-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug: Directories scan never ends on v2.0.2 #1113
Comments
👋 Hi @DrorDvash, |
Did you update httpx via tools arsenal? |
Thanks, I'm trying to reproduce the issue. If you want to post some detailed logs, check out #994. Are you running Docker Desktop on Windows perhaps? In that case you can also check logs directly in the container: |
I also noticed this problem, FFUF is relaunched again and again, but only on first task. |
Weird, I'll do this a lot of time and no problem |
i have removed the |
Can reproduce the issue (late reply cause was busy with other things earlier), and it seems to be related to #1095 (comment). I.e. related to FFUF, cause I have similar errors in the log of the web container (see dashboard logs):
|
How do you reproduce it ? |
OK I think I've understood the problem. Lines 1631 to 1648 in fd5a5e5
So I think there's a problem somewhere in the URL retrieval Lines 1620 to 1626 in fd5a5e5
I will try to debug. |
Got it, problem come from here Lines 1683 to 1684 in fd5a5e5
Newly created endpoint are appended to the urls var. Don't know why this is here... |
@psyray Nicely spotted, I was also thinking that there should be some infinite loop somewhere in the code due to a for-loop. Has this code always been present (I didn't bother checking)? Maybe with ocervell's PR. Anyway, I think you could delete and test locally, then see whether any errors arise and whether it fixes the issue or not. |
It fixes, for sure. |
I'm glad to see that you fixed the issue, and I would like to get the newest code releases + the issue fix, but I'm a little bit confused which branch should i stick with for now? i have checked the 2.1.0 -> So, which branch has the latest commits + ffuf fix? @psyray |
Mine Do a git pull and a checkout
|
yes I saw that branch but I've also seen more new commits from the very last days in the master / 2.1.0 branches, so I wanted to have the newest features / bug fixes in addition to the ffuf fix. So there is no such branch currently? |
You can switch to the 2.1.0 branch, as that contains all 2.1.0-related fixes. |
But not this one 😁 |
you haven't merged ffuf fix (fix-recursive-ffuf-launch) to any other branch with the latest commits? |
Nope, fix target master directly. |
Is there an existing issue for this?
Current Behavior
I've updated reNgine to version 2.0.2 after I saw a closed issue where ffuf results were fixed and are now shown in the dashboard UI. This issue seems to be resolved, and the results are presented. However, the scan running never ends or keeps running over and over again.
Scan type: Subdomain Discovery, Port Scan, Directory and Files Search
Current scan running for 23 hours (in v1.3.6 the same scan finished in 30-50 minutes)
When looking at the results, I noticed that each subdomain was scanned multiple times for directory fuzzing (ffuf) instead of just once.
Expected Behavior
Each domain should be scanned 1 time only with ffuf, and the scan should end correctly.
Steps To Reproduce
Environment
Anything else?
If any logs are needed, please specify which ones and provide instructions on how to extract them for you. (I used
make logs
, but there are numerous lines.)Thank you.
The text was updated successfully, but these errors were encountered: