Fails to start scan - Githubissues

random-robbie commented 7 years ago
2017-04-13 09:54:13 +0200 --------------------------------------------------------------------------------
ENV:
---
CPLUS_INCLUDE_PATH: "/root/arachni-1.5.1-0.5.12/bin/../system/usr/include"
XDG_SESSION_ID: '60963'
rvm_bin_path: "/usr/local/rvm/bin"
GEM_HOME: "/root/arachni-1.5.1-0.5.12/system/gems"
SHELL: "/bin/bash"
TERM: xterm
SSH_CLIENT: xxxxxxxxxxxxx 4459 22
IRBRC: "/root/arachni-1.5.1-0.5.12/bin/../system/usr/lib/ruby/.irbrc"
LIBRARY_PATH: "/root/arachni-1.5.1-0.5.12/bin/../system/usr/lib:/usr/lib:/usr/local/lib"
MY_RUBY_HOME: "/root/arachni-1.5.1-0.5.12/bin/../system/usr/lib/ruby"
SSH_TTY: "/dev/pts/2"
USER: root
LD_LIBRARY_PATH: "/root/arachni-1.5.1-0.5.12/bin/../system/usr/lib:/usr/lib:/usr/local/lib"
LS_COLORS: 'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:'
_system_type: Linux
rvm_path: "/usr/local/rvm"
rvm_prefix: "/usr/local"
FONTCONFIG_PATH: "/root/arachni-1.5.1-0.5.12/bin/../system/home/arachni/.fonts"
PATH: "/root/arachni-1.5.1-0.5.12/system/gems/bin:/root/arachni-1.5.1-0.5.12/bin/../system/../bin:/root/arachni-1.5.1-0.5.12/bin/../system/usr/bin:/root/arachni-1.5.1-0.5.12/bin/../system/gems/bin:/usr/local/rvm/gems/ruby-2.4.0/bin:/usr/local/rvm/gems/ruby-2.4.0@global/bin:/usr/local/rvm/rubies/ruby-2.4.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/rvm/bin"
MAIL: "/var/mail/root"
C_INCLUDE_PATH: "/root/arachni-1.5.1-0.5.12/bin/../system/usr/include"
PWD: "/root/arachni-1.5.1-0.5.12/bin"
ARACHNI_WEBUI_LOGDIR: "/root/arachni-1.5.1-0.5.12/bin/../system/logs/webui"
LANG: en_GB.UTF-8
ARACHNI_FRAMEWORK_LOGDIR: "/root/arachni-1.5.1-0.5.12/bin/../system/logs/framework"
_system_arch: x86_64
_system_version: '16.04'
rvm_version: 1.29.0 (latest)
HOME: "/root/arachni-1.5.1-0.5.12/bin/../system/home/arachni"
SHLVL: '1'
RAILS_ENV: production
LOGNAME: root
SLIMERJSLAUNCHER: "/usr/bin/firefox"
SSH_CONNECTION: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
GEM_PATH: "/root/arachni-1.5.1-0.5.12/bin/../system/gems"
LESSOPEN: "| /usr/bin/lesspipe %s"
XDG_RUNTIME_DIR: "/run/user/0"
RUBYLIB: "/root/arachni-1.5.1-0.5.12/system/gems/gems/bundler-1.14.6/lib:/root/arachni-1.5.1-0.5.12/bin/../system/usr/lib/ruby:/root/arachni-1.5.1-0.5.12/bin/../system/usr/lib/ruby/site_ruby/2.2.0:/root/arachni-1.5.1-0.5.12/bin/../system/usr/lib/ruby/2.2.0:/root/arachni-1.5.1-0.5.12/bin/../system/usr/lib/ruby/2.2.0/x86_64-linux:/root/arachni-1.5.1-0.5.12/bin/../system/usr/lib/ruby/site_ruby/2.2.0/x86_64-linux"
RUBY_VERSION: ruby-2.2.3
LESSCLOSE: "/usr/bin/lesspipe %s %s"
_system_name: Ubuntu
RACK_ENV: development
BUNDLE_GEMFILE: "/root/arachni-1.5.1-0.5.12/system/arachni-ui-web/Gemfile"
BUNDLER_ORIG_PATH: "/root/arachni-1.5.1-0.5.12/bin/../system/../bin:/root/arachni-1.5.1-0.5.12/bin/../system/usr/bin:/root/arachni-1.5.1-0.5.12/bin/../system/gems/bin:/usr/local/rvm/gems/ruby-2.4.0/bin:/usr/local/rvm/gems/ruby-2.4.0@global/bin:/usr/local/rvm/rubies/ruby-2.4.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/rvm/bin"
BUNDLER_ORIG_GEM_PATH: "/root/arachni-1.5.1-0.5.12/bin/../system/gems"
BUNDLE_BIN_PATH: "/root/arachni-1.5.1-0.5.12/system/gems/gems/bundler-1.14.6/exe/bundle"
BUNDLER_VERSION: 1.14.6
RUBYOPT: "-rbundler/setup"
MANPATH: "/root/arachni-1.5.1-0.5.12/system/gems/gems/kramdown-1.4.1/man"
BUNDLER_ORIG_MANPATH: "/root/arachni-1.5.1-0.5.12/system/gems/gems/kramdown-1.4.1/man"
--------------------------------------------------------------------------------
OPTIONS:
---
http:
  user_agent: Arachni/v1.5.1
  request_timeout: 10000
  request_redirect_limit: 5
  request_concurrency: 20
  request_queue_size: 100
  request_headers: {}
  response_max_size: 500000
  cookies: {}
  authentication_type: auto
browser_cluster:
  local_storage: {}
  wait_for_elements: {}
  pool_size: 6
  job_timeout: 10
  worker_time_to_live: 100
  ignore_images: false
  screen_width: 1600
  screen_height: 1200
scope:
  redundant_path_patterns: {}
  dom_depth_limit: 5
  exclude_file_extensions:
  - "[]"
  exclude_path_patterns: []
  exclude_content_patterns: []
  include_path_patterns: []
  restrict_paths: []
  extend_paths: []
  url_rewrites: {}
  include_subdomains: true
  exclude_binaries: true
  https_only: false
datastore:
  token: c77f11d0bd28a6d12f4ea7963998129f
session: {}
audit:
  parameter_values: true
  exclude_vector_patterns: []
  include_vector_patterns: []
  link_templates: []
  links: true
  forms: false
  cookies: true
  headers: false
  with_both_http_methods: true
  cookies_extensively: false
  jsons: true
  xmls: true
  ui_forms: true
  ui_inputs: true
input:
  values:
    "(?i-mx:name)": arachni_name
    "(?i-mx:user)": arachni_user
    "(?i-mx:usr)": arachni_user
    "(?i-mx:pass)": 5543!%arachni_secret
    "(?i-mx:txt)": arachni_text
    "(?i-mx:num)": '132'
    "(?i-mx:amount)": '100'
    "(?i-mx:mail)": arachni@email.gr
    "(?i-mx:account)": '12'
    "(?i-mx:id)": '1'
  default_values:
    name: arachni_name
    user: arachni_user
    usr: arachni_user
    pass: 5543!%arachni_secret
    txt: arachni_text
    num: '132'
    amount: '100'
    mail: arachni@email.gr
    account: '12'
    id: '1'
  without_defaults: true
  force: false
checks:
- code_injection
- code_injection_php_input_wrapper
- code_injection_timing
- csrf
- file_inclusion
- ldap_injection
- no_sql_injection
- no_sql_injection_differential
- os_cmd_injection
- os_cmd_injection_timing
- path_traversal
- response_splitting
- rfi
- session_fixation
- source_code_disclosure
- sql_injection
- sql_injection_differential
- sql_injection_timing
- trainer
- unvalidated_redirect
- unvalidated_redirect_dom
- xpath_injection
- xss
- xss_dom
- xss_dom_script_context
- xss_event
- xss_path
- xss_script_context
- xss_tag
- xxe
- allowed_methods
- backdoors
- backup_directories
- backup_files
- captcha
- common_admin_interfaces
- common_directories
- common_files
- cookie_set_for_parent_domain
- credit_card
- cvs_svn_users
- directory_listing
- emails
- form_upload
- hsts
- htaccess_limit
- html_objects
- http_only_cookies
- http_put
- insecure_client_access_policy
- insecure_cookies
- insecure_cors_policy
- insecure_cross_domain_policy_access
- insecure_cross_domain_policy_headers
- interesting_responses
- localstart_asp
- mixed_resource
- origin_spoof_access_restriction_bypass
- password_autocomplete
- private_ip
- ssn
- unencrypted_password_forms
- webdav
- x_frame_options
- xst
platforms: []
plugins:
  autothrottle: 
  discovery: 
  healthmap: 
  timing_attacks: 
  uniformity: 
no_fingerprinting: true
authorized_by: 
url: https://192.168.1.1
--------------------------------------------------------------------------------
[2017-04-13 09:54:13 +0200] [ArgumentError] invalid byte sequence in UTF-16
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/parser/nodes/with_value.rb:22:in `strip'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/parser/nodes/with_value.rb:22:in `value='
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/parser/nodes/with_value.rb:18:in `initialize'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/parser/sax.rb:58:in `new'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/parser/sax.rb:58:in `text'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/parser.rb:70:in `sax_html'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/parser.rb:70:in `block in parse'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/support/cache/base.rb:108:in `call'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/support/cache/base.rb:108:in `fetch'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/parser.rb:66:in `parse'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/parser.rb:243:in `document'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/parser.rb:423:in `paths'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/page.rb:309:in `paths'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/framework/parts/data.rb:207:in `push_paths_from_page'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/framework/parts/audit.rb:98:in `audit_page'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/framework/parts/audit.rb:228:in `audit_queues'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/rpc/server/framework/multi_instance.rb:222:in `audit_queues'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/framework/parts/audit.rb:202:in `block in audit'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/framework/parts/audit.rb:177:in `loop'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/framework/parts/audit.rb:177:in `audit'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/framework.rb:117:in `block in run'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/utilities.rb:425:in `call'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/utilities.rb:425:in `exception_jail'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/framework.rb:117:in `run'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/rpc/server/framework.rb:156:in `block in run'
[2017-04-13 09:54:13 +0200] 
[2017-04-13 09:54:13 +0200] Parent:
[2017-04-13 09:54:13 +0200] Arachni::RPC::Server::Framework
[2017-04-13 09:54:13 +0200] 
[2017-04-13 09:54:13 +0200] Block:
[2017-04-13 09:54:13 +0200] #<Proc:0x000000040d4810@/root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/framework.rb:117>
[2017-04-13 09:54:13 +0200] 
[2017-04-13 09:54:13 +0200] Caller:
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/utilities.rb:425:in `exception_jail'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/framework.rb:117:in `run'
[2017-04-13 09:54:13 +0200] /root/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/lib/arachni/rpc/server/framework.rb:156:in `block in run'
[2017-04-13 09:54:13 +0200] --------------------------------------------------------------------------------
Zapotek commented 7 years ago
What application were you scanning?
random-robbie commented 7 years ago
it was a custom ASP.net framework site.
Zapotek commented 7 years ago
Any chance I can access it?
random-robbie commented 7 years ago
yeah sure https://puc.overheid.nl/
(it's safe as its part of their responsible disclosure policy)
Zapotek commented 7 years ago
Fixed it, running tests now to make sure I didn't break anything.
random-robbie commented 7 years ago
brilliant keep me posted.
Zapotek commented 7 years ago
Pushing nightlies now, I'll let you know once they're up so that you can try them out.
Zapotek commented 7 years ago
Nightlies are up.
Arachni / arachni

Fails to start scan #871
