[GH-ISSUE #36] add insecure flag for addresses with certificate issues #4

New issue

Closed

opened 2026-03-02 04:07:46 +03:00 by kerem · 3 comments

kerem commented 2026-03-02 04:07:46 +03:00

Owner

Copy link

Originally created by @Splinters-io on GitHub (Dec 20, 2025).
Original GitHub issue: https://github.com/gadievron/raptor/issues/36

Just taking Raptor for a spin! very cool, Claude (code) pointed out it couldnt progress due to unsigned certs, so it went ahead and write an --insecure fix for it, is this enough ?

Add --insecure flag to skip SSL certificate verification

Problem

Web scanner fails on targets with self-signed or invalid SSL certificates:
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain'))

Solution

Add --insecure / -k flag (like curl) to skip SSL verification.

Changes

packages/web/client.py

-    def __init__(self, base_url: str, timeout: int = 30, rate_limit: float = 0.5):
+    def __init__(self, base_url: str, timeout: int = 30, rate_limit: float = 0.5, verify_ssl: bool = True):
         self.base_url = base_url.rstrip('/')
         self.timeout = timeout
         self.rate_limit = rate_limit  # Seconds between requests
         self.last_request_time = 0.0
+        self.verify_ssl = verify_ssl

         # Session for cookie management
         self.session = requests.Session()
+        self.session.verify = verify_ssl
         self.session.headers.update({
             'User-Agent': 'RAPTOR Security Scanner (Authorized Testing)',
         })

packages/web/scanner.py
-    def __init__(self, base_url: str, llm: LLMProvider, out_dir: Path):
+    def __init__(self, base_url: str, llm: LLMProvider, out_dir: Path, verify_ssl: bool = True):
         ...
-        self.client = WebClient(base_url)
+        self.client = WebClient(base_url, verify_ssl=verify_ssl)

     parser.add_argument("--max-pages", type=int, default=50, help="Maximum pages to crawl (default: 50)")
+    parser.add_argument("--insecure", "-k", action="store_true", help="Skip SSL certificate verification")

     # Run scan
-    scanner = WebScanner(args.url, llm, out_dir)
+    verify_ssl = not args.insecure
+    if args.insecure:
+        import urllib3
+        urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+        logger.warning("SSL certificate verification disabled")
+    scanner = WebScanner(args.url, llm, out_dir, verify_ssl=verify_ssl)

Usage

python3 raptor.py web --url https://self-signed.example.com --insecure
python3 raptor.py web --url https://internal-server.local -k

Originally created by @Splinters-io on GitHub (Dec 20, 2025). Original GitHub issue: https://github.com/gadievron/raptor/issues/36 Just taking Raptor for a spin! very cool, Claude (code) pointed out it couldnt progress due to unsigned certs, so it went ahead and write an --insecure fix for it, is this enough ? ## Add `--insecure` flag to skip SSL certificate verification ### Problem Web scanner fails on targets with self-signed or invalid SSL certificates: SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain')) ### Solution Add `--insecure` / `-k` flag (like curl) to skip SSL verification. ### Changes **packages/web/client.py** ```diff - def __init__(self, base_url: str, timeout: int = 30, rate_limit: float = 0.5): + def __init__(self, base_url: str, timeout: int = 30, rate_limit: float = 0.5, verify_ssl: bool = True): self.base_url = base_url.rstrip('/') self.timeout = timeout self.rate_limit = rate_limit # Seconds between requests self.last_request_time = 0.0 + self.verify_ssl = verify_ssl # Session for cookie management self.session = requests.Session() + self.session.verify = verify_ssl self.session.headers.update({ 'User-Agent': 'RAPTOR Security Scanner (Authorized Testing)', }) packages/web/scanner.py - def __init__(self, base_url: str, llm: LLMProvider, out_dir: Path): + def __init__(self, base_url: str, llm: LLMProvider, out_dir: Path, verify_ssl: bool = True): ... - self.client = WebClient(base_url) + self.client = WebClient(base_url, verify_ssl=verify_ssl) parser.add_argument("--max-pages", type=int, default=50, help="Maximum pages to crawl (default: 50)") + parser.add_argument("--insecure", "-k", action="store_true", help="Skip SSL certificate verification") # Run scan - scanner = WebScanner(args.url, llm, out_dir) + verify_ssl = not args.insecure + if args.insecure: + import urllib3 + urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + logger.warning("SSL certificate verification disabled") + scanner = WebScanner(args.url, llm, out_dir, verify_ssl=verify_ssl) Usage python3 raptor.py web --url https://self-signed.example.com --insecure python3 raptor.py web --url https://internal-server.local -k

kerem closed this issue 2026-03-02 04:07:46 +03:00

kerem commented 2026-03-02 04:07:47 +03:00

Author

Owner

Copy link

@danielcuthbert commented on GitHub (Dec 20, 2025):

Bloody security, always getting in the way! yup solid fix, thank you for this. Fancy making a PR?

<!-- gh-comment-id:3677954012 --> @danielcuthbert commented on GitHub (Dec 20, 2025): Bloody security, always getting in the way! yup solid fix, thank you for this. Fancy making a PR?

kerem commented 2026-03-02 04:07:47 +03:00

Author

Owner

Copy link

@Splinters-io commented on GitHub (Dec 20, 2025):

Will do :)Sent from my iPhoneOn 20 Dec 2025, at 16:52, Daniel Cuthbert @.***> wrote:danielcuthbert left a comment (gadievron/raptor#36)
Bloody security, always getting in the way! yup solid fix, thank you for this. Fancy making a PR?

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>

<!-- gh-comment-id:3677957791 --> @Splinters-io commented on GitHub (Dec 20, 2025): Will do :)Sent from my iPhoneOn 20 Dec 2025, at 16:52, Daniel Cuthbert ***@***.***> wrote:danielcuthbert left a comment (gadievron/raptor#36) Bloody security, always getting in the way! yup solid fix, thank you for this. Fancy making a PR? —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>

kerem commented 2026-03-02 04:07:47 +03:00

Author

Owner

Copy link

@danielcuthbert commented on GitHub (Jan 29, 2026):

all done and added. thanks

<!-- gh-comment-id:3817051980 --> @danielcuthbert commented on GitHub (Jan 29, 2026): all done and added. thanks

kerem referenced this issue 2026-03-02 04:07:47 +03:00

[GH-ISSUE #42] Add defensive handling for LLM sanitizer responses #9

kerem referenced this issue 2026-03-02 04:07:52 +03:00

[PR #4] [MERGED] Added the crash-analysis documentation #18

kerem referenced this issue 2026-03-02 04:08:00 +03:00

[PR #33] [MERGED] Replace individual LLM providers with unified LiteLLM integration (All Cursor bot bugs fixed) #43

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

sage_integration

feature/agentic-understand-validate

feature/release-workflow

feature/semgrep-offline-rules

feature/dockerfile-bookworm-fixes

hardware-phun

v3.0.0

Labels

Clear labels   

bug

  

enhancement

  

enhancement

  

good first issue

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

bug

enhancement

enhancement

good first issue

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/raptor#4

No description provided.