Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trouble with installation on windows #88

Closed
iamyuthan opened this issue Jul 20, 2023 · 2 comments
Closed

Trouble with installation on windows #88

iamyuthan opened this issue Jul 20, 2023 · 2 comments
Labels
documentation Improvements or additions to documentation question Further information is requested

Comments

@iamyuthan
Copy link

I find difficulty in installing and using the package in Windows machine, please refer to the below command history for reference.

`
C:\Users\test\Downloads\badsecrets-main\badsecrets\examples>pip install badsecrets
Collecting badsecrets
Downloading badsecrets-0.3.375-py3-none-any.whl (1.6 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.6/1.6 MB 34.7 MB/s eta 0:00:00
Collecting Django<5.0.0,>=4.1.2
Downloading Django-4.2.3-py3-none-any.whl (8.0 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 8.0/8.0 MB 57.0 MB/s eta 0:00:00
Collecting requests<3.0.0,>=2.28.1
Downloading requests-2.31.0-py3-none-any.whl (62 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 62.6/62.6 kB 3.5 MB/s eta 0:00:00
Collecting viewstate<0.6.0,>=0.5.3
Downloading viewstate-0.5.3.tar.gz (8.4 kB)
Preparing metadata (setup.py) ... done
Collecting pycryptodome<4.0.0,>=3.15.0
Downloading pycryptodome-3.18.0-cp35-abi3-win_amd64.whl (1.7 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.7/1.7 MB 37.5 MB/s eta 0:00:00
Collecting pytest<8.0.0,>=7.1.3
Downloading pytest-7.4.0-py3-none-any.whl (323 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 323.6/323.6 kB 19.6 MB/s eta 0:00:00
Collecting colorama<0.5.0,>=0.4.6
Downloading colorama-0.4.6-py2.py3-none-any.whl (25 kB)
Collecting pyjwt[crypto]<3.0.0,>=2.6.0
Downloading PyJWT-2.8.0-py3-none-any.whl (22 kB)
Collecting flask-unsign<2.0.0,>=1.2.0
Downloading flask-unsign-1.2.0.tar.gz (14 kB)
Preparing metadata (setup.py) ... done
Collecting asgiref<4,>=3.6.0
Downloading asgiref-3.7.2-py3-none-any.whl (24 kB)
Collecting tzdata
Downloading tzdata-2023.3-py2.py3-none-any.whl (341 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 341.8/341.8 kB ? eta 0:00:00
Collecting sqlparse>=0.3.1
Downloading sqlparse-0.4.4-py3-none-any.whl (41 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 41.2/41.2 kB 1.9 MB/s eta 0:00:00
Collecting flask
Downloading Flask-2.3.2-py3-none-any.whl (96 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 96.9/96.9 kB ? eta 0:00:00
Collecting itsdangerous
Downloading itsdangerous-2.1.2-py3-none-any.whl (15 kB)
Collecting markupsafe
Downloading MarkupSafe-2.1.3-cp310-cp310-win_amd64.whl (17 kB)
Collecting werkzeug
Downloading Werkzeug-2.3.6-py3-none-any.whl (242 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 242.5/242.5 kB ? eta 0:00:00
Collecting cryptography>=3.4.0
Downloading cryptography-41.0.2-cp37-abi3-win_amd64.whl (2.6 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.6/2.6 MB 42.2 MB/s eta 0:00:00
Collecting tomli>=1.0.0
Downloading tomli-2.0.1-py3-none-any.whl (12 kB)
Collecting exceptiongroup>=1.0.0rc8
Downloading exceptiongroup-1.1.2-py3-none-any.whl (14 kB)
Collecting pluggy<2.0,>=0.12
Downloading pluggy-1.2.0-py3-none-any.whl (17 kB)
Collecting packaging
Downloading packaging-23.1-py3-none-any.whl (48 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 48.9/48.9 kB 2.4 MB/s eta 0:00:00
Collecting iniconfig
Downloading iniconfig-2.0.0-py3-none-any.whl (5.9 kB)
Collecting idna<4,>=2.5
Downloading idna-3.4-py3-none-any.whl (61 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 61.5/61.5 kB ? eta 0:00:00
Collecting urllib3<3,>=1.21.1
Downloading urllib3-2.0.4-py3-none-any.whl (123 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 123.9/123.9 kB ? eta 0:00:00
Collecting charset-normalizer<4,>=2
Downloading charset_normalizer-3.2.0-cp310-cp310-win_amd64.whl (96 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 96.9/96.9 kB 5.4 MB/s eta 0:00:00
Collecting certifi>=2017.4.17
Downloading certifi-2023.5.7-py3-none-any.whl (156 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 157.0/157.0 kB 9.2 MB/s eta 0:00:00
Collecting typing-extensions>=4
Downloading typing_extensions-4.7.1-py3-none-any.whl (33 kB)
Collecting cffi>=1.12
Downloading cffi-1.15.1-cp310-cp310-win_amd64.whl (179 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 179.1/179.1 kB 10.6 MB/s eta 0:00:00
Collecting blinker>=1.6.2
Downloading blinker-1.6.2-py3-none-any.whl (13 kB)
Collecting click>=8.1.3
Downloading click-8.1.6-py3-none-any.whl (97 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 97.9/97.9 kB ? eta 0:00:00
Collecting Jinja2>=3.1.2
Downloading Jinja2-3.1.2-py3-none-any.whl (133 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 133.1/133.1 kB ? eta 0:00:00
Collecting pycparser
Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 kB ? eta 0:00:00
Installing collected packages: viewstate, urllib3, tzdata, typing-extensions, tomli, sqlparse, pyjwt, pycryptodome, pycparser, pluggy, packaging, markupsafe, itsdangerous, iniconfig, idna, exceptiongroup, colorama, charset-normalizer, certifi, blinker, werkzeug, requests, pytest, Jinja2, click, cffi, asgiref, flask, Django, cryptography, flask-unsign, badsecrets
DEPRECATION: viewstate is being installed using the legacy 'setup.py install' method, because it does not have a 'pyproject.toml' and the 'wheel' package is not installed. pip 23.1 will enforce this behaviour change. A possible replacement is to enable the '--use-pep517' option. Discussion can be found at pypa/pip#8559
Running setup.py install for viewstate ... done
WARNING: The script sqlformat.exe is installed in 'C:\Users\test\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\Scripts' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
WARNING: The script normalizer.exe is installed in 'C:\Users\test\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\Scripts' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
WARNING: The scripts py.test.exe and pytest.exe are installed in 'C:\Users\test\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\Scripts' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
WARNING: The script flask.exe is installed in 'C:\Users\test\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\Scripts' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
WARNING: The script django-admin.exe is installed in 'C:\Users\test\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\Scripts' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
DEPRECATION: flask-unsign is being installed using the legacy 'setup.py install' method, because it does not have a 'pyproject.toml' and the 'wheel' package is not installed. pip 23.1 will enforce this behaviour change. A possible replacement is to enable the '--use-pep517' option. Discussion can be found at pypa/pip#8559
Running setup.py install for flask-unsign ... done
WARNING: The script badsecrets.exe is installed in 'C:\Users\test\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\Scripts' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed Django-4.2.3 Jinja2-3.1.2 asgiref-3.7.2 badsecrets-0.3.375 blinker-1.6.2 certifi-2023.5.7 cffi-1.15.1 charset-normalizer-3.2.0 click-8.1.6 colorama-0.4.6 cryptography-41.0.2 exceptiongroup-1.1.2 flask-2.3.2 flask-unsign-1.2.0 idna-3.4 iniconfig-2.0.0 itsdangerous-2.1.2 markupsafe-2.1.3 packaging-23.1 pluggy-1.2.0 pycparser-2.21 pycryptodome-3.18.0 pyjwt-2.8.0 pytest-7.4.0 requests-2.31.0 sqlparse-0.4.4 tomli-2.0.1 typing-extensions-4.7.1 tzdata-2023.3 urllib3-2.0.4 viewstate-0.5.3 werkzeug-2.3.6

[notice] A new release of pip is available: 23.0.1 -> 23.2
[notice] To update, run: C:\Users\test\AppData\Local\Microsoft\WindowsApps\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\python.exe -m pip install --upgrade pip

C:\Users\test\Downloads\badsecrets-main\badsecrets\examples>badsecrets eyJhbGciOiJIUzI1NiJ9.eyJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkJhZFNlY3JldHMiLCJleHAiOjE1OTMxMzM0ODMsImlhdCI6MTQ2NjkwMzA4M30.ovqRikAo_0kKJ0GVrAwQlezymxrLGjcEiW_s3UJMMCo
'badsecrets' is not recognized as an internal or external command,
operable program or batch file.
`

@liquidsec
Copy link
Collaborator

liquidsec commented Jul 20, 2023

I have decided not to officially support Windows since doing so with so many dependencies could be a bit of a nightmare..

That being said, there are a couple things you can try.

  1. Try manually running the CLI rather than using the pip entry point. So you would CD into the badsecrets root directory and run cli.py like this:
python ./badsecrets/examples/cli.py eyJhbGciOiJIUzI1NiJ9.eyJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkJhZFNlY3JldHMiLCJleHAiOjE1OTMxMzM0ODMsImlhdCI6MTQ2NjkwMzA4M30.ovqRikAo_0kKJ0GVrAwQlezymxrLGjcEiW_s3UJMMCo
  1. If you still have issues with packages, I have included support for poetry. So after installing poetry, you can cd into the main badsecrets directory and do a poetry install, and then run either run from inside the poetry env by doing poetry shell or do poetry run ./badsecrets/examples/cli.py.

Beyond that, I would suggest using docker. I am planning on adding an official docker image and including instructions in the readme. But until then, lukewegryn has created one and you can find his instructions in the issue he opened: #81

@liquidsec liquidsec added documentation Improvements or additions to documentation question Further information is requested labels Jul 21, 2023
@iamyuthan
Copy link
Author

I have decided not to officially support Windows since doing so with so many dependencies could be a bit of a nightmare..

That being said, there are a couple things you can try.

1. Try manually running the CLI rather than using the pip entry point. So you would CD into the badsecrets root directory and run cli.py like this:
python ./badsecrets/examples/cli.py eyJhbGciOiJIUzI1NiJ9.eyJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkJhZFNlY3JldHMiLCJleHAiOjE1OTMxMzM0ODMsImlhdCI6MTQ2NjkwMzA4M30.ovqRikAo_0kKJ0GVrAwQlezymxrLGjcEiW_s3UJMMCo
2. If you still have issues with packages, I have included support for poetry. So after installing poetry, you can cd into the main badsecrets directory and do a `poetry install`, and then run either run from inside the poetry env by doing `poetry shell` or do `poetry run ./badsecrets/examples/cli.py`.

Beyond that, I would suggest using docker. I am planning on adding an official docker image and including instructions in the readme. But until then, lukewegryn has created one and you can find his instructions in the issue he opened: #81

Thanks, I will give them a try and will keep you posted. This is an amazing tool which saves our time during pentest.

@liquidsec liquidsec closed this as not planned Won't fix, can't repro, duplicate, stale Jan 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants