When Arachni CLI finishes, the previous logging information disappears

Zukky's Avatar

Zukky

16 May, 2017 04:25 PM

Hi,

When I run Arachni CLI, the output I get is this:

================================================================================


 [+] Web Application Security Report - Arachni Framework

 [~] Report generated on: 2017-05-16 16:20:22 +0000
 [~] Report false positives at: http://github.com/Arachni/arachni/issues

 [+] System settings:
 [~] ---------------
 [~] Version:           1.5.1
 [~] Seed:              657943d87b2b8b9a10a43a45c821fac3
 [~] Audit started on:  2017-05-16 16:20:17 +0000
 [~] Audit finished on: 2017-05-16 16:20:22 +0000
 [~] Runtime:           00:00:05

 [~] URL:        http://app:8081/
 [~] User agent: Arachni/v1.5.1

 [*] Audited elements:
 [~] * Links
 [~] * Forms
 [~] * Cookies
 [~] * XMLs
 [~] * JSONs
 [~] * UI inputs
 [~] * UI forms

 [*] Checks: code_injection, code_injection_php_input_wrapper, code_injection_timing, csrf, file_inclusion, ldap_injection, no_sql_injection, no_sql_injection_differential, os_cmd_injection, os_cmd_injection_timing, path_traversal, response_splitting, rfi, session_fixation, source_code_disclosure, sql_injection, sql_injection_differential, sql_injection_timing, trainer, unvalidated_redirect, unvalidated_redirect_dom, xpath_injection, xss, xss_dom, xss_dom_script_context, xss_event, xss_path, xss_script_context, xss_tag, xxe, allowed_methods, backdoors, backup_directories, backup_files, captcha, common_admin_interfaces, common_directories, common_files, cookie_set_for_parent_domain, credit_card, cvs_svn_users, directory_listing, emails, form_upload, hsts, htaccess_limit, html_objects, http_only_cookies, http_put, insecure_client_access_policy, insecure_cookies, insecure_cors_policy, insecure_cross_domain_policy_access, insecure_cross_domain_policy_headers, interesting_responses, localstart_asp, mixed_resource, origin_spoof_access_restriction_bypass, password_autocomplete, private_ip, ssn, unencrypted_password_forms, webdav, x_frame_options, xst

 [~] ===========================

 [+] 0 issues were detected.


 [~] Report saved at: /arachni/app 2017-05-16 16_20_22 +0000.afr [0.0MB]
 [~] The scan has logged errors: /arachni/bin/../system/logs/framework/error-199.log

 [~] Audited 0 page snapshots.

 [~] Duration: 00:00:05
 [~] Processed 12/12 HTTP requests.
 [~] -- 30.047 requests/second.
 [~] Processed 0/0 browser jobs.
 [~] -- 0.0 second/job.

 [~] Burst response time sum     0.0 seconds
 [~] Burst response count        2
 [~] Burst average response time 0.0 seconds
 [~] Burst average               3.36 requests/second
 [~] Timed-out requests          0
 [~] Original max concurrency    20
 [~] Throttled max concurrency   20"

However, the previous logging information simply disappears? This stuff:

"Arachni - Web Application Security Scanner Framework v1.5.1
   Author: Tasos "Zapotek" Laskos <[email blocked]>

           (With the support of the community and the Arachni Team.)

   Website:       http://arachni-scanner.com
   Documentation: http://arachni-scanner.com/wiki


[~] No checks were specified, loading all.
[~] No element audit options were specified, will audit links, forms, cookies, UI inputs, UI forms, JSONs and XMLs.

[*] Initializing...
[*] Preparing plugins...
[*] ... done.
[*] BrowserCluster: Initializing 6 browsers...
[*] BrowserCluster: Spawned #1 with PID 7476 [lifeline at PID 15064].
[*] BrowserCluster: Spawned #2 with PID 15332 [lifeline at PID 17436].
[*] BrowserCluster: Spawned #3 with PID 15208 [lifeline at PID 17224].
[*] BrowserCluster: Spawned #4 with PID 16432 [lifeline at PID 18084].
[*] BrowserCluster: Spawned #5 with PID 8432 [lifeline at PID 584].
[*] BrowserCluster: Spawned #6 with PID 17668 [lifeline at PID 16380].
[*] BrowserCluster: Initialization completed with 6 browsers in the pool.

[*] [HTTP: 404] https://enquiry-submitter-energy.test.ctmers.io/
[~] Analysis resulted in 0 usable paths.
[~] DOM depth: 0 (Limit: 5)
[*] XSS in path: Checking for: https://enquiry-submitter-energy.test.ctmers.io/<my_tag_6a67d3d05474ea4a0995b7cc8d87c102/>
[*] XSS in path: Checking for: https://enquiry-submitter-energy.test.ctmers.io/>"'><my_tag_6a67d3d05474ea4a0995b7cc8d87c102/>
[*] XSS in path: Checking for: https://enquiry-submitter-energy.test.ctmers.io/
[*] XSS in path: Checking for: https://enquiry-submitter-energy.test.ctmers.io/
[*] XSS in path: Checking for: https://enquiry-submitter-energy.test.ctmers.io/
[*] XSS in path: Checking for: https://enquiry-submitter-energy.test.ctmers.io/
[*] Allowed methods: Checking...
[+] In server with action https://enquiry-submitter-energy.test.ctmers.io/
[*] Mixed Resource: Checking...
[*] XST: Checking...
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
[*] localstart.asp: Checking: https://enquiry-submitter-energy.test.ctmers.io//localstart.asp
[+] In server with action https://enquiry-submitter-energy.test.ctmers.io/
[+] Interesting responses: Found an interesting response -- Code: 405.
"

How do I get this to always appear?

  1. 1 Posted by Zukky on 16 May, 2017 04:26 PM

    Zukky's Avatar

    That looks like a terrible mess, there is a divider in the middle.

  2. Support Staff 2 Posted by Tasos Laskos on 16 May, 2017 05:54 PM

    Tasos Laskos's Avatar

    It should always appear, did you run this on Windows? Also, did you abort the scan?

  3. 3 Posted by Zukky on 17 May, 2017 03:46 PM

    Zukky's Avatar

    Yes, it ran on windows. I ran this in Linux also and it outputs the same behaviour, it's odd. No I didn't abort the scan.

  4. Support Staff 4 Posted by Tasos Laskos on 17 May, 2017 03:48 PM

    Tasos Laskos's Avatar

    I'm starting to think that it's a problem with your terminal, I've never gotten any such issue.

    From what I can see it's not Arachni crashing or anything, the output is being truncated, there's a terminal control character for the color of the message status sign that's cut in the middle.

  5. 5 Posted by Zukky on 17 May, 2017 07:40 PM

    Zukky's Avatar

    Ah I see it, it seems like an ANSI escape character ESC[2j, I've ran the same arachni cli command on different terminals -> Git Bash, Powershell, Cmd, Bash shell and all are outputting the same behaviour, any idea what might be causing this? I've changed different settings on the terminals to no avail. I have to "> arachni_log.txt" to see the full output cause of the truncation?

  6. Support Staff 6 Posted by Tasos Laskos on 18 May, 2017 01:04 PM

    Tasos Laskos's Avatar

    When you run it on Linux, it doesn't by any chance say "Killed" at the end, does it?
    Could the OS be killing the process because it's using too much RAM?

  7. 7 Posted by Zukky on 18 May, 2017 07:27 PM

    Zukky's Avatar

    Hi Tasos,

    No, it doesn't. It says nothing at the end, just has the escape character [2j, I have tried numerous attempts, I haven't an idea why it is doing it..

  8. Support Staff 8 Posted by Tasos Laskos on 19 May, 2017 01:11 PM

    Tasos Laskos's Avatar

    The most important question I forgot to ask is, is the scan process still alive after the output stops?
    Also, does dmesg say anything interesting about the process at that time?

  9. 9 Posted by Zukky on 19 May, 2017 02:20 PM

    Zukky's Avatar

    No, the scan process is stopped, as the final output is the Arachni report and the control via the cmd line comes back to me (user). dmesg isn't showing anything out of the ordinary.

  10. Support Staff 10 Posted by Tasos Laskos on 19 May, 2017 02:27 PM

    Tasos Laskos's Avatar

    At the end of the scan the screen is cleared and the report is printed, the status messages will be there but in a page higher than your terminal would currently display.
    Is that what we're talking about?

    Also, can you please show me the configuration you're using? Are you setting any --output options?

  11. 11 Posted by Zukky on 19 May, 2017 03:29 PM

    Zukky's Avatar

    Exact CLI command from the other thread ->

    bin/arachni --profile-load-filepath ./security_scanner/Security_Profile.afp --scope-include-subdomains --scope-extend-paths ./security_scanner/spider_these_urls.txt --report-save-path=arachni_report.afr http://app:8081/ | tee arachni_log.txt

    I've recorded the terminal to show you what i'm seeing: https://www.youtube.com/watch?v=gAkEioi9qMI&feature=youtu.be

    At 2:10, you'll see i'm unable to not scroll to the above log, it's only showing the report. Would any --output arguments help in this case?

  12. Support Staff 12 Posted by Tasos Laskos on 19 May, 2017 03:33 PM

    Tasos Laskos's Avatar

    The video is unavailable, can you try configuring your terminal to allow unlimited scrollback please?

  13. 13 Posted by Zukky on 19 May, 2017 03:35 PM

    Zukky's Avatar

    Try the link now,

    I have enabled maximum scroll lines, which is much more than the report.

  14. Support Staff 14 Posted by Tasos Laskos on 19 May, 2017 03:43 PM

    Tasos Laskos's Avatar

    I don't know what's going on, are you intercepting its output somehow or maybe docker?
    I'm pretty sure that if you run Arachni on its own in any terminal it'll work as expected.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac