Comments (15)
Hi!
Unfortunately there's not much we can do about that bug at the moment but
there's a workaround: make sure to specify a database file in the command
line options. Then if you have to kill the scan you can just generate a
report directly from the database file without having to launch the scan
again.
Hope that helps! :)
Regards
On Thursday, 17 March 2016, Blaise M Crowly [email protected]
wrote:
After running for golismero with with the -o option the audit began
normally.
Things seemed to be going well as plugins executed.
After a specific time period the tool showed that a plugin had completed
execution and then the program seemed to freeze for over 30mins. After
which it began printing
.......
[
] GoLismero: Current stage: Reconaissance [] GoLismero: Current stage:
Reconaissance
[
] GoLismero: Current stage: Reconaissance [] GoLismero: Current stage:
Reconaissance
[
] GoLismero: Current stage: Reconaissance [] GoLismero: Current stage:
Reconaissance
[
] GoLismero: Current stage: Reconaissance [] GoLismero: Current stage:
Reconaissance
[*] GoLismero: Current stage: Reconaissancein an infinite loop for over 6 hours.
after which I interrupted it. It exited with.....................
[
] GoLismero: Current stage: Reconaissance [] GoLismero: Current stage:
Reconaissance
^CUser cancel requested, stopping all audits...
[
] GoLismero: Current stage: Reconaissance [] GoLismero: Current stage:
ReconaissanceNote: If we use Ctrl-C while the program is frozen it fails to does not
exit nor does it continue in any manner.Command usage [image: ๐]
python2.7 golismero.py scan reelmonk.com -o X.htmlX.html does not exit after the program ended.
โ
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#17
โThere's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.โ
from golismero.
Hi
Sure I will try with that. I have been trying to diagnose what is causing it so I can try and fix it. If you have any leads let me know, can try and fix it. another approach I was thinking of was to internally do the database to html operation even when the user gives -o.
Cheers
from golismero.
As far as I could trace the bug, it's some problem with the multiprocessing
library - we're abusing it's functionality a little bit it seems :D and it
doesn't like us launching three levels of forks talking to each other. For
reasons I couldn't trace, occasionally one of the processes freeze.
Depending on your settings this either freezes the whole scan, or causes
the main process to believe the scan never finished.
In version 3 of Golismero we plan to ditch the multiprocessing part
entirely and rely on third party libraries that are much more high level,
both to avoid low level issues like this and to decouple the implementation
(it'll be easier to deploy instances across different machines and have
them talk to each other). This is still in the drawing board, though. Can't
promise a release date, we're all doing this in our free time I'm afraid.
:(
On Thursday, 17 March 2016, Blaise M Crowly [email protected]
wrote:
Hi
Sure I will try with that. I have been trying to diagnose what is causing
it so I can try and fix it. If you have any leads let me know, can try and
fix it. another approach I was thinking of was to internally do the
database to html operation even when the user gives -o.Cheers
โ
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#17 (comment)
โThere's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.โ
from golismero.
Can you point to the point when this occurred, so we can use the version without this issue?
from golismero.
If one tries to use the workaround to make it work, I can suggest some script-fu to make it viable. It still makes it almost useless having it freeze all the time.
Run the following script with a cronjob every 8 hours.
#!/bin/bash
#Add some timeinfo to each output so you see what happens
golismero scan xx.xx.xx.xx --forbid-subdomains -d theharvester -o testoutput.txt -db database.db | awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; fflush(); }' &
echo $!
$mypenprocess=$!
#pause x hours
sleep 21600 #6 hours
#check if g is running (if process is alive its frozen)
kill -KILL $mypenprocess 2> /dev/null
ps xu | grep goli | grep -v grep | awk '{ print $2 }' | xargs kill -9
echo "Killed it" | awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; fflush(); }' &
#generate report from db
golismero report report.html -db database.db
from golismero.
It's been happening in all versions AFAIK.
On Tuesday, 22 March 2016, SimplyBG [email protected] wrote:
Can you point to the point when this occurred, so we can use the version
without this issue?โ
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#17 (comment)
โThere's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.โ
from golismero.
Nice!
Golismero also lets you resume the scan instead of just interrupting it,
that may be useful as well.
On Tuesday, 22 March 2016, SimplyBG [email protected] wrote:
If one tries to use the workaround to make it work, I can suggest some
script-fu to make it viable. It still makes it almost useless having it
freeze all the time.#!/bin/bash
#Add some timeinfo to each output so you see what happens
| awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; fflush(); }' &echo $!
$mypenprocess=$ !#pause x hours
sleep 21600 #6 hours
#sleep 60#check if abc is running
kill -KILL $mypenprocess 2> /dev/null#generate report from db
โ
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#17 (comment)
โThere's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.โ
from golismero.
theauditor, I experience the same. Perform Ctrl-Z to exit the routine.
from golismero.
MarioVilas, regarding suggestion of including database, I have included and does not always prevent the freeze. My "freeze" could be different than the other - troubleshooting not complete.
from golismero.
SimplyBG, my freezes occur around the DNS brute force section. During my troubleshooting I realized that my physical Kali Linux, no dual boot, machine had been up for more than one week, perhaps two. I rebooted. As I type, I am re-running and I have made it past said section.
from golismero.
GoLismero 2.0.0b6. Still saving neither the output file nor the db, and still stucking randomly.
from golismero.
@hydrastarmaster The randomly getting stuck part is another issue I'm afraid (there's an open ticket for that). But I cannot reproduce the part about the db not being saved. Can you post the exact command line that you're using?
from golismero.
@MarioVilas Sure, here it is:
golismero 192.168.1.1 -o - -o golismero_report.txt -db golismero_report.db
It stucks doing this:
[*] GoLismero: Current stage: Reporting
-->^C (does nothing)
-->^Z (stopped)
--> killall python (gone)
Neither .txt nor .db are even touched.
You're welcome to ask me for a package check.
from golismero.
@hydrastarmaster By any chance, are you using the version shipped with Kali? I have no idea how often they update that package, if at all. We always recommend using the version from Github instead. (I cannot reproduce the issue with the Github version, so I think it's probably fixed already.)
from golismero.
A similiar but probably not identical issue is caused by punkspider.
Using the flag -d punkspider alleviates the issue
from golismero.
Related Issues (20)
- How to scan a POST request directly? HOT 5
- cmd line options + new longer TLDs handling + proxy mode broken HOT 2
- OpenSSL Heartbleed Attack - Execution timeout reached Error
- [Errno 11001] getaddrinfo failed & OpenVAS: Plugin disabled, reason: Missing status property in response
- Newer OpenVAS support?
- Metasploit Support HOT 18
- cannot load targets from file? HOT 1
- How to use a profile? HOT 3
- False positives with URL disclosure
- default parameters not expressed
- Shodan: Error querying Shodan: HTTP Error 521: Origin Down HOT 4
- http://golismero-project.com not found HOT 3
- Console interface
- Should switch to Python 3 HOT 3
- output error, HOT 9
- K8S job
- Broken apt-get formula
- YAML template to automate inputs ?
- Error execution HOT 1
- Question about javascript rendered websites
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from golismero.