Arachni: Discussion

Arachni is running so long even with the latest version 0.4.1.3

2013-03-07T12:25:57Z

Hello,

I have scheduled a test scan before 2 days and still the test are in-progress.
i also used the --link-count=10 command, but it seems to be not feasible.Hope you will help me on this.
I am working with the latest version of arachni 0.4.1.3.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-07T14:50:03Z

Hi there,

There was a bug when it came to enforcing that restriction. Fortunately, it has been fixed in the experimental branch of the project and you can grab a self-contained package with that fix.

Pick the package which suits you from the nightly builds and let me know how it works.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-08T06:19:06Z

Hey Tasos,

Thanks alot for the quick response.

Actually we are working on windows machine and unfortunately was not able to find any nightly for Windows platform (32 bit).

Can you please point us to the correct location to download the same for windows?
Meanwhile we are trying for linux distribution.

Regards,
Gopal

Arachni is running so long even with the latest version 0.4.1.3

2013-03-08T15:07:52Z

I'm sorry, there aren't any nightly packages available; I recommend installing Linux in a virtual machine.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-12T05:24:05Z

Hi Tasos,

Is there any other option to limit the scan so that scan can stop after 2-3 hour??

Arachni is running so long even with the latest version 0.4.1.3

2013-03-12T06:24:50Z

Here is another query...

I already have a previous version of Arachni installed on Ubuntu. Is there is a way to update the same version so that it gets upgraded to the latest build in which you have applied the patch.

if yes, please help us with the exact command line arguments to do the upgrade.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-12T14:36:01Z

Unfortunately, the answer is no to both.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T07:51:18Z

Hi Tasos,

thanks for your replies. However I tried the nightly build provided but seems that some specific RUBY gem is either missing from the build or is unavailable in RUBY distribution.
whenever I try to run the tool, I get the below error. Can you please help us on this issue?

Error:
/usr/local/rvm/rubies/ruby-1.9.3-p392/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require': cannot load such file -- bundler/setup (LoadError) from /usr/local/rvm/rubies/ruby-1.9.3-p392/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:inrequire' from /var/www/arachni-1.0dev-0.4dev/system/gems/gems/arachni-1.0dev-0.4dev/bin/../system/arachni-ui-web/bin/arachni:14:in `'

Also, i am successfully able to run the current build v0.4.1.3.

Regards,
Gopal

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T14:04:24Z

Thanks for letting me know, that seems to be a problem with the package, will fix it and let you know.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T15:41:28Z

Thanks Tasos,

We are in a business critical situation, and have been struggling with this situation for quite long.
I would really appreciate if you take this request on priority and provide the solution for the same ASAP.

Regards,
Gopal

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T15:44:48Z

Duly noted Gopal, working on it now.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T15:48:19Z

Just to make sure, can you show be how you're running it?

PS. And which package you're using.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T16:07:14Z

I have downloaded the nightly package.

steps:
1) download the arachni setup
2) untar the setup
3) goto path arachni-1.0dev-0.4dev/system/gems/bin [install ruby and update gems]
4) also tried arachni-1.0dev-0.4dev/system/gems/gems/ [install ruby and update gems]
5) command ./arachni -h [not working]
5) In gems/gems path, there is no arachni-1.0dev-0.4dev/bin folder to work on that.
but this type of folder structure is available on build v0.4.1.3.

so i am not sure why its not working, kindly suggest.

Thanks!!!

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T16:11:58Z

Why are you being so hard on yourself?
The packages are self-contained, you just run the executable under arachni-1.0dev-0.4dev/bin/.

I thought the README file in the package made that clear.

Let me know how it works.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T16:36:47Z

I have also tried with arachni-1.0dev-0.4dev/bin/ path and update ruby and gems within it but it seems to be not working for me.

while the same is working fine with v0.4.1.3 build.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T16:47:07Z

There's a misunderstanding here, let's start over.

The packages are self-contained, they don't need anything else to be installed on the system. They contain a Ruby installation and all gem dependencies and even system library dependencies like libxml2, curl etc.

You should not touch anything under system/ nor need to.
You only have to run the executables under the immediate bin/ dir of the package, if that doesn't work then I'd like to see that output in order to help out.

And before retrying, please remove the existing directory and download the package again because there's a chance you may have corrupted it.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T16:50:39Z

Also, the fact that what you were doing worked for the v0.4.1.3 package was pure change, you should have, once again, used the executables under the immediate bin/ dir only.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T17:39:14Z

I really thank you for your prompt response.
i am also working in the same manner as you suggested to resolve the issue, but could not.
Please find the attached screenshot:

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T17:53:53Z

I'm guessing that that VM hasn't been updated in a while.

The packages may very well be self-contained but one thing they depend on is that the system uses the same glibc version as everything depends on it (and relevantly compatible kernels).

There's only so much you can do...

You can either grab a recent distro or upgrade.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T18:24:26Z

I tried following the same steps on Ubuntu 11.04 and got a separate error. Attached screenshot might be helpful.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T18:49:37Z

Are you just the most unlucky person on the face of the earth?
At least the last error made sense, this one...I'm lost.

I just went through all the packages and they all worked fine.

Can you check if the file reported to not exist is there? Can you do an ls -la on that directory and paste it please?

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T19:05:12Z

Please find the attached screenshot for ls -la.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T19:08:15Z

No, the error reports that system/usr/ruby doesn't exist so could you list the contents of system/usr/ and paste the output here?

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T19:14:52Z

Please find the attached screenshot for system/usr:

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T19:17:38Z

Ok, the bin folder is there, does it contain a ruby binary?

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T19:27:55Z

Yes, it contain a ruby file. please find the attached screenshot:

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T19:31:31Z

Any chance I can have SSH access to that VM?

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T19:37:49Z

I will initiate the goToMeeting session and will share you the link.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T19:49:34Z

I was the one who deleted your previous posts and I also sent you an e-mail saying that you shouldn't post those online on a public forum.

Morever, I'm on a Linux system which is not supported by GTM.

Arachni is running so long even with the latest version 0.4.1.3

2013-03-13T19:56:17Z

Okay, so how we can share the screen.Can we have a online TeamViewer session.