Several Issues

dssec's Avatar

dssec

01 Sep, 2015 05:02 AM

I have deployed a VM with the following specs: 2CPU/7.5GB RAM. I configured Postgres per the documentation and have tried to run scans against our production website (approx 4500 pages) using a custom Profile. The profile has been configured to have all XSS checks and I have tried to optimize for speed based on several threads you have posted (ie include used technologies in fingerprint, tweak concurrency etc)
All the scans seem to run into issues that include errors such as this:

/usr/share/arachni/system/arachni-ui-web/app/models/scan.rb:519:in `refresh'
/usr/share/arachni/system/arachni-ui-web/lib/scan_manager.rb:152:in `block in refresh'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/iterator.rb:129:in `call'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/iterator.rb:129:in `block in each'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/iterator.rb:241:in `call'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/iterator.rb:241:in `block in spawn_workers'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/tasks/base.rb:52:in `call'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/tasks/base.rb:52:in `call_task'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/tasks/one_off.rb:23:in `call'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/tasks.rb:96:in `block in call'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/tasks.rb:96:in `each'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/tasks.rb:96:in `call'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor.rb:310:in `block in run'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor.rb:308:in `loop'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor.rb:308:in `run'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor.rb:350:in `block in run_in_thread'

After running for several hours the scans end with "the scan could not be monitored because connection was lost to the instance" The last scan is now seemingly locked up at "suspending scan"

I also seem to have a very hard time re-connecting to the WebUI and it is very sluggish.

Do you have any suggestions regarding how I can address these issues ? I can certainly increase the specs of the VM, but I am not sure that would address the issues with errors and scans dying. Any pointers are appreciated

Many thanks in advance.

  1. Support Staff 1 Posted by Tasos Laskos on 01 Sep, 2015 10:03 AM

    Tasos Laskos's Avatar

    Did this error occur after you tried to suspend the scan?

  2. 2 Posted by dssec on 01 Sep, 2015 03:19 PM

    dssec's Avatar

    No those errors crop up when scans are running, its happened with every scan so far.

    If I provision a new VM to run the tool from, are there any sizing recommendations for a large website ?

  3. Support Staff 3 Posted by Tasos Laskos on 01 Sep, 2015 03:51 PM

    Tasos Laskos's Avatar

    The current one should have more than enough resources.
    How many scans were you running? Also, had you configured the scan to suspended after a certain amount of time or something?

    Checking out the dmesg log could provide hints if the scan crashed due to resource exhaustion.

  4. 4 Posted by dssec on 01 Sep, 2015 04:17 PM

    dssec's Avatar

    I was running a single scan and no its configured to suspend after a given time.
    I will check the log and see what I find

  5. Support Staff 5 Posted by Tasos Laskos on 30 Sep, 2015 02:55 PM

    Tasos Laskos's Avatar

    Any progress on this?

  6. Support Staff 6 Posted by Tasos Laskos on 24 Feb, 2016 12:32 PM

    Tasos Laskos's Avatar

    I'm closing this due to lack of feedback, if the latest version is still giving you trouble feel free to reopen this discussion.

    Cheers

  7. Tasos Laskos closed this discussion on 24 Feb, 2016 12:32 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac