No timeout setup in request

[pansa]

v3.4.48

In ./src/core/http/https.py (and other like), parameter timeout not defined in "request" function:

response = PoolManager().request(self.__cfg.method, url, headers=self._headers, retries=self.__cfg.retries, assert_same_host=False, redirect=False)

so i got totally stoped scan progress if any not-responsable domain was requested, eg "https://mail3.1tv.ru"

Adding timeout=3 helps me.

[stanislav-web]

Timeout is declared for whole Pool (HTTPSConnectionPool, HTTPConnectionPool, ProxyManager) and default has 30 sec

--timeout TIMEOUT     Request timeout (30 sec default)

That means that every request in the pool will be ignored after 30 (default) seconds But I noticed that it does not work correctly, so I set the same timeout for reading

HTTPSConnectionPool(self.__cfg.host,
                                      port=self.__cfg.port,
                                      maxsize=self.__cfg.threads,
                                      timeout=Timeout(CONNECT=self.__cfg.timeout, READ=self.__cfg.timeout),
                                      block=True)

[pansa]

Yes, i set --timeout parameter for 3 and waiting 2+ min, but timeout doesn't works =(

$ time python3 opendoor.py -t5 -w ../SecLists/Discovery/DNS/subdomains-top1mil-5000.txt --timeout 3 -s subdomains --host=https://1tv.ru

...

[16:30:51] info: Use --report param to store your scan results
[16:30:51] info: Wait, please, checking connect to -> 1tv.ru:443 ...
[16:30:52] info: Server 1tv.ru:443 (195.16.108.151) is online!
[16:30:52] info: Scanning 1tv.ru ...
[16:30:52] info: 0.4% [0019/5000] - 0B - OK https://www.1tv.ru:443
[16:30:52] info: 0.4% [0022/5000] - 178B - R https://blog.1tv.ru:443 -> https://www.1tv.ru/
[16:30:52] info: 0.5% [0023/5000] - 195B - Auth https://dev.1tv.ru:443
[16:30:52] info: 0.5% [0023/5000] - 1B - Cert required https://ns.1tv.ru:443
[16:30:52] info: 0.7% [0034/5000] - 178B - R https://mobile.1tv.ru:443 -> https://www.1tv.ru/mobile/
[16:30:52] info: 0.8% [0041/5000] - 178B - R https://new.1tv.ru:443 -> https://www.1tv.ru/
[16:30:52] info: 1.0% [0051/5000] - 178B - R https://beta.1tv.ru:443 -> https://www.1tv.ru/
[16:30:52] info: 1.0% [0052/5000] - 0B - https://mx.1tv.ru:443 [16:30:52] info: 1.0% [0052/5000] - 178B - R https://news.1tv.ru:443 -> https://www.1tv.ru/news/
[16:30:52] info: 1.2% [0059/5000] - 0B - Denied https://media.1tv.ru:443
[16:30:52] info: 1.2% [0062/5000] - 1B - Cert required https://www.blog.1tv.ru:443
[16:30:52] info: 1.3% [0066/5000] - 162B - Denied https://static.1tv.ru:443
[16:30:52] info: 1.4% [0068/5000] - 162B - Denied https://api.1tv.ru:443
[16:30:52] info: 1.5% [0075/5000] - 178B - R https://video.1tv.ru:443 -> https://www.1tv.ru/videoarchiver/
[16:30:52] info: 1.9% [0095/5000] - 178B - R https://wap.1tv.ru:443 -> https://www.1tv.ru/wap/
[16:30:52] info: 2.1% [0106/5000] - 0B - https://web2.1tv.ru:443 ^C^C[16:34:04] cancel: Session canceled

real 3m12,490s user 0m0,696s sys 0m0,060s

[pansa]

Hmm, method def __https_pool(self) with pool = HTTPSConnectionPool( ...

doesn't call in my case (see later) :\ So your change not fix the problem, i checked.

[pansa]

For 100% sure, your can run worker in the separate process fork with global timeout for whole process.

[stanislav-web]

Solved https://github.com/stanislav-web/OpenDoor/pull/50 please update application