Arachni Scanner throws #<TypeError: Coercion error: ":".to_ary => Array failed> #2074

sempervictus opened this Issue Dec 3, 2012 · 4 comments


None yet
5 participants

Arachni ( is a high-end eventmachine and typhoeus based web app security assessment tool written in Ruby. I'm finding multiple issues preventing the tool from working, most of which will likely end up here.

To start off - the base scanner itself throws the error referenced in the subject line when completing a scan. Below is the output of a scan launched against my home router (the router died from the scan and timed out at the end).

Line 43 in uniformity.rb (the line causing this) reads as:
id = issue.internal_modname + ':' + issue.elem + ':' + issue.var

Other issues (so far) include crashes in forked processes and an inability to start a proper RPCD as a result.

Reproduction requires installation of Arachni from the experimental branch with all the associated gems. Would suggest doing this in its own gemset as it does bring in a considerable number of gems.

[-] Blind (timing) SQL injection: Max waiting time exceeded, the server may be dead.
[-] HTTP: Request timed-out! -- ID# 24171
[-] HTTP: Request timed-out! -- ID# 24173
[-] HTTP: Request timed-out! -- ID# 24174
[] Resolver: Resolving hostnames...
] Resolver: Done!
[-] #<TypeError: Coercion error: ":".to_ary => Array failed>
[-] kernel/common/type.rb:28:in execute_coerce_to' [-] kernel/common/type.rb:20:incoerce_to'
[-] kernel/common/array.rb:203:in +' [-] /usr/local/rvm/gems/rbx-head/gems/arachni-1.0dev/plugins/defaults/meta/uniformity.rb:43:inrun'
[-] kernel/common/enumerator19.rb:32:in with_index' [-] kernel/bootstrap/array.rb:68:ineach'
[-] kernel/common/enumerator.rb:8:in each' [-] kernel/common/enumerator19.rb:30:inwith_index'
[-] /usr/local/rvm/gems/rbx-head/gems/arachni-1.0dev/plugins/defaults/meta/uniformity.rb:40:in run' [-] /usr/local/rvm/gems/rbx-head/gems/arachni-1.0dev/lib/arachni/plugin/manager.rb:106:inrun'
[-] /usr/local/rvm/gems/rbx-head/gems/arachni-1.0dev/lib/arachni/utilities.rb:276:in exception_jail' [-] /usr/local/rvm/gems/rbx-head/gems/arachni-1.0dev/lib/arachni/plugin/manager.rb:101:inrun'
[-] kernel/bootstrap/thread19.rb:41:in __run__' [-] [-] Parent: [-] Arachni::Plugin::Manager [-] [-] Block: [-] #<Proc:0x70fff4@/usr/local/rvm/gems/rbx-head/gems/arachni-1.0dev/lib/arachni/plugin/manager.rb:101> [-] [-] Caller: [-] /usr/local/rvm/gems/rbx-head/gems/arachni-1.0dev/lib/arachni/plugin/manager.rb:101:inrun'
[-] --------------------------------------------------------------------------------


brixen commented Dec 3, 2012

@sempervictus would it be possible to throw up a github repo with a Gemfile and a script so I can just bundle and run the script?

I'll start with running the tests for this, but a repo like that would help a lot.

just run arachni at CLI and pass a test URL for it to scan (arachni http://localhost:80) i'll try to put together a repo if you still need it.


Gibheer commented Dec 4, 2012

I just tried with the current HEAD of arachni and rubinius and it works for me

# ./bin/arachni
[~] Sent 2908 requests.
[~] Received and analyzed 2908 responses.
[~] In 00:00:19
[~] Average: 151 requests/second.

[~] Currently auditing 
[~] Burst response time total    0
[~] Burst response count total   0 
[~] Burst average response time  0
[~] Burst average                0 requests/second
[~] Timed-out requests           0
[~] Original max concurrency     20
[~] Throttled max concurrency    20

So the repo is needed to reproduce that.


stouset commented Mar 22, 2013

This should probably be closed. It's unreproducible, there's no provided minimal test case, and no activity for four months.

@jc00ke jc00ke closed this Mar 22, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment