Scan from current (2015-12-09) nightly GUI not working
Created by: mdembree
Using the latest (2015-12-09) nightly build, when I run a scan from the GUI, it doesn't do anything and eventually returns the following error. It is configured to use PostgreSQL. If I switch back to the current release, the same scan runs fine.
BTW, the updated GUI works much better behind a HTTPS reverse proxy than the current release, thanks for changing the URLs to absolute paths.
2015-12-10 11:59:44 -0400 --------------------------------------------------------------------------------
ENV:
---
CPLUS_INCLUDE_PATH: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/include"
XDG_SESSION_ID: c23
HOSTNAME: as1217.internal
SELINUX_ROLE_REQUESTED: ''
GEM_HOME: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/system/gems"
TERM: screen
SHELL: "/bin/bash"
HISTSIZE: '1000'
IRBRC: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/lib/ruby/.irbrc"
SSH_CLIENT: 10.x.x.x 52395 22
LIBRARY_PATH: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/lib"
ARACHNI_HOME: "/home/user/apps/arachni"
CDC_PREW2KHOST: as1217
SELINUX_USE_CURRENT_RANGE: ''
MY_RUBY_HOME: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/lib/ruby"
SSH_TTY: "/dev/pts/0"
USER: user
LD_LIBRARY_PATH: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/lib"
LS_COLORS: 'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:'
TERMCAP: "SC|screen|VT 100/ANSI X3.64 virtual terminal:\\\n\t:DO=\\E[%dB:LE=\\E[%dD:RI=\\E[%dC:UP=\\E[%dA:bs:bt=\\E[Z:\\\n\t:cd=\\E[J:ce=\\E[K:cl=\\E[H\\E[J:cm=\\E[%i%d;%dH:ct=\\E[3g:\\\n\t:do=^J:nd=\\E[C:pt:rc=\\E8:rs=\\Ec:sc=\\E7:st=\\EH:up=\\EM:\\\n\t:le=^H:bl=^G:cr=^M:it#8:ho=\\E[H:nw=\\EE:ta=^I:is=\\E)0:\\\n\t:li#24:co#167:am:xn:xv:LP:sr=\\EM:al=\\E[L:AL=\\E[%dL:\\\n\t:cs=\\E[%i%d;%dr:dl=\\E[M:DL=\\E[%dM:dc=\\E[P:DC=\\E[%dP:\\\n\t:im=\\E[4h:ei=\\E[4l:mi:IC=\\E[%d@:ks=\\E[?1h\\E=:\\\n\t:ke=\\E[?1l\\E>:vi=\\E[?25l:ve=\\E[34h\\E[?25h:vs=\\E[34l:\\\n\t:ti=\\E[?1049h:te=\\E[?1049l:us=\\E[4m:ue=\\E[24m:so=\\E[3m:\\\n\t:se=\\E[23m:mb=\\E[5m:md=\\E[1m:mr=\\E[7m:me=\\E[m:ms:\\\n\t:Co#8:pa#64:AF=\\E[3%dm:AB=\\E[4%dm:op=\\E[39;49m:AX:\\\n\t:vb=\\Eg:G0:as=\\E(0:ae=\\E(B:\\\n\t:ac=\\140\\140aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..--++,,hhII00:\\\n\t:po=\\E[5i:pf=\\E[4i:Km=\\E[M:k0=\\E[10~:k1=\\EOP:k2=\\EOQ:\\\n\t:k3=\\EOR:k4=\\EOS:k5=\\E[15~:k6=\\E[17~:k7=\\E[18~:\\\n\t:k8=\\E[19~:k9=\\E[20~:k;=\\E[21~:F1=\\E[23~:F2=\\E[24~:\\\n\t:F3=\\E[1;2P:F4=\\E[1;2Q:F5=\\E[1;2R:F6=\\E[1;2S:\\\n\t:F7=\\E[15;2~:F8=\\E[17;2~:F9=\\E[18;2~:FA=\\E[19;2~:kb=\x7F:\\\n\t:K2=\\EOE:kB=\\E[Z:kF=\\E[1;2B:kR=\\E[1;2A:*4=\\E[3;2~:\\\n\t:*7=\\E[1;2F:#2=\\E[1;2H:#3=\\E[2;2~:#4=\\E[1;2D:%c=\\E[6;2~:\\\n\t:%e=\\E[5;2~:%i=\\E[1;2C:kh=\\E[1~:@1=\\E[1~:kH=\\E[4~:\\\n\t:@7=\\E[4~:kN=\\E[6~:kP=\\E[5~:kI=\\E[2~:kD=\\E[3~:ku=\\EOA:\\\n\t:kd=\\EOB:kr=\\EOC:kl=\\EOD:km:"
DA_SESSION_ID_AUTH: 8965fc3c-37db-c14b-916c-ab8f53b0aacc
MAIL: "/var/spool/mail/user"
PATH: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/system/gems/bin:/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/../bin:/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/bin:/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/gems/bin:/usr/share/centrifydc/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/user/.local/bin:/home/user/bin:/home/user/apps/arachni/bin"
STY: 5310.pts-0.as1217
C_INCLUDE_PATH: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/include"
PWD: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin"
ARACHNI_WEBUI_LOGDIR: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/logs/webui"
LANG: en_US.UTF-8
ARACHNI_FRAMEWORK_LOGDIR: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/logs/framework"
USER_PRINCIPAL_NAME: user@internal
SELINUX_LEVEL_REQUESTED: ''
HISTCONTROL: ignoredups
CDC_JOINED_DC: internal
SHLVL: '2'
HOME: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/home/arachni"
CDC_JOINED_SITE: Data-Centre-Servers
RAILS_ENV: production
DYLD_LIBRARY_PATH: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/lib"
LOGNAME: user
WINDOW: '0'
GEM_PATH: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/gems"
SSH_CONNECTION: 10.x.x.x 52395 10.y.y.y 22
LESSOPEN: "||/usr/bin/lesspipe.sh %s"
CDC_JOINED_ZONE: CN=Universal,OU=Unix,DC=internal
XDG_RUNTIME_DIR: "/run/user/285218791"
CDC_LOCALHOST: as1217.internal
RUBYLIB: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/system/gems/gems/bundler-1.10.6/lib:/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/lib/ruby:/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/lib/ruby/site_ruby/2.2.0:/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/lib/ruby/2.2.0:/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/lib/ruby/2.2.0/x86_64-linux:/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/usr/lib/ruby/site_ruby/2.2.0/x86_64-linux"
RUBY_VERSION: ruby-2.2.3
CDC_JOINED_DOMAIN: internal
RACK_ENV: development
BUNDLE_GEMFILE: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/system/arachni-ui-web/Gemfile"
_ORIGINAL_GEM_PATH: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/bin/../system/gems"
BUNDLE_BIN_PATH: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/system/gems/gems/bundler-1.10.6/bin/bundle"
RUBYOPT: "-rbundler/setup"
MANPATH: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/system/gems/gems/kramdown-1.4.1/man"
BUNDLE_ORIG_MANPATH: "/home/user/apps/arachni-2.0dev-1.0dev_20151209/system/gems/gems/kramdown-1.4.1/man"
--------------------------------------------------------------------------------
OPTIONS:
datastore:
token: a1ce8f6ff728e491535abe06dede5366
browser_cluster:
local_storage: {}
wait_for_elements: {}
pool_size: 12
job_timeout: 25
worker_time_to_live: 100
ignore_images: true
screen_width: 1600
screen_height: 1200
scope:
redundant_path_patterns: {}
dom_depth_limit: 5
exclude_file_extensions: []
exclude_path_patterns: []
exclude_content_patterns: []
include_path_patterns: []
restrict_paths: []
extend_paths:
- "/bep"
- "/offices"
- "/econ"
- "/fin"
- "/natr"
- "/nsaf"
- "/nsarm"
- "/proc"
- "/prot"
- "/speak"
- "/tir"
url_rewrites: {}
include_subdomains: false
auto_redundant_paths: 10
https_only: false
audit:
parameter_values: true
exclude_vector_patterns: []
include_vector_patterns: []
link_templates: []
links: true
forms: true
cookies: true
headers: false
with_both_http_methods: false
cookies_extensively: false
jsons: true
xmls: true
ui_forms: true
ui_inputs: true
input:
values:
"(?i-mx:name)": arachni_name
"(?i-mx:user)": arachni_user
"(?i-mx:usr)": arachni_user
"(?i-mx:pass)": 5543!%arachni_secret
"(?i-mx:txt)": arachni_text
"(?i-mx:num)": '132'
"(?i-mx:amount)": '100'
"(?i-mx:mail)": arachni@scan.internal
"(?i-mx:account)": '12'
"(?i-mx:id)": '1'
default_values:
name: arachni_name
user: arachni_user
usr: arachni_user
pass: 5543!%arachni_secret
txt: arachni_text
num: '132'
amount: '100'
mail: arachni@email.gr
account: '12'
id: '1'
without_defaults: true
force: false
http:
user_agent: Arachni/v1.3.2
request_timeout: 10000
request_redirect_limit: 5
request_concurrency: 20
request_queue_size: 100
request_headers: {}
response_max_size: 500000
cookies: {}
session: {}
checks:
- code_injection
- code_injection_php_input_wrapper
- code_injection_timing
- csrf
- file_inclusion
- ldap_injection
- no_sql_injection
- no_sql_injection_differential
- os_cmd_injection
- os_cmd_injection_timing
- path_traversal
- response_splitting
- rfi
- session_fixation
- source_code_disclosure
- sql_injection
- sql_injection_differential
- sql_injection_timing
- trainer
- unvalidated_redirect
- unvalidated_redirect_dom
- xpath_injection
- xss
- xss_dom
- xss_dom_script_context
- xss_event
- xss_path
- xss_script_context
- xss_tag
- xxe
- allowed_methods
- backdoors
- backup_directories
- backup_files
- captcha
- common_admin_interfaces
- common_directories
- common_files
- cookie_set_for_parent_domain
- credit_card
- cvs_svn_users
- directory_listing
- emails
- form_upload
- hsts
- htaccess_limit
- html_objects
- http_only_cookies
- http_put
- insecure_client_access_policy
- insecure_cookies
- insecure_cors_policy
- insecure_cross_domain_policy_access
- insecure_cross_domain_policy_headers
- interesting_responses
- localstart_asp
- mixed_resource
- origin_spoof_access_restriction_bypass
- password_autocomplete
- private_ip
- ssn
- unencrypted_password_forms
- webdav
- x_frame_options
- xst
platforms: []
plugins:
autothrottle:
discovery:
healthmap:
timing_attacks:
uniformity:
no_fingerprinting: false
authorized_by:
url: https://dev.iweb.internal/
[2015-12-10 11:59:44 -0400] Could not spawn browser process.
[2015-12-10 11:59:44 -0400] 6827: Started
PID: 6830
6827: Working
6827: Working
6827: EOF
6827: Exiting
token: 4942011c4e9fc4763adc569556cd1d2e
master_priv_token: 988fe5e10b78c647ca93c0ccbfdb5e4f
page_limit: 0
[2015-12-10 11:59:44 -0400] 6823: Started
PID: 6835
6823: Working
6823: Working
6823: EOF
6823: Exiting