arachni_load: undefined method `description' for nil:NilClass

Arachni / arachni

Web Application Security Scanner Framework

http://www.arachni-scanner.com

Other

3.75k stars 758 forks source link

arachni_load: undefined method `description' for nil:NilClass #435

Closed 7h3kid closed 10 years ago

7h3kid commented 10 years ago

With version 0.4.7 of arachni and metasploit v4.9.2-dev I'm getting the following error when trying to import an arachni report.

msf > load arachni [+] Added 4 Exploit modules for Arachni [+] Added 1 Auxiliary modules for Arachni [_] Successfully loaded plugin: arachni msf > arachniload report.msf [] Loading report... [*] Loaded 8 vulnerabilities.

Call stack: msf4/plugins/arachni.rb:350:in block in cmd_arachni_list_exploits' msf4/plugins/arachni.rb:349:ineach' msf4/plugins/arachni.rb:349:in each_with_index' msf4/plugins/arachni.rb:349:incmd_arachni_list_exploits' msf4/plugins/arachni.rb:79:in cmd_arachni_load' msf4/lib/rex/ui/text/dispatcher_shell.rb:427:inrun_command' msf4/lib/rex/ui/text/dispatcher_shell.rb:389:in block in run_single' msf4/lib/rex/ui/text/dispatcher_shell.rb:383:ineach' msf4/lib/rex/ui/text/dispatcher_shell.rb:383:in run_single' msf4/lib/rex/ui/text/shell.rb:200:inrun' ./msfconsole:148:in `

Zapotek commented 10 years ago

Apologies, this feature is a proof-of-concept and not supported, as can be seen at the second paragraph of this file: https://github.com/Arachni/arachni/blob/master/EXPLOITATION.md#webapp-exploitation-with-arachni-and-metasploit

I should probably remove the MSF arachni plugin from the repository altogether.

Cheers

7h3kid commented 10 years ago

Understood sir. Is there any chance of simply allowing the ability to import arachni reports without using metatsploit to exploit them? I generally wouldn't use metasploit for web app exploitation but the metasploit database is a great way to aggregate reports from numerous tools to track vulnerabilities and remediation.

I had been using the metasploit database to pull together nmap, arachni, nessus, nexpose, and burp scans. I'm not the greatest coder by any means but I'll at least make an attempt to get this working again so you might see another question or two from me.

Thanks for arachni by the way it's one of my favorite tools.

On Thu, May 8, 2014 at 12:57 PM, Tasos Laskos notifications@github.comwrote:

Apologies, but this feature is a proof-of-concept and not supported, as can be seen at the second paragraph of this file: https://github.com/Arachni/arachni/blob/master/EXPLOITATION.md#webapp-exploitation-with-arachni-and-metasploit

I should probably remove the MSF arachni plugin from the repository altogether.

Cheers

— Reply to this email directly or view it on GitHubhttps://github.com/Arachni/arachni/issues/435#issuecomment-42575431 .

Zapotek commented 10 years ago

I think you should talk to the Metapsloit team about that, they might be interested in adding an importer for Arachni, they maintain their importers.

Thanks for the kind words btw.

yowie commented 10 years ago

Tasos, I've seen a similar error when loading a saved report within Arachni itself. I will do some testing with it and see if I can reproduce it for you.

Zapotek commented 10 years ago

That's a big problem, please do let me know as soon as you come across a scan/report that reproduces the issue.