Timeout not working on large scan

MRodrigues's Avatar

MRodrigues

12 Nov, 2016 06:57 PM

Hi all,

I'm having a trouble scanning a internal web page. It's a quite small site, however the scan never ends. I'm setting a timeout of 10 hours and last time ran for 15 hours and didn't stop. When I kill (with several signals i loose the report).

Any ideia how can I kill without loosing the report? I cannot hit Ctrl+c because I'm running over ssh on another machine and cannot leave the session on for several hours.

And any idea of why this timeout is not working? I've set the timeout for a lower number(2 hours) and worked great.

I'm using the proxy plugin to make the login, and the i shutdown the proxy to start the scan. Here is the command:

arachni http://www.intranet --plugin=proxy --scope-exclude-pattern=logo --checks=active/* --timeout 10:00:

Kind regards!

  1. Support Staff 1 Posted by Tasos Laskos on 17 Nov, 2016 04:46 PM

    Tasos Laskos's Avatar

    I'm not sure what could be causing the time-out not to work.
    About the scan never ending though, do the page have some sort of functionality that generates pages forever? Like a calendar?

  2. 2 Posted by MRodrigues on 18 Nov, 2016 08:29 AM

    MRodrigues's Avatar

    Hi

    Thank you for the reply!

    I've retested with smaller timeouts (e.g. 6h00) and everything works great. So it might have been another issue without a plausible explanation.

    Altough it's a small site with perhaps 20 pages, arachni makes all the tests(CSRF,XSS,LFI,..), and instead of ending, then goes again for the same set of tests. I don't know why this happens, but it doesn't freezes on the same page.

    With the timeout I've solved the problem.

    Thank you

  3. Support Staff 3 Posted by Tasos Laskos on 20 Nov, 2016 05:01 PM

    Tasos Laskos's Avatar

    Glad you got it working but I'd really like to see what's going with the scan not ending.
    Any chance I can be given access to the web page?

  4. Tasos Laskos closed this discussion on 14 Dec, 2016 02:13 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac