Several Issues
I have deployed a VM with the following specs: 2CPU/7.5GB RAM. I
configured Postgres per the documentation and have tried to run
scans against our production website (approx 4500 pages) using a
custom Profile. The profile has been configured to have all XSS
checks and I have tried to optimize for speed based on several
threads you have posted (ie include used technologies in
fingerprint, tweak concurrency etc)
All the scans seem to run into issues that include errors such as
this:
/usr/share/arachni/system/arachni-ui-web/app/models/scan.rb:519:in `refresh'
/usr/share/arachni/system/arachni-ui-web/lib/scan_manager.rb:152:in `block in refresh'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/iterator.rb:129:in `call'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/iterator.rb:129:in `block in each'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/iterator.rb:241:in `call'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/iterator.rb:241:in `block in spawn_workers'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/tasks/base.rb:52:in `call'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/tasks/base.rb:52:in `call_task'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/tasks/one_off.rb:23:in `call'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/tasks.rb:96:in `block in call'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/tasks.rb:96:in `each'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor/tasks.rb:96:in `call'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor.rb:310:in `block in run'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor.rb:308:in `loop'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor.rb:308:in `run'
/usr/share/arachni/system/gems/gems/arachni-reactor-0.1.0.beta5/lib/arachni/reactor.rb:350:in `block in run_in_thread'
After running for several hours the scans end with "the scan could not be monitored because connection was lost to the instance" The last scan is now seemingly locked up at "suspending scan"
I also seem to have a very hard time re-connecting to the WebUI and it is very sluggish.
Do you have any suggestions regarding how I can address these issues ? I can certainly increase the specs of the VM, but I am not sure that would address the issues with errors and scans dying. Any pointers are appreciated
Many thanks in advance.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 01 Sep, 2015 10:03 AM
Did this error occur after you tried to suspend the scan?
2 Posted by dssec on 01 Sep, 2015 03:19 PM
No those errors crop up when scans are running, its happened with every scan so far.
If I provision a new VM to run the tool from, are there any sizing recommendations for a large website ?
Support Staff 3 Posted by Tasos Laskos on 01 Sep, 2015 03:51 PM
The current one should have more than enough resources.
How many scans were you running? Also, had you configured the scan to suspended after a certain amount of time or something?
Checking out the
dmesg
log could provide hints if the scan crashed due to resource exhaustion.4 Posted by dssec on 01 Sep, 2015 04:17 PM
I was running a single scan and no its configured to suspend after a given time.
I will check the log and see what I find
Support Staff 5 Posted by Tasos Laskos on 30 Sep, 2015 02:55 PM
Any progress on this?
Support Staff 6 Posted by Tasos Laskos on 24 Feb, 2016 12:32 PM
I'm closing this due to lack of feedback, if the latest version is still giving you trouble feel free to reopen this discussion.
Cheers
Tasos Laskos closed this discussion on 24 Feb, 2016 12:32 PM.