Skip to content
GitLab
Closed
Issue created by Administrator@rootContributor

arachni eats 100%cpu, does nothing

Created by: chris-h1

I have a problem with arachni, it seams that it does nothing, just eating up my cpu.

strace -f -p 15051 ---8<--- [pid 15052] <... futex resumed> ) = -1 ETIMEDOUT (Connection timed out) [pid 15052] gettimeofday({1316018028, 330295}, NULL) = 0 [pid 15052] futex(0xb78521cc, FUTEX_WAKE_PRIVATE, 1) = 0 [pid 15052] clock_gettime(CLOCK_REALTIME, {1316018028, 330357231}) = 0 [pid 15052] futex(0xb7852204, FUTEX_WAIT_PRIVATE, 1044897, {0, 9937769}) = -1 ETIMEDOUT (Connection timed out) [pid 15052] gettimeofday({1316018028, 340703}, NULL) = 0 [pid 15052] futex(0xb78521cc, FUTEX_WAKE_PRIVATE, 1) = 0 [pid 15052] clock_gettime(CLOCK_REALTIME, {1316018028, 340765429}) = 0 [pid 15052] futex(0xb7852204, FUTEX_WAIT_PRIVATE, 1044899, {0, 9937571} <unfinished ...> [pid 15051] sched_yield() = 0 [pid 15052] <... futex resumed> ) = -1 ETIMEDOUT (Connection timed out) [pid 15052] gettimeofday( <unfinished ...> [pid 15051] sched_yield( <unfinished ...> [pid 15052] <... gettimeofday resumed> {1316018028, 350837}, NULL) = 0 [pid 15051] <... sched_yield resumed> ) = 0 [pid 15052] futex(0xb78521cc, FUTEX_WAKE_PRIVATE, 1) = 0 [pid 15052] clock_gettime(CLOCK_REALTIME, {1316018028, 350922116}) = 0 [pid 15052] futex(0xb7852204, FUTEX_WAIT_PRIVATE, 1044901, {0, 9914884}) = -1 ETIMEDOUT (Connection timed out) [pid 15052] gettimeofday({1316018028, 360979}, NULL) = 0 [pid 15052] futex(0xb78521cc, FUTEX_WAKE_PRIVATE, 1) = 0 [pid 15052] clock_gettime(CLOCK_REALTIME, {1316018028, 361036814}) = 0 [pid 15052] futex(0xb7852204, FUTEX_WAIT_PRIVATE, 1044903, {0, 9942186} <unfinished ...> [pid 15051] sched_yield() = 0 [pid 15052] <... futex resumed> ) = -1 ETIMEDOUT (Connection timed out) [pid 15052] gettimeofday( <unfinished ...> [pid 15051] sched_yield( <unfinished ...> ---8<--- I just have these lines all over (1000 of them). What is the reason for that?

Version: Arachni - Web Application Security Scanner Framework v0.3 [0.2.3] ruby 1.9.2p290 (2011-07-09 revision 32553) [i686-linux] Linux maus 2.6.38-11-generic-pae #48 (closed)-Ubuntu SMP Fri Jul 29 20:51:21 UTC 2011 i686 i686 i386 GNU/Linux

Program was run with: arachni --debug -vf --load-profile=/home/chris/.rvm/gems/ruby-1.9.2-p290/gems/arachni-0.3/profiles/full.afp http://www.xxxxxxxxxxxxxx/index.html > arachni2.out 2>&1

The last few lines from debug output: ---8<--- [!] Got response. [!] Request ID#: 18037 [!] URL: http://news.xxxxxxxxxxxxx/redx/ext/newsabo/goto.php?fa5097d6aaa28b3f70e13a085f90cc2077b75e0326a72e82e608da4fafc92bb6=&l=86%23%5E%28%24%21%40%24%29%28%28%29%29%29%2A%2A%2A%2A%2A%2A&s=732 [!] Method: get [!] Params: {"l"=>"86#^($!@$)(()))*****", "s"=>"732", "fa5097d6aaa28b3f70e13a085f90cc2077b75e0326a72e82e608da4fafc92bb6"=>""} [!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8", "User-Agent"=>"Arachni/0.2.2"} [!] Train?: false [!] ------------ [!] ------------ [!] Got response. [!] Request ID#: 18170 [!] URL: http://de-de.facebook.com/pages/xxxxxxxxxxxxx/117192318325315?utm_campaign=2011-07-19-35%2525%2520Hitzerabatt%2520bei%2520xxxxxxxxxxxxx%2520auf%2520alle%2520Produkte&utm_medium=newsletter&utm_source=news.xxxxxxxxxxxxx [!] Method: get [!] Params: {"utm_source"=>"news.xxxxxxxxxxxxx", "utm_campaign"=>"2011-07-19-35%25%20Hitzerabatt%20bei%20xxxxxxxxxxxxx%20auf%20alle%20Produkte", "utm_medium"=>"newsletter"} [!] Headers: {"cookie"=>"PHPSESSID=07f9540451cbbb4af67e69bda421a64596d80713;", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8", "User-Agent"=>"Arachni/0.2.2"} [!] Train?: false [!] ------------ [] UnvalidatedRedirect: Analyzing response #18115... [] UnvalidatedRedirect: Analyzing response #18082... [] UnvalidatedRedirect: Analyzing response #18081... [] UnvalidatedRedirect: Analyzing response #18080... [] UnvalidatedRedirect: Analyzing response #18112... [] UnvalidatedRedirect: Analyzing response #18111... [] UnvalidatedRedirect: Analyzing response #18078... [] UnvalidatedRedirect: Analyzing response #18110... [] UnvalidatedRedirect: Analyzing response #18117... [] UnvalidatedRedirect: Analyzing response #18116... [] UnvalidatedRedirect: Analyzing response #18113... [] XPathInjection: Analyzing response #18069... [] XPathInjection: Analyzing response #18068... [] XPathInjection: Analyzing response #18067... [] XPathInjection: Analyzing response #18066... [] UnvalidatedRedirect: Analyzing response #18090... [] XPathInjection: Analyzing response #18065... [] XPathInjection: Analyzing response #18064... [] XPathInjection: Analyzing response #18063... [] XPathInjection: Analyzing response #18062... [] XPathInjection: Analyzing response #18059... [] XPathInjection: Analyzing response #18058... [] XPathInjection: Analyzing response #18057... [] XPathInjection: Analyzing response #18056... [] XPathInjection: Analyzing response #18055... [] XPathInjection: Analyzing response #18054... [] XPathInjection: Analyzing response #18053... [] XPathInjection: Analyzing response #18052... [] LDAPInjection: Analyzing response #18046... [] LDAPInjection: Analyzing response #18045... [] LDAPInjection: Analyzing response #18044... [] LDAPInjection: Analyzing response #18043... [] LDAPInjection: Analyzing response #18042... [] UnvalidatedRedirect: Analyzing response #18079... [] LDAPInjection: Analyzing response #18041... [] LDAPInjection: Analyzing response #18040... [] LDAPInjection: Analyzing response #18039... [] ResponseSplitting: Analyzing response #18036... [] ResponseSplitting: Analyzing response #18035... [] ResponseSplitting: Analyzing response #18034... [] XPathInjection: Analyzing response #18061... [] ResponseSplitting: Analyzing response #18033... [] ResponseSplitting: Analyzing response #18032... [] UnvalidatedRedirect: Analyzing response #18071... [] UnvalidatedRedirect: Analyzing response #18076... [] UnvalidatedRedirect: Analyzing response #18070... [] ResponseSplitting: Analyzing response #18030... [] UnvalidatedRedirect: Analyzing response #18077... [] UnvalidatedRedirect: Analyzing response #18073... [] ResponseSplitting: Analyzing response #18029... [] ResponseSplitting: Analyzing response #18028... [] ResponseSplitting: Analyzing response #18027... [] ResponseSplitting: Analyzing response #18024... [] ResponseSplitting: Analyzing response #18021... [] XPathInjection: Analyzing response #18060... [] UnvalidatedRedirect: Analyzing response #18075... [] UnvalidatedRedirect: Analyzing response #18074... [] UnvalidatedRedirect: Analyzing response #18072... [] XPathInjection: Analyzing response #18050... [] ResponseSplitting: Analyzing response #18020... [] ResponseSplitting: Analyzing response #18019... [] ResponseSplitting: Analyzing response #18022... [] LDAPInjection: Analyzing response #18037...

[~] Audit progress: 25.92% ( Discovered 125 pages )

[] Sent 18171 requests. [] Received and analyzed 17114 responses. [] In 00:00:00 [] Average: 3 requests/second.

[] Currently auditing http://www.xxxxxxxxxxxx/Links/Newsletter_JULI.html [] Burst response time total 29.869559 [] Burst response count total 166 [] Burst average response time 0.17993710240963856 [] Burst average 5 requests/second [] Timed-out requests 0 [] Original max concurrency 20 [] Throttled max concurrency 21

[~] Continue? (hit 'enter' to continue, 'r' to generate reports and 'e' to exit) ---8<---