2018-07-21 00:04 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0004505Kali Linux[All Projects] Kali Package Bugpublic2018-02-20 16:50
Reportercohst 
Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
Product Version2017.3 
Target VersionFixed in Version2018.2 
Summary0004505: arachni doesn't run with using sudo anymore
DescriptionWhen I call arachni from console, and run it against an URL using sudo privileges it stop with initializing Browsers. The Browser spawn processes are not loaded.

When running it without sudo privileges, it works normal, but of course the most plugins and checks are not used then.

I have not installed any further or custom plugins to arachni and it worked over 6 month in the past without any Problems.

I hope you can help.
Attached Files
  • txt file icon arachni Log v. Scan 30.01.2018.txt (11,048 bytes) 2018-01-30 19:13 -
    cohst@kali-linux:~$ sudo arachni http://192.168.1.6/twiki --http-request-concurrency=1 --timeout=00:10:00 --output-debug=4
    [sudo] password for cohst:
    Arachni - Web Application Security Scanner Framework v1.5.1
       Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
    
               (With the support of the community and the Arachni Team.)
    
       Website:       http://arachni-scanner.com
       Documentation: http://arachni-scanner.com/wiki
    
    
     [~] No checks were specified, loading all.
     [~] No element audit options were specified, will audit links, forms, cookies, UI inputs, UI forms, JSONs and XMLs.
    
     [*] Initializing...
     [*] Preparing plugins...
     [*] ... done.
     [*] BrowserCluster: Initializing 6 browsers...
     [2018-01-30 20:03:55 +0100 - 0.0] [!!] [browser#start_webdriver:1336] Worker: Starting WebDriver...
     [2018-01-30 20:03:55 +0100 - 0.0] [!] [browser#spawn_phantomjs:1227] Worker: Spawning PhantomJS...
     [2018-01-30 20:03:55 +0100 - 0.0] [!] [browser#start_proxy:1318] Worker: Booting up...
     [2018-01-30 20:03:55 +0100 - 0.0] [!!] [browser#start_proxy:1320] Worker: Starting proxy...
     [2018-01-30 20:03:55 +0100 - 0.0] [!!] [http/proxy_server#start_async:61] ProxyServer: Starting...
     [2018-01-30 20:03:56 +0100 - 0.1] [!!] [http/proxy_server#start_async:78] ProxyServer: ...started at: http://127.0.0.1:37756
     [2018-01-30 20:03:56 +0100 - 0.1] [!!] [browser#start_proxy:1332] Worker: ... started proxy at: http://127.0.0.1:37756
     [2018-01-30 20:03:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1242] Worker: Attempt #0, chose port number 24113
     [2018-01-30 20:03:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1246] Worker: Spawning process: /usr/bin/phantomjs
     [2018-01-30 20:03:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1267] Worker: Process spawned, waiting for WebDriver server...
     [2018-01-30 20:04:56 +0100 - 60.1] [!] [browser#spawn_phantomjs:1285] Worker: Spawn timed-out.
     [2018-01-30 20:04:56 +0100 - 60.0] [!!] [browser#spawn_phantomjs:1289] Worker: 1151: Started
    PID: 1154
    1151: EOF
    1151: Exiting
    
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1297] Worker: Killing process.
     [2018-01-30 20:04:56 +0100 - 0.0] [!] [browser_cluster/worker#shutdown:162] Worker: Shutting down (wait: true) ...
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:175] Worker: Waiting for done signal...
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:171] Worker: Signaling done.
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:179] Worker: ...done.
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:181] Worker: Waiting for kill check...
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:183] Worker: ...done.
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:191] Worker: Calling parent shutdown...
     [2018-01-30 20:04:56 +0100 - 0.0] [!] [browser#shutdown:378] Worker: Shutting down...
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#shutdown:380] Worker: Killing process.
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#shutdown:389] Worker: Shutting down proxy...
     [2018-01-30 20:04:56 +0100 - 60.0] [!!] [http/proxy_server#shutdown:95] ProxyServer: Shutting down...
     [2018-01-30 20:04:56 +0100 - 0.0] [!!!] [http/proxy_server/connection#on_close:221] Connection: Closed because: [NilClass]
     [2018-01-30 20:04:56 +0100 - 0.1] [!!] [http/proxy_server#shutdown:102] ProxyServer: ...shutdown.
     [2018-01-30 20:04:56 +0100 - 0.1] [!!] [browser#shutdown:391] Worker: ...done.
     [2018-01-30 20:04:56 +0100 - 0.1] [!] [browser#shutdown:401] Worker: ...shutdown complete.
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:193] Worker: ...done.
     [2018-01-30 20:04:56 +0100 - 0.0] [!] [browser_cluster/worker#shutdown:195] Worker: ...shutdown complete.
     [2018-01-30 20:04:56 +0100 - 0.0] [!] [browser#start_proxy:1318] Worker: Booting up...
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#start_proxy:1320] Worker: Starting proxy...
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [http/proxy_server#start_async:61] ProxyServer: Starting...
     [2018-01-30 20:04:56 +0100 - 0.1] [!!] [http/proxy_server#start_async:78] ProxyServer: ...started at: http://127.0.0.1:4821
     [2018-01-30 20:04:56 +0100 - 0.1] [!!] [browser#start_proxy:1332] Worker: ... started proxy at: http://127.0.0.1:4821
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1242] Worker: Attempt #1, chose port number 33914
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1246] Worker: Spawning process: /usr/bin/phantomjs
     [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1267] Worker: Process spawned, waiting for WebDriver server...
     [2018-01-30 20:05:56 +0100 - 60.2] [!] [browser#spawn_phantomjs:1285] Worker: Spawn timed-out.
     [2018-01-30 20:05:56 +0100 - 60.0] [!!] [browser#spawn_phantomjs:1289] Worker: 1164: Started
    PID: 1167
    1164: EOF
    1164: Exiting
    
     [2018-01-30 20:05:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1297] Worker: Killing process.
     [2018-01-30 20:05:56 +0100 - 0.0] [!] [browser#start_proxy:1318] Worker: Booting up...
     [2018-01-30 20:05:56 +0100 - 0.0] [!!] [browser#start_proxy:1320] Worker: Starting proxy...
     [2018-01-30 20:05:56 +0100 - 0.0] [!!] [http/proxy_server#start_async:61] ProxyServer: Starting...
     [2018-01-30 20:05:56 +0100 - 0.1] [!!] [http/proxy_server#start_async:78] ProxyServer: ...started at: http://127.0.0.1:27815
     [2018-01-30 20:05:56 +0100 - 0.1] [!!] [browser#start_proxy:1332] Worker: ... started proxy at: http://127.0.0.1:27815
     [2018-01-30 20:05:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1242] Worker: Attempt #2, chose port number 43013
     [2018-01-30 20:05:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1246] Worker: Spawning process: /usr/bin/phantomjs
     [2018-01-30 20:05:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1267] Worker: Process spawned, waiting for WebDriver server...
                                                                                     
                                                                                                     
                                                                                                                                                                                                                                                                                               
                                                                                                                                                                                  [~] Processed 0/0 HTTP requests.
     [~] -- 0.0 requests/second.
     [~] Processed 0/0 browser jobs.
     [~] -- 0.0 second/job.                                                                          
     [~] Burst response time sum     0.0 seconds                                                      
     [~] Burst average response time 0.0 seconds                                                     
     [~] Timed-out requests          0                                                               
     [~] Throttled max concurrency   1                                                               
     [~] Status: Scanning                                                                             
     [~]
     [~] Hit:
     [~]   'Enter' to go back to status messages.
     [~] Results thus far:
    
     [~] 0 issues have been detected.
    
    
    
     [~] Audited 0 page snapshots.
    
     [~] Duration: 00:02:51
     [~] Processed 0/0 HTTP requests.
     [~] -- 0.0 requests/second.
     [~] Processed 0/0 browser jobs.
     [~] -- 0.0 second/job.
    
     [~] Burst response time sum     0.0 seconds
     [~] Burst response count        0
     [~] Burst average response time 0.0 seconds
     [~] Burst average               0.0 requests/second
     [~] Timed-out requests          0
     [~] Original max concurrency    1
     [~] Throttled max concurrency   1
    
     [~] Status: Scanning
     [~]   Initialising the browser cluster.
     [~]
     [~] Hit:
     [~]   'Enter' to go back to status messages.
     [~]   'p' to pause the scan.
     [~]   'a' to abort the scan.
     [~]   's' to suspend the scan to disk.
     [~]   'g' to generate a report.
     [~]   'v' to enable verbose messages.
     [~]   'd' to enable debugging messages.
               (You can set it to the desired level by sending d[1-4], current level is 0).
    
    
       [*] Aborting...
     [~] Please wait while the system cleans up.
    
    
    ================================================================================
    
    
     [+] Web Application Security Report - Arachni Framework
    
     [~] Report generated on: 2018-01-30 20:06:47 +0100
     [~] Report false positives at: http://github.com/Arachni/arachni/issues
    
     [+] System settings:
     [~] ---------------
     [~] Version:           1.5.1
     [~] Seed:              59ca4b1d69a67474953fd162a178442c
     [~] Audit started on:  2018-01-30 20:03:54 +0100
     [~] Audit finished on: 2018-01-30 20:06:47 +0100
     [~] Runtime:           00:02:52
    
     [~] URL:        http://192.168.1.6/twiki
     [~] User agent: Arachni/v1.5.1
    
     [*] Audited elements:
     [~] * Links
     [~] * Forms
     [~] * Cookies
     [~] * XMLs
     [~] * JSONs
     [~] * UI inputs
     [~] * UI forms
    
     [*] Checks: sql_injection_differential, ldap_injection, response_splitting, file_inclusion, rfi, unvalidated_redirect, xxe, unvalidated_redirect_dom, xss_event, sql_injection_timing, source_code_disclosure, code_injection_php_input_wrapper, xss, xss_script_context, os_cmd_injection_timing, session_fixation, os_cmd_injection, xss_tag, xss_dom, path_traversal, csrf, xpath_injection, no_sql_injection_differential, xss_dom_script_context, no_sql_injection, xss_path, code_injection_timing, trainer, code_injection, sql_injection, insecure_cookies, hsts, captcha, x_frame_options, mixed_resource, cookie_set_for_parent_domain, emails, credit_card, cvs_svn_users, http_only_cookies, html_objects, ssn, form_upload, insecure_cors_policy, unencrypted_password_forms, private_ip, password_autocomplete, xst, http_put, allowed_methods, interesting_responses, backup_directories, common_directories, insecure_client_access_policy, common_admin_interfaces, htaccess_limit, backup_files, common_files, directory_listing, webdav, localstart_asp, insecure_cross_domain_policy_headers, backdoors, insecure_cross_domain_policy_access, origin_spoof_access_restriction_bypass
    
     [~] ===========================
    
     [+] 0 issues were detected.
    
    
     [~] Report saved at: /usr/share/arachni/bin/192.168.1.6 2018-01-30 20_06_47 +0100.afr [0.0MB]
    
     [~] Audited 0 page snapshots.
    
     [~] Duration: 00:02:53
     [~] Processed 0/0 HTTP requests.
     [~] -- 0.0 requests/second.
     [~] Processed 0/0 browser jobs.
     [~] -- 0.0 second/job.
    
     [~] Burst response time sum     0.0 seconds
     [~] Burst response count        0
     [~] Burst average response time 0.0 seconds
     [~] Burst average               0.0 requests/second
     [~] Timed-out requests          0
     [~] Original max concurrency    1
     [~] Throttled max concurrency   1
    
    cohst@kali-linux:~$
    txt file icon arachni Log v. Scan 30.01.2018.txt (11,048 bytes) 2018-01-30 19:13 +

-Relationships
+Relationships

-Notes

~0008534

sbrun (manager)

I don't reproduce this issue.
You should provide more informations (use option
--output-debug=4)

Maybe it's related to issue 3931 (see the notes).

~0008585

cohst (reporter)

Hello,

I have run arachni with your requested option now. See the output log attached.

Regards

~0008696

sbrun (manager)

Fixed in new version 1.5.1-0kali2
(related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817277)
+Notes

-Issue History
Date Modified Username Field Change
2018-01-28 16:07 cohst New Issue
2018-01-29 16:25 sbrun Status new => feedback
2018-01-29 16:25 sbrun Note Added: 0008534
2018-01-30 19:13 cohst File Added: arachni Log v. Scan 30.01.2018.txt
2018-01-30 19:13 cohst Note Added: 0008585
2018-01-30 19:13 cohst Status feedback => new
2018-02-20 16:50 sbrun Status new => resolved
2018-02-20 16:50 sbrun Resolution open => fixed
2018-02-20 16:50 sbrun Fixed in Version => 2018.2
2018-02-20 16:50 sbrun Note Added: 0008696
+Issue History