dirbuster (feroxbuster) scans hang, doesn't generate any network traffic
kwilson7770 opened this issue · comments
I am not sure what is the cause, but I noticed on Kali 2024.1, running feroxbuster 2.10.2, using mostly defaults the dirbuster scan hangs at some point and no longer produces network traffic. I ran a tcpdump on my tun0 interface and noticed zero traffic going to the 2 targets/3 ports.
I extracted the running command from the process list (ps -efH ww) and ran it slightly modified (new output file, escaped the command in single quotes). This is what I got
sudo /bin/sh -c 'feroxbuster -u http://192.168.241.143:81/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -r -o "/home/kali/test.txt"'
And that worked or at least I think it did. I didn't want to wait for the 800K+ queries to finish. I did get it to finish with a small word list and only one extension in 2 minutes.
sudo /bin/sh -c 'feroxbuster -u http://192.168.241.145:80/ -t 10 -w /usr/share/wordlists/dirb/common.txt -x "txt" -v -k -n -q -e -r -o "/home/kali/test.txt"'
I tried to update feroxbuster on Kali, however, it reported I am running the latest version (2.10.2), which I confirmed on Github as the latest.
It's hard to pinpoint the issue, but after manually killing the processes (without -9, just sudo kill #) autorecon finally finished. This was the process list before killing them:
kali 2621 2514 0 15:46 pts/12 Ss 0:03 /usr/bin/zsh
root 12923 2621 0 16:01 pts/12 S+ 0:00 sudo /home/kali/.local/bin/autorecon --no-port-dirs --only-scans-dir --heartbeat 30 --global.password-wordlist /usr/share/wordlists/rockyou.txt -t targetsToScan.txt
root 12924 12923 0 16:01 pts/20 Ss 0:00 sudo /home/kali/.local/bin/autorecon --no-port-dirs --only-scans-dir --heartbeat 30 --global.password-wordlist /usr/share/wordlists/rockyou.txt -t targetsToScan.txt
root 12925 12924 0 16:01 pts/20 Sl+ 0:51 /home/kali/.local/share/pipx/venvs/autorecon/bin/python /home/kali/.local/bin/autorecon --no-port-dirs --only-scans-dir --heartbeat 30 --global.password-wordlist /usr/share/wordlists/rockyou.txt -t targetsToScan.txt
root 14684 12925 0 16:03 pts/20 S+ 0:00 /bin/sh -c feroxbuster -u http://192.168.241.145:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -r -o "/home/kali/scan/results/192.168.241.145/scans/tcp_80_http_feroxbuster_dirbuster.txt"
root 14689 14684 1 16:03 pts/20 Sl+ 2:23 feroxbuster -u http://192.168.241.145:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x txt,html,php,asp,aspx,jsp -v -k -n -q -e -r -o /home/kali/scan/results/192.168.241.145/scans/tcp_80_http_feroxbuster_dirbuster.txt
root 19104 12925 0 16:10 pts/20 S+ 0:00 /bin/sh -c feroxbuster -u http://192.168.241.143:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -r -o "/home/kali/scan/results/192.168.241.143/scans/tcp_80_http_feroxbuster_dirbuster.txt"
root 19106 19104 1 16:10 pts/20 Sl+ 3:42 feroxbuster -u http://192.168.241.143:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x txt,html,php,asp,aspx,jsp -v -k -n -q -e -r -o /home/kali/scan/results/192.168.241.143/scans/tcp_80_http_feroxbuster_dirbuster.txt
root 19149 12925 0 16:10 pts/20 S+ 0:00 /bin/sh -c feroxbuster -u http://192.168.241.143:81/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -r -o "/home/kali/scan/results/192.168.241.143/scans/tcp_81_http_feroxbuster_dirbuster.txt"
root 19150 19149 1 16:10 pts/20 Sl+ 2:13 feroxbuster -u http://192.168.241.143:81/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x txt,html,php,asp,aspx,jsp -v -k -n -q -e -r -o /home/kali/scan/results/192.168.241.143/scans/tcp_81_http_feroxbuster_dirbuster.txt
root 20991 12925 0 16:11 pts/20 S+ 0:00 /bin/sh -c feroxbuster -u http://192.168.241.141:47001/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -r -o "/home/kali/scan/results/192.168.241.141/scans/tcp_47001_http_feroxbuster_dirbuster.txt"
root 20994 20991 2 16:11 pts/20 Sl+ 5:09 feroxbuster -u http://192.168.241.141:47001/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x txt,html,php,asp,aspx,jsp -v -k -n -q -e -r -o /home/kali/scan/results/192.168.241.141/scans/tcp_47001_http_feroxbuster_dirbuster.txt
Then the output afterwards
[!] Service scan Directory Buster (tcp/80/http/dirbuster) ran a command against 192.168.241.145 which returned a non-zero exit code (-15). Check /home/kali/scan/results/192.168.241.145/scans/_errors.log for more details.
[*] Service scan Directory Buster (tcp/80/http/dirbuster) against 192.168.241.145 finished in 3 hours, 57 minutes, 58 seconds
[!] Service scan Directory Buster (tcp/81/http/dirbuster) ran a command against 192.168.241.143 which returned a non-zero exit code (-15). Check /home/kali/scan/results/192.168.241.143/scans/_errors.log for more details.
[*] Service scan Directory Buster (tcp/81/http/dirbuster) against 192.168.241.143 finished in 3 hours, 51 minutes, 11 seconds
[!] Service scan Directory Buster (tcp/47001/http/dirbuster) ran a command against 192.168.241.141 which returned a non-zero exit code (-15). Check /home/kali/scan/results/192.168.241.141/scans/_errors.log for more details.
[*] Service scan Directory Buster (tcp/47001/http/dirbuster) against 192.168.241.141 finished in 3 hours, 49 minutes, 37 seconds
[*] Finished scanning target 192.168.241.145 in 3 hours, 59 minutes, 43 seconds
[*] Finished scanning target 192.168.241.143 in 3 hours, 59 minutes, 43 seconds
[*] Finished scanning target 192.168.241.141 in 3 hours, 59 minutes, 43 seconds
I am trying the tool using gobuster instead scanning the same targets. I will update this issue again in a few hours once I have those results. This is the command I am currently running
sudo /home/kali/.local/bin/autorecon --no-port-dirs --only-scans-dir --heartbeat 30 --global.password-wordlist /usr/share/wordlists/rockyou.txt --dirbuster.tool gobuster -t targetsToScan.txt
So I ran the following without issues. I am going to re-run the original scan mentioned above (which takes several hours) and see if it happens again
sudo /home/kali/.local/bin/autorecon --no-port-dirs --only-scans-dir --heartbeat 30 --global.password-wordlist /usr/share/wordlists/rockyou.txt --dirbuster.tool gobuster --dirbuster.threads 20 --dirbuster.wordlist /usr/share/wordlists/dirb/big.txt --dirbuster.ext txt,pdf,config -t targetsToScan.txt
I was not able to reproduce the problem so I am going to close this.