-n option fails

[mlodic]

Hey buffer, how you doing? :)

While I was updating the Thug integration in IntelOwl, I encountered this error while running thug in this way:

/usr/local/bin/thug -qZF -n "/opt/deploy/thug/23" -T 300 -u winxpie60 www.test.it

Traceback (most recent call last):
  File "/usr/local/bin/thug", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/usr/local/lib/python3.11/site-packages/thug/thug.py", line 534, in main
    Thug(args)()
  File "/usr/local/lib/python3.11/site-packages/thug/ThugAPI/ThugAPI.py", line 134, in __call__
    self.analyze()
  File "/usr/local/lib/python3.11/site-packages/thug/thug.py", line 72, in analyze
    m(arg_value)
  File "/usr/local/lib/python3.11/site-packages/thug/ThugAPI/ThugAPI.py", line 363, in set_log_dir
    log.ThugLogging.set_absbasedir(logdir)
    ^^^^^^^^^^^^^^^
AttributeError: 'Logger' object has no attribute 'ThugLogging'

I noticed that this error is triggered only while using the option -n for custom logging.
Maybe you could help finding a fast solution.

Thank you in advance :)

PS: I am using the last Docker Image thughoneyclient/thug:v6.11

[Antelox]

FYI #398

[buffer]

Fixed by #398. Thanks @Antelox

[mlodic]

ty! I'll wait for the next release to integrate the fixed version in IntelOwl. :)

[mlodic]

I would like to reopen the issue this because I tried with the most recent version via Docker and I noticed that, by running the same command as before, the -n option does work properly but no analysis folder, with the related JSON file, is generated.

Then I tried without the -n option and I found the same problem. I think it affects all the analysis via CLI as of now.

[Antelox]

Hi @mlodic, can you share full logs please? In verbose mode even better. Thanks!

[mlodic]

No error is triggered. I noticed that due to the fact that IntelOwl tries extract the JSON output file from the disk but it did not find it. So I manually checked inside the output folder and found no analysis folder.

Example without the -n flag:

root@cacb1e0e33ad:/tmp# thug -ZFv "https://www.google.it"
[2025-02-21 08:28:51] [window open redirection] about:blank -> https://www.google.it
[2025-02-21 08:28:51] [HTTP] URL: https://www.google.it (Status: 200,  Referer: None)
[2025-02-21 08:28:51] [Certificate] <redacted>
[2025-02-21 08:28:51] [HTTP] URL: https://www.google.it/ (Content-type: text/html; charset=UTF-8, MD5: b67255e988c7cf036e32a93f126bbff6)
[2025-02-21 08:28:51] ActiveXObject: microsoft.xmlhttp
[2025-02-21 08:28:51] <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
[2025-02-21 08:28:51] <meta content="/logos/doodles/2025/celebrating-the-rise-of-the-half-moon-feb-6753651837110610.4-l.png" itemprop="image"/>
[2025-02-21 08:28:51] <meta content="Il sorgere della Mezza Luna" property="twitter:title"/>
[2025-02-21 08:28:51] <meta content="Il sorgere della Mezza Luna! #GoogleDoodle" property="twitter:description"/>
[2025-02-21 08:28:51] <meta content="Il sorgere della Mezza Luna! #GoogleDoodle" property="og:description"/>
[2025-02-21 08:28:51] <meta content="summary_large_image" property="twitter:card"/>
[2025-02-21 08:28:51] <meta content="@GoogleDoodles" property="twitter:site"/>
[2025-02-21 08:28:51] <meta content="https://www.google.com/logos/doodles/2025/celebrating-the-rise-of-the-half-moon-feb-6753651837110610.2-2xa.gif" property="twitter:image"/>
[2025-02-21 08:28:51] <meta content="https://www.google.com/logos/doodles/2025/celebrating-the-rise-of-the-half-moon-feb-6753651837110610.2-2xa.gif" property="og:image"/>
[2025-02-21 08:28:51] <meta content="1000" property="og:image:width"/>
[2025-02-21 08:28:51] <meta content="400" property="og:image:height"/>
[2025-02-21 08:28:51] <meta content="https://www.google.com/logos/doodles/2025/celebrating-the-rise-of-the-half-moon-feb-6753651837110610.2-2xa.gif" property="og:url"/>
[2025-02-21 08:28:51] <meta content="video.other" property="og:type"/>
[2025-02-21 08:28:51] <style>#gbar,#guser{font-size:13px;padding-top:1px !important;}#gbar{height:22px}#guser{padding-bottom:7px !important;text-align:right}.gbh,.gbd{border-top:1px solid #c9d7f1;font-size:1px}.gbh{height:0;position:absolute;top:24px;width:100%}@media all{.gb1{height:22px;margin-right:.5em;vertical-align:top}#gbar{float:left}}a.gb1,a.gb4{text-decoration:underline !important}a.gb1,a.gb4{color:#00c !important}.gbi .gb4{color:#dd8e27 !important}.gbf .gb4{color:#900 !important}
</style>
[2025-02-21 08:28:51] <style>body,td,a,p,.h{font-family:sans-serif}body{background:#fff;color:#000;margin:0}#gog{padding:3px 10px 0}td{line-height:.8em}.gac_m td{line-height:17px}form{margin-bottom:20px}.h{color:#1967d2}.lst{height:32px}.lst{margin-bottom:.2em;padding:4px 5px 0 5px;vertical-align:bottom;width:496px;font:17px sans-serif}.lst:focus{outline:none}.lsb{border:1px solid;border-color:#dadce0 #70757a #70757a #dadce0;height:1.85em !important;font:15px sans-serif;vertical-align:top}.lsb:active{background:#dadce0}em{font-weight:bold;font-style:normal}input{font-family:inherit}a{color:#681da8;text-decoration:none}a:hover,a:active{text-decoration:underline}.fl a{color:#1967d2}a:visited{color:#681da8}td.fl a{font-size:11px}</style>
[2025-02-21 08:28:51] <a class="gb1" href="https://www.google.it/imghp?hl=it&amp;tab=wi">Immagini</a>
[2025-02-21 08:28:51] <a class="gb1" href="https://maps.google.it/maps?hl=it&amp;tab=wl">Maps</a>
[2025-02-21 08:28:51] <a class="gb1" href="https://play.google.com/?hl=it&amp;tab=w8">Play</a>
[2025-02-21 08:28:51] <a class="gb1" href="https://www.youtube.com/?tab=w1">YouTube</a>
[2025-02-21 08:28:51] <a class="gb1" href="https://news.google.com/?tab=wn">News</a>
[2025-02-21 08:28:51] <a class="gb1" href="https://mail.google.com/mail/?tab=wm">Gmail</a>
[2025-02-21 08:28:51] <a class="gb1" href="https://drive.google.com/?tab=wo">Drive</a>
[2025-02-21 08:28:51] <a class="gb1" href="https://www.google.it/intl/it/about/products?tab=wh" style="text-decoration:none"><u>Altro</u> »</a>
[2025-02-21 08:28:51] <a class="gb4" href="http://www.google.it/history/optout?hl=it">Cronologia web</a>
[2025-02-21 08:28:51] <a class="gb4" href="/preferences?hl=it">Impostazioni</a>
[2025-02-21 08:28:51] <a class="gb4" href="https://accounts.google.com/ServiceLogin?hl=it&amp;passive=true&amp;continue=https://www.google.it/&amp;ec=GAZAAQ" id="gb_70" target="_top">Accedi</a>
[2025-02-21 08:28:51] <a href="/search?sca_esv=be29cc62fc8e0244&amp;q=fasi+lunari&amp;oi=ddle&amp;ct=376116041&amp;hl=it&amp;sa=X&amp;ved=0ahUKEwig8IO-rNSLAxUT8rsIHcbtJCgQPQgC"><img alt="Il sorgere della Mezza Luna" border="0" height="200" id="hplogo" src="/logos/doodles/2025/celebrating-the-rise-of-the-half-moon-feb-6753651837110610.4-l.png" title="Il sorgere della Mezza Luna" width="500"/></a>
[2025-02-21 08:28:51] <img alt="Il sorgere della Mezza Luna" border="0" height="200" id="hplogo" src="/logos/doodles/2025/celebrating-the-rise-of-the-half-moon-feb-6753651837110610.4-l.png" title="Il sorgere della Mezza Luna" width="500"/>
[2025-02-21 08:28:51] [Navigator URL Translation] /logos/doodles/2025/celebrating-the-rise-of-the-half-moon-feb-6753651837110610.4-l.png --> https://www.google.it/logos/doodles/2025/celebrating-the-rise-of-the-half-moon-feb-6753651837110610.4-l.png
[2025-02-21 08:28:51] [img redirection] https://www.google.it/ -> https://www.google.it/logos/doodles/2025/celebrating-the-rise-of-the-half-moon-feb-6753651837110610.4-l.png
[2025-02-21 08:28:51] [HTTP] URL: https://www.google.it/logos/doodles/2025/celebrating-the-rise-of-the-half-moon-feb-6753651837110610.4-l.png (Status: 200,  Referer: https://www.google.it)
[2025-02-21 08:28:51] <a href="/advanced_search?hl=it&amp;authuser=0">Ricerca avanzata</a>
[2025-02-21 08:28:51] <style>#gws-output-pages-elements-homepage_additional_languages__als{font-size:small;margin-bottom:24px}#SIvCob{color:#474747;display:inline-block;line-height:28px;}#SIvCob a{padding:0 3px;}.H6sW5{display:inline-block;margin:0 2px;white-space:nowrap}.z4hgWe{display:inline-block;margin:0 2px}</style>
[2025-02-21 08:28:51] <a href="https://www.google.it/setprefs?sig=0_SXO2u2KCn79UzgTl61OX6K-cWUk%3D&amp;hl=en&amp;source=homepage&amp;sa=X&amp;ved=0ahUKEwig8IO-rNSLAxUT8rsIHcbtJCgQ2ZgBCAQ">English</a>
[2025-02-21 08:28:51] <a href="/intl/it/ads/">Pubblicità</a>
[2025-02-21 08:28:51] <a href="http://www.google.it/intl/it/services/">Soluzioni aziendali</a>
[2025-02-21 08:28:51] <a href="/intl/it/about.html">Informazioni su Google</a>
[2025-02-21 08:28:51] <a href="https://www.google.it/setprefdomain?prefdom=US&amp;sig=K_fP4Zc_uU3Mr68_I-ny-h06KJzG4%3D" id="fehl">Google.com</a>
[2025-02-21 08:28:51] <a href="/intl/it/policies/privacy/">Privacy</a>
[2025-02-21 08:28:51] <a href="/intl/it/policies/terms/">Termini</a>
[2025-02-21 08:28:51] Thug analysis logs saved at /tmp/thug-logs/ea04c58c55735444b93e2c8b4e8a736a/20250221082851
root@cacb1e0e33ad:/tmp# cd /tmp/thug-logs/ea04c58c55735444b93e2c8b4e8a736a/20250221082851
root@cacb1e0e33ad:/tmp/thug-logs/ea04c58c55735444b93e2c8b4e8a736a/20250221082851# ls
text

Only the text folder is available. In more complex cases like "www.repubblica.it" there are also the application, image and unknown folder but never the analysis one.

With the option -n enabled the result does not change, it just changes the output directory as it should.

Hope this helps.

[buffer]

@mlodic just submitted the PR [1]. Can you give it a try and confirm it fixes the issue on your side as well? Thanks!

[1] #399

[mlodic]

Currently I don't have a local environment of thug cause I am leveraging the Docker build which install to the pypi package. So I am not sure how to properly replicate and test this change in IntelOwl or to build a custom thug image.
If you pin a release candidate tag I can leverage it easier but I understand that this could not the best method. Any suggestion is appreciated.