mushorg / tanner

He who flays the hide
GNU General Public License v3.0
222 stars 104 forks source link

Tanner crashes after dirb scan without error #353

Closed t3chn0m4g3 closed 4 years ago

t3chn0m4g3 commented 4 years ago

This issue was originally posted in the Snare repository (https://github.com/mushorg/snare/issues/233), however I could break it down to tanner (ver. 0.6.0, tcp/8090).

At some point while running dirb http://1.2.3.4 Snare looses contact to Tanner and throws an error

2020-02-17 13:23:01 ERROR:aiohttp.server:log_exception: Error handling request
2020-02-17 13:28:42 ERROR:snare.tanner_handler:submit_data: Exception:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/Snare-0.3.0-py3.7.egg/snare/tanner_handler.py", line 53, in submit_data
timeout=10.0
File "/usr/lib/python3.7/site-packages/aiohttp/client.py", line 391, in _request
await resp.start(conn)
File "/usr/lib/python3.7/site-packages/aiohttp/client_reqrep.py", line 770, in start
self._continue = None
File "/usr/lib/python3.7/site-packages/aiohttp/helpers.py", line 673, in exit
raise asyncio.TimeoutError from None
concurrent.futures._base.TimeoutError
2020-02-17 13:28:42 ERROR:aiohttp.server:log_exception: Error handling request

The reason for the error lies within the fact that Tanner crashes without any error or warning message.

Setup follows docker-compose.yml of this repo (https://github.com/mushorg/tanner/blob/master/docker/docker-compose.yml).

afeena commented 4 years ago

Thanks @t3chn0m4g3! I will investigate this behavior in the next few days.

AndreyMironenkoGit commented 4 years ago

Problem in KEEP_ALIVE_TIME = 75 in (tanner/tanner/session.py string 13) and subsequent removal of old sessions from redis (async def delete_old_sessions(self, redis_client) in tanner/tanner/session_manager.py string 67). The temporary mitigation may be to increase the KEEP_ALIVE_TIME, but need to understand why there is a conflict in Redis. I can't understand because I'm not a programmer and i have paws 😊

AndreyMironenkoGit commented 4 years ago

Checked the redis, is ok. Problem in tanner/tanner/session_manager.py in sting 71 (is_deleted = await self.delete_session(sess, redis_client)). "await" does not work correctly. if rewrite the function (async def delete_old_sessions(self, redis_client) )this way: image-Y20360

the problem will be fixed.

afeena commented 4 years ago

@AndreyMironenkoGit great! are you willing to make a pull request?

AndreyMironenkoGit commented 4 years ago

I'm sorry, but no. I don't have a fork. And I don't plan on doing it.

Best Regards.

mzfr commented 4 years ago

@afeena I've made the PR with the changes suggested by @AndreyMironenkoGit

Fosocles commented 4 years ago

@mzfr I recompiled a docker image with your fix and it still crashes after using Nikto against the page Snare serves.

afeena commented 4 years ago

OK I am now diving deep into the problem. Unfortunately I don't think changing specified Exception to general one make a trick. The more import is to understand why it is happening and fix the cause

AndreyMironenkoGit commented 4 years ago

@Fosocles try it exactly as I wrote it. I was testing from 3 computers running 2 Acunetix (full scan) and 1 dirb in parallel. The service was working fine(but not quite). The test lasted 20 hours.

But I have that stdout: Traceback (most recent call last): File "/usr/lib/python3.7/logging/init.py", line 1028, in emit stream.write(msg + self.terminator) UnicodeEncodeError: 'utf-8' codec can't encode character '\udcf3' in position 74: surrogates not allowed Call stack: File "/usr/bin/tanner", line 4, in import('pkg_resources').run_script('Tanner==0.6.0', 'tanner') File "/usr/lib/python3.7/site-packages/pkg_resources/init.py", line 666, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python3.7/site-packages/pkg_resources/init.py", line 1469, in run_script exec(script_code, namespace, namespace) File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/EGG-INFO/scripts/tanner", line 35, in File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/EGG-INFO/scripts/tanner", line 31, in main File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/tanner/server.py", line 121, in start web.run_app(app, host=host, port=int(port)) File "/usr/lib/python3.7/site-packages/aiohttp/web.py", line 433, in run_app reuse_port=reuse_port)) File "/usr/lib/python3.7/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/usr/lib/python3.7/site-packages/Tanner-0.6.0-py3.7.egg/tanner/server.py", line 62, in handle_event self.logger.info('Requested path %s', path) Message: 'Requested path %s' Arguments: ('/secci\udcf3',)

afeena commented 4 years ago

@AndreyMironenkoGit am I correct, that you delete completely this line from your code? is_deleted = await self.delete_session(sess, redis_client)?

AndreyMironenkoGit commented 4 years ago

@afeena Yep. And did print exception in stdout, and run dirb.

afeena commented 4 years ago

@Fosocles if you are using pull request #353 it only changes exception type @AndreyMironenkoGit deleted the function of session deletion and analysis completely (actually, it's not how tanner supposed to work :) )

I found the problem. dirb creates thousands of sessions so tanner tries to analyse everything and put into redis, so it's a problem of efficiency and scalability

AndreyMironenkoGit commented 4 years ago

@afeena in the PR #357 @mzfr function has been removed too.

image

afeena commented 4 years ago

@AndreyMironenkoGit sorry, my bad :D you are right

afeena commented 4 years ago

@Fosocles there is no "fast" solution for the problem.

If we are talking about freezing error with dirb, it happens because dirb requests creates thousands of sessions in TANNER (although it supposed to be one sessions with multiple paths), so now imagine at some point all of them are expired and now TANNER want to analyse them and put into redis --> Yes, it freezes. So the whole process of moving sessions from memory to redis/other storage should be re-written. Because now TANNER just goes through the whole list of sessions at once

afeena commented 4 years ago

Please test https://github.com/mushorg/tanner/pull/362

Now doesn't crash for me with dirb

afeena commented 4 years ago

362

For any other problems please create new issue