Does not create report file. about golismero HOT 15 OPEN

Hi!

Unfortunately there's not much we can do about that bug at the moment but
there's a workaround: make sure to specify a database file in the command
line options. Then if you have to kill the scan you can just generate a
report directly from the database file without having to launch the scan
again.

Hope that helps! :)
Regards

On Thursday, 17 March 2016, Blaise M Crowly [email protected]
wrote:

After running for golismero with with the -o option the audit began
normally.
Things seemed to be going well as plugins executed.
After a specific time period the tool showed that a plugin had completed
execution and then the program seemed to freeze for over 30mins. After
which it began printing
.......
[
] GoLismero: Current stage: Reconaissance [] GoLismero: Current stage:
Reconaissance
[
] GoLismero: Current stage: Reconaissance [] GoLismero: Current stage:
Reconaissance
[
] GoLismero: Current stage: Reconaissance [] GoLismero: Current stage:
Reconaissance
[
] GoLismero: Current stage: Reconaissance [] GoLismero: Current stage:
Reconaissance
[*] GoLismero: Current stage: Reconaissance

in an infinite loop for over 6 hours.
after which I interrupted it. It exited with.

....................
[
] GoLismero: Current stage: Reconaissance [] GoLismero: Current stage:
Reconaissance
^CUser cancel requested, stopping all audits...
[
] GoLismero: Current stage: Reconaissance [] GoLismero: Current stage:
Reconaissance

Note: If we use Ctrl-C while the program is frozen it fails to does not
exit nor does it continue in any manner.

Command usage [image: 👍]
python2.7 golismero.py scan reelmonk.com -o X.html

X.html does not exit after the program ended.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#17

“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”

from golismero.

Hi
Sure I will try with that. I have been trying to diagnose what is causing it so I can try and fix it. If you have any leads let me know, can try and fix it. another approach I was thinking of was to internally do the database to html operation even when the user gives -o.

Cheers

from golismero.

As far as I could trace the bug, it's some problem with the multiprocessing
library - we're abusing it's functionality a little bit it seems :D and it
doesn't like us launching three levels of forks talking to each other. For
reasons I couldn't trace, occasionally one of the processes freeze.
Depending on your settings this either freezes the whole scan, or causes
the main process to believe the scan never finished.

In version 3 of Golismero we plan to ditch the multiprocessing part
entirely and rely on third party libraries that are much more high level,
both to avoid low level issues like this and to decouple the implementation
(it'll be easier to deploy instances across different machines and have
them talk to each other). This is still in the drawing board, though. Can't
promise a release date, we're all doing this in our free time I'm afraid.
:(

On Thursday, 17 March 2016, Blaise M Crowly [email protected]
wrote:

Hi
Sure I will try with that. I have been trying to diagnose what is causing
it so I can try and fix it. If you have any leads let me know, can try and
fix it. another approach I was thinking of was to internally do the
database to html operation even when the user gives -o.

Cheers

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#17 (comment)

“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”

from golismero.

Can you point to the point when this occurred, so we can use the version without this issue?

from golismero.

If one tries to use the workaround to make it work, I can suggest some script-fu to make it viable. It still makes it almost useless having it freeze all the time.

Run the following script with a cronjob every 8 hours.

#!/bin/bash

#Add some timeinfo to each output so you see what happens
golismero scan xx.xx.xx.xx --forbid-subdomains -d theharvester -o testoutput.txt -db database.db  | awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; fflush(); }' &

echo $!
$mypenprocess=$!

#pause x hours
sleep 21600  #6 hours

#check if g is running (if process is alive its frozen)
kill -KILL $mypenprocess 2> /dev/null

ps xu | grep goli | grep -v grep | awk '{ print $2 }' | xargs kill -9

echo "Killed it"  | awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; fflush(); }' &

#generate report from db
golismero report report.html -db database.db

from golismero.

It's been happening in all versions AFAIK.

On Tuesday, 22 March 2016, SimplyBG [email protected] wrote:

Can you point to the point when this occurred, so we can use the version
without this issue?

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#17 (comment)

“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”

from golismero.

Nice!

Golismero also lets you resume the scan instead of just interrupting it,
that may be useful as well.

On Tuesday, 22 March 2016, SimplyBG [email protected] wrote:

If one tries to use the workaround to make it work, I can suggest some
script-fu to make it viable. It still makes it almost useless having it
freeze all the time.

#!/bin/bash

#Add some timeinfo to each output so you see what happens
| awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; fflush(); }' &

echo $!
$mypenprocess=$!

#pause x hours
sleep 21600 #6 hours
#sleep 60

#check if abc is running
kill -KILL $mypenprocess 2> /dev/null

#generate report from db

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#17 (comment)

“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”

from golismero.

theauditor, I experience the same. Perform Ctrl-Z to exit the routine.

from golismero.

MarioVilas, regarding suggestion of including database, I have included and does not always prevent the freeze. My "freeze" could be different than the other - troubleshooting not complete.

from golismero.

SimplyBG, my freezes occur around the DNS brute force section. During my troubleshooting I realized that my physical Kali Linux, no dual boot, machine had been up for more than one week, perhaps two. I rebooted. As I type, I am re-running and I have made it past said section.

from golismero.

GoLismero 2.0.0b6. Still saving neither the output file nor the db, and still stucking randomly.

from golismero.

@hydrastarmaster The randomly getting stuck part is another issue I'm afraid (there's an open ticket for that). But I cannot reproduce the part about the db not being saved. Can you post the exact command line that you're using?

from golismero.

@MarioVilas Sure, here it is:
golismero 192.168.1.1 -o - -o golismero_report.txt -db golismero_report.db
It stucks doing this:
[*] GoLismero: Current stage: Reporting
-->^C (does nothing)
-->^Z (stopped)
--> killall python (gone)
Neither .txt nor .db are even touched.
You're welcome to ask me for a package check.

from golismero.

@hydrastarmaster By any chance, are you using the version shipped with Kali? I have no idea how often they update that package, if at all. We always recommend using the version from Github instead. (I cannot reproduce the issue with the Github version, so I think it's probably fixed already.)

from golismero.

A similiar but probably not identical issue is caused by punkspider.
Using the flag -d punkspider alleviates the issue

from golismero.