Skip to content
GitLab
Closed
Issue created by Administrator@rootContributor

Error in Arachni::Checks::PathTraversal

Created by: aaronmgdr

I am repeatedly getting

[2015-06-26 14:37:33 -0500] Error in Arachni::Checks::PathTraversal: invalid byte sequence in US-ASCII

backtrace

[2015-06-26 14:37:33 -0500] Error in Arachni::Checks::PathTraversal: invalid byte sequence in US-ASCII
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/components/checks/active/path_traversal.rb:50:in `split'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/components/checks/active/path_traversal.rb:50:in `block in options'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/auditable.rb:366:in `call'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/auditable.rb:366:in `block in audit_single'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/mutable.rb:371:in `yield_if_unique'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/mutable.rb:361:in `create_and_yield_if_unique'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/mutable.rb:180:in `block (2 levels) in each_mutation'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/mutable.rb:376:in `block in each_formatted_payload'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/mutable.rb:375:in `each'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/mutable.rb:375:in `each_formatted_payload'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/mutable.rb:176:in `block in each_mutation'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/mutable.rb:169:in `each'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/mutable.rb:169:in `each_mutation'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/auditable.rb:328:in `audit_single'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/auditable.rb:136:in `block in audit'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/auditable.rb:135:in `each'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/auditable.rb:135:in `audit'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/auditable.rb:147:in `block in audit'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/auditable.rb:146:in `each'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/auditable.rb:146:in `audit'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/element/capabilities/analyzable/taint.rb:82:in `taint_analysis'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/check/auditor.rb:550:in `block in audit_taint'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/check/auditor.rb:631:in `call'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/check/auditor.rb:631:in `block in prepare_each_element'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/check/auditor.rb:626:in `each'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/check/auditor.rb:626:in `prepare_each_element'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/check/auditor.rb:452:in `block in each_candidate_element'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/check/auditor.rb:445:in `each'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/check/auditor.rb:445:in `each_candidate_element'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/check/auditor.rb:549:in `audit_taint'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/check/auditor.rb:531:in `audit'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/components/checks/active/path_traversal.rb:101:in `run'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/check/manager.rb:128:in `run_one'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/framework/parts/check.rb:79:in `check_page'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/framework/parts/check.rb:57:in `block in run_checks'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/framework/parts/check.rb:56:in `each'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/framework/parts/check.rb:56:in `run_checks'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/framework/parts/audit.rb:138:in `audit_page'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/framework/parts/audit.rb:267:in `audit_page_queue'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/rpc/server/framework/multi_instance.rb:229:in `audit_page_queue'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/framework/parts/audit.rb:253:in `audit_queues'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/rpc/server/framework/multi_instance.rb:221:in `audit_queues'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/framework/parts/audit.rb:193:in `block in audit'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/framework/parts/audit.rb:173:in `loop'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/framework/parts/audit.rb:173:in `audit'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/framework.rb:120:in `block in run'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/utilities.rb:400:in `call'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/utilities.rb:400:in `exception_jail'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/framework.rb:120:in `run'
[2015-06-26 14:37:33 -0500] /Users/fremn/Downloads/arachni-1.1-0.5.7/system/gems/gems/arachni-1.1/lib/arachni/rpc/server/framework.rb:154:in `block in run'

config

ive tried various configurations here is an example of one

audit:
  parameter_values: true
  exclude_vector_patterns: []
  include_vector_patterns: []
  link_templates: []
  links: true
  forms: true
  cookies: true
  headers: false
  with_both_http_methods: false
  cookies_extensively: false
  jsons: true
  xmls: true
browser_cluster:
  pool_size: 6
  job_timeout: 15
  worker_time_to_live: 100
  ignore_images: true
  screen_width: 1600
  screen_height: 1200
datastore:
  token: 
http:
  user_agent: Arachni/v1.1
  request_timeout: 10000
  request_redirect_limit: 2
  request_concurrency: 6
  request_queue_size: 500
  request_headers: {}
  response_max_size: 500000
  cookies: {}
input:
  values: {}
  default_values:
    "(?i-mx:name)": arachni_name
    "(?i-mx:user)": arachni_user
    "(?i-mx:usr)": arachni_user
    "(?i-mx:pass)": 5543!%arachni_secret
    "(?i-mx:txt)": arachni_text
    "(?i-mx:num)": '132'
    "(?i-mx:amount)": '100'
    "(?i-mx:mail)": arachni@email.gr
    "(?i-mx:account)": '12'
    "(?i-mx:id)": '1'
  without_defaults: true
  force: false
scope:
  redundant_path_patterns: {}
  dom_depth_limit: 2
  exclude_path_patterns:
  - "(?-mix:\\/users\\/sign_out)"
  exclude_content_patterns: []
  include_path_patterns: []
  restrict_paths: []
  extend_paths: []
  url_rewrites: {}
  directory_depth_limit: 8
  page_limit: 20
  include_subdomains: false
  auto_redundant_paths: 1
  https_only: false
session:
  check_url: 
  check_pattern: 
checks:
- code_injection
- csrf
- no_sql_injection
- no_sql_injection_differential
- path_traversal
- response_splitting
- rfi
- session_fixation
- source_code_disclosure
- xss
- xss_dom
- xss_dom_inputs
- xss_dom_script_context
- xss_event
- xss_path
- xss_script_context
- xss_tag
- allowed_methods
- backdoors
- backup_files
- common_directories
- common_files
- directory_listing
- http_put
- insecure_client_access_policy
- insecure_cookies
- insecure_cors_policy
- insecure_cross_domain_policy_access
- insecure_cross_domain_policy_headers
- interesting_responses
- password_autocomplete
- unencrypted_password_forms
platforms: []
plugins:
  autologin:
    url: 
    parameters: 
    check: 
  beep_notify:
    repeat: '4'
    interval: '0.4'
  healthmap: 
  uniformity: 
no_fingerprinting: false
authorized_by: