leohns / skipfish

Automatically exported from code.google.com/p/skipfish
Apache License 2.0
0 stars 0 forks source link

Segmentation Fault During Scan #103

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Recently I was doing a scan and hit a seg fault. My C is pretty rusty, but if 
you give me any hints on how to debug I would be happy yo help. This error is 
repeatable. Note that a family member works for the bank being scanned.

Here is the output of the scan (colored output was disabled during compilation)

$ ./skipfish  -L  -Y  -r 4000 -o ./../output/skipfish_40 -V  -g 10 -M  
https://www.marblebank.com
skipfish version 1.81b by <lcamtuf@google.com>
[!] WARNING: Wordlist 'skipfish.wl' contained no valid entries.
Welcome to skipfish. Here are some useful tips:

1) To abort the scan at any time, press Ctrl-C. A partial report will be written
   to the specified location. To view a list of currently scanned URLs, you can
   press space at any time during the scan.

2) Watch the number requests per second shown on the main screen. If this figure
   drops below 100-200, the scan will likely take a very long time.

3) The scanner does not auto-limit the scope of the scan; on complex sites, you
   may need to specify locations to exclude, or limit brute-force steps.

4) There are several new releases of the scanner every month. If you run into
   trouble, check for a newer version first, let the author know next.

More info: http://code.google.com/p/skipfish/wiki/KnownIssues

Press any key to continue (or wait 60 seconds)...
skipfish version 1.81b by <lcamtuf@google.com>

  - www.marblebank.com -

Scan statistics:

      Scan time : 0:00:53.0253
  HTTP requests : 3463 (65.3/s), 17279 kB in, 1109 kB out (345.3 kB/s)
    Compression : 0 kB in, 0 kB out (0.0% gain)
    HTTP faults : 0 net errors, 0 proto errors, 0 retried, 0 drops
 TCP handshakes : 253 total (14.1 req/conn)
     TCP faults : 0 failures, 0 timeouts, 0 purged
 External links : 130 skipped
   Reqs pending : 103

Database statistics:

         Pivots : 134 total, 61 done (45.52%)
    In progress : 52 pending, 11 init, 10 attacks, 0 dict
  Missing nodes : 4 spotted
     Node types : 2 serv, 9 dir, 62 file, 0 pinfo, 59 unkn, 3 par, 0 val
   Issues found : 65 info, 0 warn, 9 low, 0 medium, 0 high impact
      Dict size : 0 words (0 new), 0 extensions, 0 candidates
Segmentation fault
$

Original issue reported on code.google.com by Charlie....@gmail.com on 6 Dec 2010 at 11:44

GoogleCodeExporter commented 8 years ago
Sorry for the problem. Can you do the following:

1) Rebuild the tool with "make clean debug"

2) Enter "ulimit -c unlimited"

3) Run the tool again with an additional redirect to logfile.txt: "./skipfish 
[...previous options...] 2>logfile.txt"

4) When it crashes, send me the output of these two commands:

   gdb --batch -ex back ./skipfish core
   tail -50 logfile.txt

This should help diagnose the problem.

Original comment by lcam...@gmail.com on 6 Dec 2010 at 11:58

GoogleCodeExporter commented 8 years ago
Thanks for looking into this. I attached the output of both commands in a text 
file.

Original comment by Charlie....@gmail.com on 7 Dec 2010 at 2:03

GoogleCodeExporter commented 8 years ago
Perfect, thanks. This turned out to be a minor NULL pointer issue with certain 
formats of JS/CSS. Problem fixed in 1.82, you can grab it now :-)

Original comment by lcam...@gmail.com on 7 Dec 2010 at 6:20

GoogleCodeExporter commented 8 years ago
Thanks! Works like a charm :)

Original comment by Charlie....@gmail.com on 7 Dec 2010 at 10:31