/subfinder/releases/download/v2.6.3/subfinder_2.6.3_linux_amd64.zip -RUN unzip subfinder_2.6.3_linux_amd64.zip +RUN wget https://github.com/projectdiscovery/subfinder/releases/download/v2.6.6/subfinder_2.6.6_linux_amd64.zip +RUN unzip subfinder_2.6.6_linux_amd64.zip RUN mv subfinder /usr/bin RUN rm -rf * From c0148b974c814575a2d34133defe1589cb454e15 Mon Sep 17 00:00:00 2001 From: Bharath Date: Fri, 27 Sep 2024 12:30:20 +0530 Subject: [PATCH 2/8] Removed puredns --- Dockerfile | 7 ------- 1 file changed, 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7dab84a..625dcc0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,13 +23,6 @@ RUN unzip subfinder_2.6.6_linux_amd64.zip RUN mv subfinder /usr/bin RUN rm -rf * -# Install Puredns -RUN echo "Installing Puredns" -RUN wget https://github.com/d3mondev/puredns/releases/download/v2.1.1/puredns-Linux-amd64.tgz -RUN tar -xvf puredns-Linux-amd64.tgz -RUN mv puredns /usr/bin -RUN rm -rf * - # Install HTTPX RUN echo "Installing HTTPX" RUN wget https://github.com/projectdiscovery/httpx/releases/download/v1.3.7/httpx_1.3.7_linux_amd64.zip From 096bc2d05d2cef9c379843871536b86e0c59f28f Mon Sep 17 00:00:00 2001 From: Bharath Date: Fri, 27 Sep 2024 13:54:35 +0530 Subject: [PATCH 3/8] Updated ipinfo: 3.1.2 to 3.3.1 --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 625dcc0..a3074cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,9 +36,9 @@ RUN pip install git+https://github.com/cisagov/findcdn.git # Install Ipinfo RUN echo "Installing Ipinfo" -RUN wget https://github.com/ipinfo/cli/releases/download/ipinfo-3.1.2/ipinfo_3.1.2_linux_amd64.tar.gz -RUN tar -xvf ipinfo_3.1.2_linux_amd64.tar.gz -RUN mv ipinfo_3.1.2_linux_amd64 ipinfo +RUN wget https://github.com/ipinfo/cli/releases/download/ipinfo-3.3.1/ipinfo_3.3.1_linux_amd64.tar.gz +RUN tar -xvf ipinfo_3.3.1_linux_amd64.tar.gz +RUN mv ipinfo_3.3.1_linux_amd64 ipinfo RUN mv ipinfo /usr/bin RUN rm -rf * From 691906f7f9691817cc933f281097ef7e5e8c47c6 Mon Sep 17 00:00:00 2001 From: Bharath Date: Fri, 27 Sep 2024 16:19:30 +0530 Subject: [PATCH 4/8] Updated Python packages as per Github security advisories --- requirements.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements.txt b/requirements.txt index 0304023..1c28c32 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,8 +1,8 @@ decorator==5.1.1 -motor==3.0.0 +motor==3.6.0 netaddr==0.8.0 -pydantic==1.10.2 -pymongo==4.2.0 +pydantic==1.10.13 +pymongo==4.9.1 PyYAML==6.0 typing_extensions==4.4.0 validators==0.20.0 @@ -13,5 +13,5 @@ retry==0.9.2 slack-sdk==3.21.3 rocketry==2.5.1 boto3==1.28.20 -tqdm==4.66.1 -cloudflare \ No newline at end of file +tqdm==4.66.5 +cloudflare From 97cf5a810b16d8014ded31cd342967a5dbffc9fd Mon Sep 17 00:00:00 2001 From: Bharath Date: Thu, 3 Oct 2024 16:11:31 +0530 Subject: [PATCH 5/8] Removed Amass --- Dockerfile | 7 ------ mantis/modules/discovery/Amass.py | 41 ------------------------------- 2 files changed, 48 deletions(-) delete mode 100644 mantis/modules/discovery/Amass.py diff --git a/Dockerfile b/Dockerfile index a3074cc..5691a0f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,13 +9,6 @@ RUN apt-get update --fix-missing && apt install git -y # Setup work directory WORKDIR /home/mantis -# Install amass -RUN echo "Installing Amass" -RUN wget https://github.com/owasp-amass/amass/releases/download/v4.1.0/amass_Linux_amd64.zip -RUN unzip amass_Linux_amd64.zip -RUN mv amass_Linux_amd64/amass /usr/bin -RUN rm -rf * - # Install subfinder RUN echo "Installing subfinder" RUN wget https://github.com/projectdiscovery/subfinder/releases/download/v2.6.6/subfinder_2.6.6_linux_amd64.zip diff --git a/mantis/modules/discovery/Amass.py b/mantis/modules/discovery/Amass.py deleted file mode 100644 index 10a427c..0000000 --- a/mantis/modules/discovery/Amass.py +++ /dev/null @@ -1,41 +0,0 @@ - -from mantis.models.args_model import ArgsModel -from mantis.utils.tool_utils import get_assets_grouped_by_type -from mantis.tool_base_classes.toolScanner import ToolScanner -from mantis.constants import ASSET_TYPE_SUBDOMAIN -from mantis.utils.crud_utils import CrudUtils -from mantis.constants import ASSET_TYPE_TLD - -''' -The Amass module enumerates subdomain of the TLDs which are fetched from database. -Output file: .txt separated by new line. -Each subdomain discovered is inserted into the database as a new asset. -''' - -class Amass(ToolScanner): - - def __init__(self) -> None: - super().__init__() - - async def get_commands(self, args: ArgsModel): - self.org = args.org - self.base_command = 'amass enum -passive -d {input_domain} -o {output_file_path}' - self.outfile_extension = ".txt" - self.assets = await get_assets_grouped_by_type(self, args, ASSET_TYPE_TLD) - return super().base_get_commands(self.assets) - - def parse_report(self, outfile): - output_dict_list = [] - amass_output = open(outfile).readlines() - for domain in amass_output: - domain_dict = {} - domain_dict['_id'] = domain.rstrip('\n') - domain_dict['asset'] = domain.rstrip('\n') - domain_dict['asset_type'] = ASSET_TYPE_SUBDOMAIN - domain_dict['org'] = self.org - output_dict_list.append(domain_dict) - - return output_dict_list - - async def db_operations(self, tool_output_dict, asset=None): - await CrudUtils.insert_assets(tool_output_dict) From c3cbd9e8bc07c5d71ba1f640c2c01a0954da8afa Mon Sep 17 00:00:00 2001 From: Bharath Date: Thu, 3 Oct 2024 16:16:12 +0530 Subject: [PATCH 6/8] Removed Amass: updated local.yml --- configs/local.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configs/local.yml b/configs/local.yml index d9f2c00..4bb05be 100644 --- a/configs/local.yml +++ b/configs/local.yml @@ -6,7 +6,7 @@ workflow: cmd: [] workflowConfig: - moduleName : discovery - tools: ['Subfinder', 'Amass'] + tools: ['Subfinder'] order: 1 - moduleName: prerecon tools: ['FindCDN', 'Naabu'] @@ -34,7 +34,7 @@ workflow: tools: ['Route53', 'Cloudflare'] order: 1 - moduleName : discovery - tools: ['Subfinder', 'SSLMate', 'Amass'] + tools: ['Subfinder', 'SSLMate'] order: 1 - moduleName: prerecon tools: ['FindCDN', 'Naabu', 'IPinfo'] @@ -58,7 +58,7 @@ workflow: cmd: [] workflowConfig: - moduleName : discovery - tools: ['Subfinder', 'Amass'] + tools: ['Subfinder'] order: 1 - moduleName: prerecon tools: ['FindCDN', 'Naabu'] From ef4d9882ff5be316dedfc8fa6befb4f2a61230fb Mon Sep 17 00:00:00 2001 From: Bharath Date: Thu, 3 Oct 2024 17:53:18 +0530 Subject: [PATCH 7/8] Updated httpx: 1.3.7 to 1.6.8 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5691a0f..b131ecd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,8 +18,8 @@ RUN rm -rf * # Install HTTPX RUN echo "Installing HTTPX" -RUN wget https://github.com/projectdiscovery/httpx/releases/download/v1.3.7/httpx_1.3.7_linux_amd64.zip -RUN unzip httpx_1.3.7_linux_amd64.zip +RUN wget https://github.com/projectdiscovery/httpx/releases/download/v1.6.8/httpx_1.6.8_linux_amd64.zip +RUN unzip httpx_1.6.8_linux_amd64.zip RUN mv httpx /usr/bin RUN rm -rf * From 8e5f3fef7875de905c39b8429cf47a006ff24cd6 Mon Sep 17 00:00:00 2001 From: Bharath Date: Thu, 3 Oct 2024 18:53:47 +0530 Subject: [PATCH 8/8] Updated Nuclei: 3.0.4 to 3.3.4 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index b131ecd..bec0c46 100644 --- a/Dockerfile +++ b/Dockerfile @@ -44,8 +44,8 @@ RUN rm -rf * # Install nuclei RUN echo "Installing nuclei" -RUN wget https://github.com/projectdiscovery/nuclei/releases/download/v3.0.4/nuclei_3.0.4_linux_amd64.zip -RUN unzip nuclei_3.0.4_linux_amd64.zip +RUN wget https://github.com/projectdiscovery/nuclei/releases/download/v3.3.4/nuclei_3.3.4_linux_amd64.zip +RUN unzip nuclei_3.3.4_linux_amd64.zip RUN mv nuclei /usr/bin RUN rm -rf *