0004505: arachni doesn't run with using sudo anymore - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0004505	Kali Linux	Kali Package Bug	public	2018-01-28 16:07	2018-02-20 16:50

Reporter	cohst	Assigned To
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	resolved	Resolution	fixed
Product Version	2017.3
Fixed in Version	2018.2

Summary	0004505: arachni doesn't run with using sudo anymore
Description	When I call arachni from console, and run it against an URL using sudo privileges it stop with initializing Browsers. The Browser spawn processes are not loaded. When running it without sudo privileges, it works normal, but of course the most plugins and checks are not used then. I have not installed any further or custom plugins to arachni and it worked over 6 month in the past without any Problems. I hope you can help.
Attached Files

sbrun 2018-01-29 16:25 manager ~0008534	I don't reproduce this issue. You should provide more informations (use option --output-debug=4) Maybe it's related to issue 3931 (see the notes).

cohst 2018-01-30 19:13 reporter ~0008585	Hello, I have run arachni with your requested option now. See the output log attached. Regards arachni Log v. Scan 30.01.2018.txt (11,048 bytes) cohst@kali-linux:~$ sudo arachni http://192.168.1.6/twiki --http-request-concurrency=1 --timeout=00:10:00 --output-debug=4 [sudo] password for cohst: Arachni - Web Application Security Scanner Framework v1.5.1 Author: Tasos "Zapotek" Laskos <[email protected]> (With the support of the community and the Arachni Team.) Website: http://arachni-scanner.com Documentation: http://arachni-scanner.com/wiki [~] No checks were specified, loading all. [~] No element audit options were specified, will audit links, forms, cookies, UI inputs, UI forms, JSONs and XMLs. [] Initializing... [] Preparing plugins... [] ... done. [] BrowserCluster: Initializing 6 browsers... [2018-01-30 20:03:55 +0100 - 0.0] [!!] [browser#start_webdriver:1336] Worker: Starting WebDriver... [2018-01-30 20:03:55 +0100 - 0.0] [!] [browser#spawn_phantomjs:1227] Worker: Spawning PhantomJS... [2018-01-30 20:03:55 +0100 - 0.0] [!] [browser#start_proxy:1318] Worker: Booting up... [2018-01-30 20:03:55 +0100 - 0.0] [!!] [browser#start_proxy:1320] Worker: Starting proxy... [2018-01-30 20:03:55 +0100 - 0.0] [!!] [http/proxy_server#start_async:61] ProxyServer: Starting... [2018-01-30 20:03:56 +0100 - 0.1] [!!] [http/proxy_server#start_async:78] ProxyServer: ...started at: http://127.0.0.1:37756 [2018-01-30 20:03:56 +0100 - 0.1] [!!] [browser#start_proxy:1332] Worker: ... started proxy at: http://127.0.0.1:37756 [2018-01-30 20:03:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1242] Worker: Attempt #0, chose port number 24113 [2018-01-30 20:03:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1246] Worker: Spawning process: /usr/bin/phantomjs [2018-01-30 20:03:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1267] Worker: Process spawned, waiting for WebDriver server... [2018-01-30 20:04:56 +0100 - 60.1] [!] [browser#spawn_phantomjs:1285] Worker: Spawn timed-out. [2018-01-30 20:04:56 +0100 - 60.0] [!!] [browser#spawn_phantomjs:1289] Worker: 1151: Started PID: 1154 1151: EOF 1151: Exiting [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1297] Worker: Killing process. [2018-01-30 20:04:56 +0100 - 0.0] [!] [browser_cluster/worker#shutdown:162] Worker: Shutting down (wait: true) ... [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:175] Worker: Waiting for done signal... [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:171] Worker: Signaling done. [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:179] Worker: ...done. [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:181] Worker: Waiting for kill check... [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:183] Worker: ...done. [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:191] Worker: Calling parent shutdown... [2018-01-30 20:04:56 +0100 - 0.0] [!] [browser#shutdown:378] Worker: Shutting down... [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#shutdown:380] Worker: Killing process. [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#shutdown:389] Worker: Shutting down proxy... [2018-01-30 20:04:56 +0100 - 60.0] [!!] [http/proxy_server#shutdown:95] ProxyServer: Shutting down... [2018-01-30 20:04:56 +0100 - 0.0] [!!!] [http/proxy_server/connection#on_close:221] Connection: Closed because: [NilClass] [2018-01-30 20:04:56 +0100 - 0.1] [!!] [http/proxy_server#shutdown:102] ProxyServer: ...shutdown. [2018-01-30 20:04:56 +0100 - 0.1] [!!] [browser#shutdown:391] Worker: ...done. [2018-01-30 20:04:56 +0100 - 0.1] [!] [browser#shutdown:401] Worker: ...shutdown complete. [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser_cluster/worker#shutdown:193] Worker: ...done. [2018-01-30 20:04:56 +0100 - 0.0] [!] [browser_cluster/worker#shutdown:195] Worker: ...shutdown complete. [2018-01-30 20:04:56 +0100 - 0.0] [!] [browser#start_proxy:1318] Worker: Booting up... [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#start_proxy:1320] Worker: Starting proxy... [2018-01-30 20:04:56 +0100 - 0.0] [!!] [http/proxy_server#start_async:61] ProxyServer: Starting... [2018-01-30 20:04:56 +0100 - 0.1] [!!] [http/proxy_server#start_async:78] ProxyServer: ...started at: http://127.0.0.1:4821 [2018-01-30 20:04:56 +0100 - 0.1] [!!] [browser#start_proxy:1332] Worker: ... started proxy at: http://127.0.0.1:4821 [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1242] Worker: Attempt #1, chose port number 33914 [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1246] Worker: Spawning process: /usr/bin/phantomjs [2018-01-30 20:04:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1267] Worker: Process spawned, waiting for WebDriver server... [2018-01-30 20:05:56 +0100 - 60.2] [!] [browser#spawn_phantomjs:1285] Worker: Spawn timed-out. [2018-01-30 20:05:56 +0100 - 60.0] [!!] [browser#spawn_phantomjs:1289] Worker: 1164: Started PID: 1167 1164: EOF 1164: Exiting [2018-01-30 20:05:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1297] Worker: Killing process. [2018-01-30 20:05:56 +0100 - 0.0] [!] [browser#start_proxy:1318] Worker: Booting up... [2018-01-30 20:05:56 +0100 - 0.0] [!!] [browser#start_proxy:1320] Worker: Starting proxy... [2018-01-30 20:05:56 +0100 - 0.0] [!!] [http/proxy_server#start_async:61] ProxyServer: Starting... [2018-01-30 20:05:56 +0100 - 0.1] [!!] [http/proxy_server#start_async:78] ProxyServer: ...started at: http://127.0.0.1:27815 [2018-01-30 20:05:56 +0100 - 0.1] [!!] [browser#start_proxy:1332] Worker: ... started proxy at: http://127.0.0.1:27815 [2018-01-30 20:05:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1242] Worker: Attempt #2, chose port number 43013 [2018-01-30 20:05:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1246] Worker: Spawning process: /usr/bin/phantomjs [2018-01-30 20:05:56 +0100 - 0.0] [!!] [browser#spawn_phantomjs:1267] Worker: Process spawned, waiting for WebDriver server... [~] Processed 0/0 HTTP requests. [~] -- 0.0 requests/second. [~] Processed 0/0 browser jobs. [~] -- 0.0 second/job. [~] Burst response time sum 0.0 seconds [~] Burst average response time 0.0 seconds [~] Timed-out requests 0 [~] Throttled max concurrency 1 [~] Status: Scanning [~] [~] Hit: [~] 'Enter' to go back to status messages. [~] Results thus far: [~] 0 issues have been detected. [~] Audited 0 page snapshots. [~] Duration: 00:02:51 [~] Processed 0/0 HTTP requests. [~] -- 0.0 requests/second. [~] Processed 0/0 browser jobs. [~] -- 0.0 second/job. [~] Burst response time sum 0.0 seconds [~] Burst response count 0 [~] Burst average response time 0.0 seconds [~] Burst average 0.0 requests/second [~] Timed-out requests 0 [~] Original max concurrency 1 [~] Throttled max concurrency 1 [~] Status: Scanning [~] Initialising the browser cluster. [~] [~] Hit: [~] 'Enter' to go back to status messages. [~] 'p' to pause the scan. [~] 'a' to abort the scan. [~] 's' to suspend the scan to disk. [~] 'g' to generate a report. [~] 'v' to enable verbose messages. [~] 'd' to enable debugging messages. (You can set it to the desired level by sending d[1-4], current level is 0). [] Aborting... [~] Please wait while the system cleans up. ================================================================================ [+] Web Application Security Report - Arachni Framework [~] Report generated on: 2018-01-30 20:06:47 +0100 [~] Report false positives at: http://github.com/Arachni/arachni/issues [+] System settings: [~] --------------- [~] Version: 1.5.1 [~] Seed: 59ca4b1d69a67474953fd162a178442c [~] Audit started on: 2018-01-30 20:03:54 +0100 [~] Audit finished on: 2018-01-30 20:06:47 +0100 [~] Runtime: 00:02:52 [~] URL: http://192.168.1.6/twiki [~] User agent: Arachni/v1.5.1 [] Audited elements: [~] * Links [~] * Forms [~] * Cookies [~] * XMLs [~] * JSONs [~] * UI inputs [~] * UI forms [*] Checks: sql_injection_differential, ldap_injection, response_splitting, file_inclusion, rfi, unvalidated_redirect, xxe, unvalidated_redirect_dom, xss_event, sql_injection_timing, source_code_disclosure, code_injection_php_input_wrapper, xss, xss_script_context, os_cmd_injection_timing, session_fixation, os_cmd_injection, xss_tag, xss_dom, path_traversal, csrf, xpath_injection, no_sql_injection_differential, xss_dom_script_context, no_sql_injection, xss_path, code_injection_timing, trainer, code_injection, sql_injection, insecure_cookies, hsts, captcha, x_frame_options, mixed_resource, cookie_set_for_parent_domain, emails, credit_card, cvs_svn_users, http_only_cookies, html_objects, ssn, form_upload, insecure_cors_policy, unencrypted_password_forms, private_ip, password_autocomplete, xst, http_put, allowed_methods, interesting_responses, backup_directories, common_directories, insecure_client_access_policy, common_admin_interfaces, htaccess_limit, backup_files, common_files, directory_listing, webdav, localstart_asp, insecure_cross_domain_policy_headers, backdoors, insecure_cross_domain_policy_access, origin_spoof_access_restriction_bypass [~] =========================== [+] 0 issues were detected. [~] Report saved at: /usr/share/arachni/bin/192.168.1.6 2018-01-30 20_06_47 +0100.afr [0.0MB] [~] Audited 0 page snapshots. [~] Duration: 00:02:53 [~] Processed 0/0 HTTP requests. [~] -- 0.0 requests/second. [~] Processed 0/0 browser jobs. [~] -- 0.0 second/job. [~] Burst response time sum 0.0 seconds [~] Burst response count 0 [~] Burst average response time 0.0 seconds [~] Burst average 0.0 requests/second [~] Timed-out requests 0 [~] Original max concurrency 1 [~] Throttled max concurrency 1 cohst@kali-linux:~$ arachni Log v. Scan 30.01.2018.txt (11,048 bytes)

sbrun 2018-02-20 16:50 manager ~0008696	Fixed in new version 1.5.1-0kali2 (related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817277)

Date Modified	Username	Field	Change
2018-01-28 16:07	cohst	New Issue
2018-01-29 16:25	sbrun	Status	new => feedback
2018-01-29 16:25	sbrun	Note Added: 0008534
2018-01-30 19:13	cohst	File Added: arachni Log v. Scan 30.01.2018.txt
2018-01-30 19:13	cohst	Note Added: 0008585
2018-01-30 19:13	cohst	Status	feedback => new
2018-02-20 16:50	sbrun	Status	new => resolved
2018-02-20 16:50	sbrun	Resolution	open => fixed
2018-02-20 16:50	sbrun	Fixed in Version	=> 2018.2
2018-02-20 16:50	sbrun	Note Added: 0008696