Scan stops whilst waiting for Responder

[paulnisbett]

Running warberry V5.1 on Raspberry Pi 3 B+ Running against my local network which has MacBook, Win10 laptop, Unifi router, Apple Tv, Sky HD satellite TV.

After clearing all results with sudo python warberry.py -C and then running one of any of these commands:

sudo python warberry.py -I eth0 --intensity -T4
sudo python warberry.py -I eth0 --intensity -T4 -t 5
sudo python warberry.py -I eth0 --intensity -T4 --poison

The scan completed SMB enumeration, and outputs:

Done! Results saved in warberry.db
Completed  enumerating users
Waiting for Responder ...

then after an unknown amount of time (less than 20 minutes, probably less) the scan stops and returns to command line.
The results aren't updated with any information.

I've tried this with --intensity T1 to T4, with the Win10 laptop powered on and off - the scan never completes.

Any suggestions as to what the issue is? Any logs worth looking at for further information? Cheers

[sconst]

Responder and Warberry are running simultaneously. By default, Responder is running for 15mins (900sec). So, if warberry finishes (completes scan etc) in less than 15 mins (900sec), you have to wait for the Responder to finish.

Once you have received the message Waiting for Responder, it means that warberry has finished scanning and any information gathered, during its execution, is stored in warberry.db.

You can define the Responder timeout seconds using the option -t followed by the seconds.

Have you checked the warberry.db for the results?

[paulnisbett]

Thanks for the quick response - I've checked warberry.db and can see scan results. What's the best workflow for viewing the results? I had planned to add apache/php to the warberry and view the results by connecting to the warberry IP webserver (when testing locally). For those times when I'm not going to run a webserver on the warberry, what's the best way to view the report? Thanks again

[sconst]

If you are not running webserver on your warberry device, you could copy the warberry.db from the warberry device to your local machine.

Then, you could use the Warberry Reporting Module on your local machine. However, it requires the use of apache/php on your local machine (Please see the Instructions on WarBerry's repository).

Unfortunately, you could not view warberry.db locally-warberry device (in report format) in the current version.

Thanks for your feedback. @secgroundzero may incorporate this feature in newer versions.

[paulnisbett]

Thanks for the confirmation; I think because the Warberry is very verbose with the output, I wasn't expecting an abrupt end without a message. something for a future version perhaps. Cheers