Closed pdelteil closed 7 years ago
deibit
commented
7 years ago Looking into it. Hard to testing because one has to wait for a long time before getting an error. At first view seems like a queue problems. I suggest that whilst it is solved you might split big files into multiple smaller ones. Thanks for reporting.
pdelteil
commented
7 years ago Hello,
Actually it happens at the beginning, during the first minute or so.
On Dec 21, 2016 4:46 PM, "David García" notifications@github.com wrote:
Looking into it. Hard to testing because one has to wait for a long time before getting an error. At first view seems like a queue problems. I suggest that whilst it is solved you might split big files into multiple smaller ones. Thanks for reporting.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/deibit/cansina/issues/5#issuecomment-268621012, or mute the thread https://github.com/notifications/unsubscribe-auth/ATTpf-JnLUfEXpOjob0o69AXK21t5KKWks5rKYIbgaJpZM4LSi_5 .
deibit
commented
7 years ago I see. May I know about your set up? Python version, system...Does it happen every time?
pdelteil
commented
7 years ago Yes, sure.
It happens, most of the time.
Python version: 2.7.13rc1 on Kali Rolling.
Tests:
I've checked that the files contains words that would match on the domain I'm using. It's unlikely to run 62000+ requests in 15 seconds.
1) ./cansina.py -u www.xxx.com -p SecLists/Discovery/Web_Content/raft-large-directories.txt
HTTP GET requests Banned response codes: 404 unBanned response codes: Using payload: SecLists/Discovery/Web_Content/raft-large-directories.txt Spawning 4 threads Generating payloads... Total requests 62290 (aprox: 15572 / thread)
0 | 200 | 37720 | 2 | 1141 | /images/ 0 | 200 | 171 | 11 | 1114 | /tmp/ 0 | 200 | 4351 | 31 | 326 | /test/ 0 | 200 | 433 | 41 | 99 | /include/ 0 | 200 | 285 | 56 | 105 | /aspnet_client/ 0 | 500 | 1208 | 61 | 129 | /_private/ 0 | 200 | 586 | 65 | 365 | /editor/ 0 | 200 | 179 | 81 | 111 | /content/ Finishing... Task took 15 seconds
2) HTTP GET requests Banned response codes: 404 unBanned response codes: Using payload: SecLists/Discovery/Web_Content/raft-large-words.txt Spawning 4 threads Generating payloads... Total requests 119600 (aprox: 29900 / thread)
0 | 200 | 37720 | 3 | 438 | /images/ 0 | 302 | 288 | 1 | 621 | /.php -> http://y.x.cl/.php 0 | 302 | 289 | 7 | 559 | /.html -> http://y.x.cl/.html 0 | 200 | 171 | 23 | 247 | /tmp/ 0 | 302 | 288 | 38 | 194 | /.htm -> http://y.x.cl/.htm 0 | 200 | 4351 | 43 | 250 | /test/ 0 | 200 | 433 | 51 | 259 | /include/ 0 | 500 | 1208 | 97 | 95 | /_private/ 0 | 200 | 285 | 102 | 88 | /aspnet_client/ Finishing... Task took 22 seconds
Thanks.
Saludos,
Philippe DelteilCel: +56 9 6132.4294 Santiago de Chile
On 21 December 2016 at 16:57, David García notifications@github.com wrote:
I see. May I know about your set up? Python version, system...Does it happen every time?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/deibit/cansina/issues/5#issuecomment-268623613, or mute the thread https://github.com/notifications/unsubscribe-auth/ATTpf3PXHbZdYKmS03HlWXDf0ntuYo0Gks5rKYSqgaJpZM4LSi_5 .
deibit
commented
7 years ago Got it running in a Kali VM with large payloads, and everything were fine. Is gonna be a hard to reproduce bug but definitively we've got an issue here and we will look into it (another, private report, tell us a related problem). For now, splitting large payloads seems to be a reasonable workaround in the meantime.
In next commits we will push a better logging and exception support as a long time planned (but not scheduled) feature, it should help us tracing this nasty guy.
Saludo y gracias, amigo.
deibit
commented
7 years ago Closing, as extensive test has been performed in Python2/3 and several and heterogeneous systems without a remarkable freeze in a while.
I've been running the cansina.py file with different options.
When I use the large files (raft-large-directories.txt) it stops suddenly after some seconds, sometimes after few minutes, it never reaches the end of the file. I did try delay time, from 1 to 5 and the behavior didn't change.
It shows the regular message "Finished". What can I do?