Scanner does not progress past Crawling in Grid mode

Mike's Avatar

Mike

28 Sep, 2013 08:15 PM

I have 3 Arachnis in a Grid and am triggering a simple scan via RPC and the scan never progresses past crawling. This occurs in both the WebGUI and CLI... I am using the following to trigger the scan from the CLI...

arachni_rpc --server 1.1.1.2:7331 --spawns=3 --grid-mode=aggregate http://my.site.com/ --modules=xss*

The rpcds are triggered via...

#1 arachni_rpcd --address 2.2.2.2 --port 7331 --external-address=1.1.1.2 --port-range=50000-51000

#2 arachni_rpcd --address 2.2.2.3 --port 7331 --external-address=1.1.1.3 --port-range=50000-51000 --neighbour=1.1.1.2:7331 --pipe-id=arachni-2 --nickname=arachni-2

#3 arachni_rpcd --address 2.2.2.4 --port 7331 --external-address=1.1.1.4 --port-range=50000-51000 --neighbour=1.1.1.3:7331 --pipe-id=arachni-3 --nickname=arachni-3

They all communicate just fine and I have ensured ports 7331 and 50000-51000 are open to everything. I can trigger remote scans when not in a grid just fine and they proceed past crawling and into scanning and reporting. Also, when I point the scanner at just a single page with no links on it, it completes as well. Not sure what is going on...

I noticed http://support.arachni-scanner.com/discussions/problems/87-grid-dis... but it does not appear to be related as the page I'm scanning is only 9 URLs deep so there's no reason for memory to be an issue.

Any thoughts? Thanks!

  1. Support Staff 1 Posted by Tasos Laskos on 28 Sep, 2013 08:22 PM

    Tasos Laskos's Avatar

    Does this happen if you don't specify a grid mode?

  2. 2 Posted by Mike on 28 Sep, 2013 08:33 PM

    Mike's Avatar

    --grid --spawns=3 http://mikedemo.devis.com/ --modules=xss*

    This hangs

    --spawns=3 http://mikedemo.devis.com/ --modules=xss*

    This completes but I'm not sure it's actually using the grid

  3. Support Staff 3 Posted by Tasos Laskos on 28 Sep, 2013 08:37 PM

    Tasos Laskos's Avatar

    May I have permission to perform the same scan please?

  4. 4 Posted by Mike on 28 Sep, 2013 08:38 PM

    Mike's Avatar

    Go ahead

  5. 5 Posted by Mike on 29 Sep, 2013 07:39 PM

    Mike's Avatar

    Are you experiencing the same behavior?

  6. Support Staff 6 Posted by Tasos Laskos on 29 Sep, 2013 07:46 PM

    Tasos Laskos's Avatar

    Sorry, I didn't get a chance to look into this yet. I've been swamped with work lately. I'll try to get to it later today or tomorrow.

  7. Support Staff 7 Posted by Tasos Laskos on 30 Sep, 2013 12:38 AM

    Tasos Laskos's Avatar

    I couldn't reproduce this. I think I missed something when I was implementing the --external-address option because that's the most recent change and the only difference in our setups.

    And since the multi-Instance feature worked fine for you when not using the Grid then that seems like the most likely culprit.

    Shouldn't be hard to fix though, will let you know once it's ready.

  8. Support Staff 8 Posted by Tasos Laskos on 02 Oct, 2013 12:10 AM

    Tasos Laskos's Avatar

    I found the problem, could you try --address=0.0.0.0? Because you're advertising the external address but the server will only be listening on the 2.2.2.x interface if you specify it as an --address.

    Just out of curiosity, are the 2.2.2.x interfaces the ones that are connected to the NAT device? Because I'd expect that to have worked.

  9. 9 Posted by Mike on 03 Oct, 2013 07:25 PM

    Mike's Avatar

    That did not fix it... After some digging I think the issue is in the following block of code in /lib/arachni/rpc/server/framework.rb ...

        def self_url
            @self_url ||= @opts.rpc_address ?
                "#{@opts.rpc_address}:#{@opts.rpc_port}" : @opts.rpc_socket
        end
    

    Basically, @opts.rpc_address needs to resolve to the value of @opts.rpc_external_address in this block when --external-address is defined. For some reason though when I updated the code to pull in this value, it pulled in the rpc_external_address of its peer which makes no sense to me. Maybe you can figure this out for me? I've spent a while trying to figure out how it is getting that value and am stumped. I did verify, however, that if I hardcode in the external IP address in place of @opts.rpc_address that the scan completes correctly.

    The problem is that the master thinks that it has 2 slaves for each slave it has, one for the internal IP and one for the external IP. I put a debug output in the "def slaves_done?" block in /lib/arachni/rpc/server/spider.rb to examine the done_signals variable. When the scan runs, @done_signals has {"209.2.2.2:50086"=>false, "10.2.2.2:50086"=>true} in it where 209.2.2.2 and 10.2.2.2 are both interfaces on the slave. When the variable described in the paragraph above is set to the correct external address, there is only 1 slave as expected.

  10. 10 Posted by Mike on 03 Oct, 2013 09:10 PM

    Mike's Avatar

    Okay I think I've come up with a fix ...

    Update the opts in /lib/arachni/rpc/server/framework/distributor.rb to include rpc_external_address

        def cleaned_up_opts
            opts = @opts.to_h.deep_clone.symbolize_keys
            (%w(spawns rpc_socket grid_mode dir rpc_port rpc_address rpc_external_address pipe_id neighbour pool_size) |
                %w(lsmod lsrep rpc_instance_port_range load_profile delta_time) |
                %w(start_datetime finish_datetime)).each do |k|
                opts.delete k.to_sym
            end
    

    And change self_url to use rpc_external_address in /lib/arachni/rpc/server/framework.rb ... I'm pretty sure that rpc_external_address defaults to rpc_address if it is undefined so this should work.

        def self_url
            @self_url ||= @opts.rpc_external_address ?
                "#{@opts.rpc_external_address}:#{@opts.rpc_port}" : @opts.rpc_socket
        end
    

    Once I put these changes in, I can run a scan just fine (at least so far).

  11. 11 Posted by Mike on 03 Oct, 2013 10:15 PM

    Mike's Avatar

    The WebUI still has the problem of hanging on 'crawling' even though the arachni_rpc binary finishes just fine now while in grid mode... Arg... Let me know if you have any ideas

    Thanks,

  12. Support Staff 12 Posted by Tasos Laskos on 03 Oct, 2013 10:18 PM

    Tasos Laskos's Avatar

    It shouldn't, they don't really do anything differently. Looking into it and I'll get back to you.

  13. Support Staff 13 Posted by Tasos Laskos on 03 Oct, 2013 10:49 PM

    Tasos Laskos's Avatar

    Tried it a few times but I couldn't reproduce it. Does it happen every-time? Does it always work via the CLI and always gets stuck when using the WebUI?

  14. Support Staff 14 Posted by Tasos Laskos on 03 Oct, 2013 10:54 PM

    Tasos Laskos's Avatar

    Sorry btw, a couple of your earlier responses (the ones with the code) were caught by the spam filter for some reason. Thank you for looking into it though, I had forgotten about those methods.

  15. Support Staff 15 Posted by Tasos Laskos on 04 Oct, 2013 12:29 AM

    Tasos Laskos's Avatar

    I pushed your patches, thanks man.

    What's the current status of the issue btw? Still having problems?

  16. 16 Posted by Mike on 04 Oct, 2013 01:10 AM

    Mike's Avatar

    Great -- I think I figured it out... I was running arachni_web with bin/arachni_web -o 127.0.0.1 -p 9292 -D which I'm guessing is the culprit. Once i bound it to 0.0.0.0 it worked fine... Haven't looked through code though.

  17. Support Staff 17 Posted by Tasos Laskos on 04 Oct, 2013 01:14 AM

    Tasos Laskos's Avatar

    Honestly, I'm not sure how that would cause the issues but since they're gone I'm going to close this ticket. If anything comes up please do let me know.

    Cheers

  18. Tasos Laskos closed this discussion on 04 Oct, 2013 01:14 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac