Screnshot/Wappalyzer issue introduced in 1.6.0/1.6.1 #1707

WesSec · 2024-05-20T08:42:01Z

httpx version: 1.6.0/1.6.1 (docker)

Current Behavior:

When adding the -ss/-screenshot argument, a go wappalyzer error is shown. By downgrading to 1.5.0 this issue is gone, indicating this is a newly introduced issue

Expected Behavior:

The program running without error

Steps To Reproduce:

docker run --rm projectdiscovery/httpx:v1.6.1 -u google.com -fr -screenshot
Error shown:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x129b632]

goroutine 101 [running]:
github.com/projectdiscovery/wappalyzergo.(*Wappalyze).checkHeaders(...)
        /go/pkg/mod/github.com/projectdiscovery/wappalyzergo@v0.1.0/fingerprint_headers.go:10
github.com/projectdiscovery/wappalyzergo.(*Wappalyze).Fingerprint(0x0, 0x40855ee3f7aa84c9?, {0xc0042a2000, 0x4a5fb, 0x4c000})
        /go/pkg/mod/github.com/projectdiscovery/wappalyzergo@v0.1.0/tech.go:57 +0x92
github.com/projectdiscovery/wappalyzergo.(*Wappalyze).FingerprintWithInfo(0x0, 0xc003df8000?, {0xc0042a2000?, 0x26c70?, 0x26c70?})
        /go/pkg/mod/github.com/projectdiscovery/wappalyzergo@v0.1.0/tech.go:172 +0x32
github.com/projectdiscovery/httpx/runner.(*Runner).analyze(_, _, {_, _}, {{0xc0026b4280, 0xa}, {0x0, 0x0}, {0x0, 0x0}}, ...)
        /app/runner/runner.go:2007 +0x809a
github.com/projectdiscovery/httpx/runner.(*Runner).process.func1({{0xc0026b4280, 0xa}, {0x0, 0x0}, {0x0, 0x0}}, {0x15f9edf?, 0x3?}, {0x1627192, 0xa})
        /app/runner/runner.go:1196 +0x12a
created by github.com/projectdiscovery/httpx/runner.(*Runner).process in goroutine 1
        /app/runner/runner.go:1194 +0x87a

Running the older version:

docker run --rm projectdiscovery/httpx:v1.5.0 -u google.com -fr -screenshot
httpx exists without error

the issue does not pop up without the screenshot argument, indicating that it's related.

Anything else:

Weird behavior is that even when pulling the v1.6.1, it shows that the current version is 1.6.0 (and is outdated, see screenshot). The image pulled is cleary 1.6.1, this could be a forgotten version bump as i observe the same behavior when executing the binary without docker

The text was updated successfully, but these errors were encountered:

BlackNurse · 2024-05-21T08:31:08Z

By specifying the -td alongside -ss, it works as I thought.

Without -td:

With -td:

Came here after reviewing all the code changes from 1.6.0-1.6.1, saw the missing version bump and the expected -tech-detect(when doing screenshot) in 1699 I assume.

ehsandeep · 2024-05-28T09:15:48Z

this is now fixed in latest release.

WesSec added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label May 20, 2024

ehsandeep assigned Ice3man543 May 20, 2024

dogancanbakir assigned dogancanbakir and unassigned Ice3man543 May 23, 2024

dogancanbakir mentioned this issue May 23, 2024

fix nil deref #1719

Merged

Mzack9999 linked a pull request May 23, 2024 that will close this issue

fix nil deref #1719

Merged

Mzack9999 added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label May 23, 2024

ehsandeep closed this as completed May 28, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Screnshot/Wappalyzer issue introduced in 1.6.0/1.6.1 #1707

Screnshot/Wappalyzer issue introduced in 1.6.0/1.6.1 #1707

WesSec commented May 20, 2024 •

edited

BlackNurse commented May 21, 2024 •

edited

ehsandeep commented May 28, 2024

Screnshot/Wappalyzer issue introduced in 1.6.0/1.6.1 #1707

Screnshot/Wappalyzer issue introduced in 1.6.0/1.6.1 #1707

Comments

WesSec commented May 20, 2024 • edited

httpx version: 1.6.0/1.6.1 (docker)

Current Behavior:

Expected Behavior:

Steps To Reproduce:

Anything else:

BlackNurse commented May 21, 2024 • edited

ehsandeep commented May 28, 2024

WesSec commented May 20, 2024 •

edited

BlackNurse commented May 21, 2024 •

edited