Hi I have found a bug with your latest stable release

marc's Avatar


05 Nov, 2014 08:53 PM

For some reason when running the tool from command line under debian it fails to save an far report if I specify the host by hostname. However if I specific by IP the report saves just fine.

Two example command lines:

This works fine and saves an AFR report when it finishes or is terminated /usr/local/bin/arachni_multi --instance-spawns=2 --mods=* --checks=*,-common_files,-common_directories,-backup_files,-backup_directories --platforms=linux,mysql,php,apache --report=afr:outfile=/root/ --report-save-path=

This fails to save a report and dumps to stdout

/usr/local/bin/arachni_multi --instance-spawns=2 http://pwnedsite.com/wavsep/active/index-xss.jsp --mods=* --checks=*,-common_files,-common_directories,-backup_files,-backup_directories --platforms=linux,mysql,php,apache --report=afr:outfile=/root/ --report-save-path=pwnedsite.com-wavsep.afr

This is the error -

/var/lib/gems/1.9.1/gems/arachni-1.0.4/lib/arachni/rpc/serializer.rb:31:in `dump': undefined method `to_msgpack' for 2019-12-23 23:50:00 +0000:Time (NoMethodError)
        from /var/lib/gems/1.9.1/gems/arachni-1.0.4/lib/arachni/rpc/serializer.rb:31:in `dump'
        from /var/lib/gems/1.9.1/gems/arachni-1.0.4/lib/arachni/report.rb:155:in `to_afr'
        from /var/lib/gems/1.9.1/gems/arachni-1.0.4/lib/arachni/report.rb:147:in `save'
        from /var/lib/gems/1.9.1/gems/arachni-1.0.4/ui/cli/rpc/client/instance.rb:216:in `report_and_shutdown'
        from /var/lib/gems/1.9.1/gems/arachni-1.0.4/ui/cli/rpc/client/instance.rb:84:in `run'
        from /var/lib/gems/1.9.1/gems/arachni-1.0.4/ui/cli/rpc/client/local.rb:54:in `initialize'
        from /var/lib/gems/1.9.1/gems/arachni-1.0.4/bin/arachni_multi:13:in `new'
        from /var/lib/gems/1.9.1/gems/arachni-1.0.4/bin/arachni_multi:13:in `<top (required)>'
        from /usr/local/bin/arachni_multi:23:in `load'
        from /usr/local/bin/arachni_multi:23:in `<main>'
  1. Support Staff 1 Posted by Tasos Laskos on 06 Nov, 2014 05:39 AM

    Tasos Laskos's Avatar

    Hi Marc,

    I'm having some trouble with this.

    The error itself doesn't make sense because the code explicitly converts Time objects to String ones for storage, to prevent this issue.
    Not to mention the fact that using a hostname vs. an IP address shouldn't make any difference, to anything.

    Also, you're using the --mods option, which should flat-out give you an error before the scan starts as there's no such option anymore.

    Let's start from the beginning, can you please verify that the command-line options you provided are correct?

    Thanks for the feedback.


  2. Support Staff 2 Posted by Tasos Laskos on 09 Dec, 2014 12:43 PM

    Tasos Laskos's Avatar

    I'm closing this discussion due to lack of feedback, feel free to re-open.


  3. Tasos Laskos closed this discussion on 09 Dec, 2014 12:43 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac