ImportError: No module named asn1

[LordPicard]

Hello there,

I' running CentOS 6 and after reading this and installing all modules that are told here #17 , I still have no idea how to solve this output error:

[root@xxx public_drown_scanner]# python scanner.py www.sapo.pt
Import Error - most likely due to missing pycrypto libraries - disabling crypto functionality
ImportError('cannot import name PKCS1_v1_5',)
Traceback (most recent call last):
File "scanner.py", line 26, in
import ssl_tls_crypto
File "/downloads/public_drown_scanner/scapy-ssl_tls/ssl_tls_crypto.py", line 7, in
from Crypto.Util.asn1 import DerSequence
ImportError: No module named asn1

Any help in this?

Thanks,
LP

[ghost]

Hello,

I am seeing the same issue like above, can someone please help me?
I have installed all the packages mentioned in README and in issue #17

bash-4.1# python scanner.py localhost 443
Import Error - most likely due to missing pycrypto libraries - disabling crypto functionality
ImportError('No module named scapy_ssl_tls',)
Traceback (most recent call last):
File "scanner.py", line 26, in
import ssl_tls_crypto
File "/root/Python-2.7.8/public_drown_scanner/scapy-ssl_tls/ssl_tls_crypto.py", line 7, in
from Crypto.Util.asn1 import DerSequence
ImportError: No module named asn1

bash-4.1# pip install scapy-ssl_tls
Requirement already satisfied (use --upgrade to upgrade): scapy-ssl-tls in /usr/local/lib/python2.7/site-packages
Requirement already satisfied (use --upgrade to upgrade): pycrypto in /usr/local/lib/python2.7/site-packages (from scapy-ssl-tls)
Requirement already satisfied (use --upgrade to upgrade): scapy in /usr/local/lib/python2.7/site-packages (from scapy-ssl-tls)
Requirement already satisfied (use --upgrade to upgrade): tinyec in /usr/local/lib/python2.7/site-packages (from scapy-ssl-tls)
bash-4.1# ls /usr/local/lib/python2.7/site-packages
Crypto enum.py pip pyasn1-0.1.9.dist-info scapy-2.3.2.dist-info setuptools-20.2.2.dist-info wheel-0.29.0.dist-info
easy_install.py enum.pyc pip-8.0.3.dist-info pycrypto-2.6.1.dist-info scapy_ssl_tls tinyec
easy_install.pyc pcapy-0.10.10.dist-info pkg_resources README scapy_ssl_tls-1.2.2.dist-info tinyec-0.3.1.dist-info
enum-0.4.6.dist-info pcapy.so pyasn1 scapy setuptools wheel

Any help will be greatly appreciated.

Thanks
Rohit

[sbonds]

This workaround worked for me. The problem is the older version of python-crypto that comes with CentOS 6. The below assumes you have EPEL set up for additional software.

# yum install python-virtualenv

This installs a helper script that creates standalone python installs which can have modules added or removed without affecting the rest of the system. Sounds like what you need to do, eh?

The rest can (should) be done as non-root.

$ cd
$ virtualenv drown
New python executable in drown/bin/python
Installing Setuptools...done.
Installing Pip...done.
$ cd drown
$ . ./bin/activate
(drown)$ pip install enum pycrypto scapy pyasn1 scapy-ssl_tls
.. compiles a bunch of stuff ..
$ python ../path/to/scanner.py drownattack.com 443
drownattack.com: Case 3b; Connection reset by peer when waiting for server hello
drownattack.com: Server is NOT vulnerable with cipher RC2_128_CBC_EXPORT40_WITH_MD5, Message: 3b: no tls

drownattack.com: Case 3b; Connection reset by peer when waiting for server hello
drownattack.com: Server is NOT vulnerable with cipher RC4_128_EXPORT40_WITH_MD5, Message: 3b: no tls

drownattack.com: Case 3b; Connection reset by peer when waiting for server hello
drownattack.com: Server is NOT vulnerable with cipher RC4_128_WITH_MD5, Message: 3b: no tls

drownattack.com: Case 3b; Connection reset by peer when waiting for server hello
drownattack.com: Server is NOT vulnerable with cipher DES_64_CBC_WITH_MD5, Message: 3b: no tls
(drown)$ deactivate
$ # back to your regular shell

[LordPicard]

Hello there,

With your sugestion I got other module missing.
Here is the output:

Traceback (most recent call last):
File "/downloads/public_drown_scanner/scanner.py", line 4, in
from enum import Enum
ImportError: No module named enum

[sbonds]

Note the "pip" command inside the virtualenv should install enum:

$ pip install enum pycrypto scapy pyasn1 scapy-ssl_tls

[ghost]

Thanks @sbonds it worked for me, however I am seeing below error:

(drown)bash-4.1$ python scanner.py google.com 443
/home/rbagli/drown/lib/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
Testing google.com on port 443
google.com: Case 3d; Server hello did not contain SSLv2
google.com: Server is NOT vulnerable with cipher RC2_128_CBC_EXPORT40_WITH_MD5, Message: 3d: no tls
google.com: Case 3d; Server hello did not contain SSLv2
google.com: Server is NOT vulnerable with cipher RC4_128_EXPORT40_WITH_MD5, Message: 3d: no tls
google.com: Case 3d; Server hello did not contain SSLv2
google.com: Server is NOT vulnerable with cipher RC4_128_WITH_MD5, Message: 3d: no tls
google.com: Case 3d; Server hello did not contain SSLv2
google.com: Server is NOT vulnerable with cipher DES_64_CBC_WITH_MD5, Message: 3d: no tls
(drown)bash-4.1$

[sbonds]

Here's the GMP I'm using and I don't see that warning, even though it's version 4:

$ rpm -q -i gmp
Name        : gmp                          Relocations: (not relocatable)
Version     : 4.3.1                             Vendor: CentOS
Release     : 7.el6_2.2                     Build Date: Wed 07 Mar 2012 11:48:51 AM PST
Install Date: <REDACTED>                    Build Host: c6b18n3.bsys.dev.centos.org
Group       : System Environment/Libraries   Source RPM: gmp-4.3.1-7.el6_2.2.src.rpm
Size        : 657883                           License: LGPLv2+ and  GPLv3+ and LGPLv3+
Signature   : RSA/SHA1, Wed 07 Mar 2012 12:12:46 PM PST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL         : http://gmplib.org/
Summary     : A GNU arbitrary precision library

Since you're using this as a client and aren't sending any sensitive info, I don't see how that warning would be a problem. Still... might want to double check that the source host is fully patched.

[ghost]

okay, alright. Thanks for help @sbonds

[nimia]

Dear Steve,

Thank you so much for helping other users, much appreciated.
I'll reference this issue and your solution from the README file.

best,
Nimrod

[birdjumper]

@sbonds Steve there's a typo in your answer ... 'virtualdev' should be 'virtualenv'

[birdjumper]

@sbonds Steve after that, everything went smoothly ... thanks very much
(my OS: Red Hat Enterprise Linux Server release 6.7 (Santiago))

birdjumper

[nimia]

Edited Steve's answer. Thanks!