dirbuster (feroxbuster) scans hang, doesn't generate any network traffic

Question

dirbuster (feroxbuster) scans hang, doesn't generate any network traffic

kwilson7770 opened this issue 4 months ago · comments

I am not sure what is the cause, but I noticed on Kali 2024.1, running feroxbuster 2.10.2, using mostly defaults the dirbuster scan hangs at some point and no longer produces network traffic. I ran a tcpdump on my tun0 interface and noticed zero traffic going to the 2 targets/3 ports.

I extracted the running command from the process list (ps -efH ww) and ran it slightly modified (new output file, escaped the command in single quotes). This is what I got

sudo /bin/sh -c 'feroxbuster -u http://192.168.241.143:81/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -r -o "/home/kali/test.txt"'

And that worked or at least I think it did. I didn't want to wait for the 800K+ queries to finish. I did get it to finish with a small word list and only one extension in 2 minutes.

sudo /bin/sh -c 'feroxbuster -u http://192.168.241.145:80/ -t 10 -w /usr/share/wordlists/dirb/common.txt -x "txt" -v -k -n -q -e -r -o "/home/kali/test.txt"'

I tried to update feroxbuster on Kali, however, it reported I am running the latest version (2.10.2), which I confirmed on Github as the latest.

It's hard to pinpoint the issue, but after manually killing the processes (without -9, just sudo kill #) autorecon finally finished. This was the process list before killing them:

kali        2621    2514  0 15:46 pts/12   Ss     0:03     /usr/bin/zsh
root       12923    2621  0 16:01 pts/12   S+     0:00       sudo /home/kali/.local/bin/autorecon --no-port-dirs --only-scans-dir --heartbeat 30 --global.password-wordlist /usr/share/wordlists/rockyou.txt -t targetsToScan.txt
root       12924   12923  0 16:01 pts/20   Ss     0:00         sudo /home/kali/.local/bin/autorecon --no-port-dirs --only-scans-dir --heartbeat 30 --global.password-wordlist /usr/share/wordlists/rockyou.txt -t targetsToScan.txt
root       12925   12924  0 16:01 pts/20   Sl+    0:51           /home/kali/.local/share/pipx/venvs/autorecon/bin/python /home/kali/.local/bin/autorecon --no-port-dirs --only-scans-dir --heartbeat 30 --global.password-wordlist /usr/share/wordlists/rockyou.txt -t targetsToScan.txt
root       14684   12925  0 16:03 pts/20   S+     0:00             /bin/sh -c feroxbuster -u http://192.168.241.145:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -r -o "/home/kali/scan/results/192.168.241.145/scans/tcp_80_http_feroxbuster_dirbuster.txt"
root       14689   14684  1 16:03 pts/20   Sl+    2:23               feroxbuster -u http://192.168.241.145:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x txt,html,php,asp,aspx,jsp -v -k -n -q -e -r -o /home/kali/scan/results/192.168.241.145/scans/tcp_80_http_feroxbuster_dirbuster.txt
root       19104   12925  0 16:10 pts/20   S+     0:00             /bin/sh -c feroxbuster -u http://192.168.241.143:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -r -o "/home/kali/scan/results/192.168.241.143/scans/tcp_80_http_feroxbuster_dirbuster.txt"
root       19106   19104  1 16:10 pts/20   Sl+    3:42               feroxbuster -u http://192.168.241.143:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x txt,html,php,asp,aspx,jsp -v -k -n -q -e -r -o /home/kali/scan/results/192.168.241.143/scans/tcp_80_http_feroxbuster_dirbuster.txt
root       19149   12925  0 16:10 pts/20   S+     0:00             /bin/sh -c feroxbuster -u http://192.168.241.143:81/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -r -o "/home/kali/scan/results/192.168.241.143/scans/tcp_81_http_feroxbuster_dirbuster.txt"
root       19150   19149  1 16:10 pts/20   Sl+    2:13               feroxbuster -u http://192.168.241.143:81/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x txt,html,php,asp,aspx,jsp -v -k -n -q -e -r -o /home/kali/scan/results/192.168.241.143/scans/tcp_81_http_feroxbuster_dirbuster.txt
root       20991   12925  0 16:11 pts/20   S+     0:00             /bin/sh -c feroxbuster -u http://192.168.241.141:47001/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -r -o "/home/kali/scan/results/192.168.241.141/scans/tcp_47001_http_feroxbuster_dirbuster.txt"
root       20994   20991  2 16:11 pts/20   Sl+    5:09               feroxbuster -u http://192.168.241.141:47001/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x txt,html,php,asp,aspx,jsp -v -k -n -q -e -r -o /home/kali/scan/results/192.168.241.141/scans/tcp_47001_http_feroxbuster_dirbuster.txt

Then the output afterwards

[!] Service scan Directory Buster (tcp/80/http/dirbuster) ran a command against 192.168.241.145 which returned a non-zero exit code (-15). Check /home/kali/scan/results/192.168.241.145/scans/_errors.log for more details.
[*] Service scan Directory Buster (tcp/80/http/dirbuster) against 192.168.241.145 finished in 3 hours, 57 minutes, 58 seconds
[!] Service scan Directory Buster (tcp/81/http/dirbuster) ran a command against 192.168.241.143 which returned a non-zero exit code (-15). Check /home/kali/scan/results/192.168.241.143/scans/_errors.log for more details.
[*] Service scan Directory Buster (tcp/81/http/dirbuster) against 192.168.241.143 finished in 3 hours, 51 minutes, 11 seconds
[!] Service scan Directory Buster (tcp/47001/http/dirbuster) ran a command against 192.168.241.141 which returned a non-zero exit code (-15). Check /home/kali/scan/results/192.168.241.141/scans/_errors.log for more details.
[*] Service scan Directory Buster (tcp/47001/http/dirbuster) against 192.168.241.141 finished in 3 hours, 49 minutes, 37 seconds
[*] Finished scanning target 192.168.241.145 in 3 hours, 59 minutes, 43 seconds
[*] Finished scanning target 192.168.241.143 in 3 hours, 59 minutes, 43 seconds
[*] Finished scanning target 192.168.241.141 in 3 hours, 59 minutes, 43 seconds

I am trying the tool using gobuster instead scanning the same targets. I will update this issue again in a few hours once I have those results. This is the command I am currently running

sudo /home/kali/.local/bin/autorecon --no-port-dirs --only-scans-dir --heartbeat 30 --global.password-wordlist /usr/share/wordlists/rockyou.txt --dirbuster.tool gobuster -t targetsToScan.txt

kwilson7770 · Answer 1 · Wed Mar 20 2024 23:39:47 GMT+0800 (China Standard Time)

So I ran the following without issues. I am going to re-run the original scan mentioned above (which takes several hours) and see if it happens again

sudo /home/kali/.local/bin/autorecon --no-port-dirs --only-scans-dir --heartbeat 30 --global.password-wordlist /usr/share/wordlists/rockyou.txt --dirbuster.tool gobuster --dirbuster.threads 20 --dirbuster.wordlist /usr/share/wordlists/dirb/big.txt --dirbuster.ext txt,pdf,config -t targetsToScan.txt

kwilson7770 · Answer 2 · Fri Mar 22 2024 23:41:55 GMT+0800 (China Standard Time)

I was not able to reproduce the problem so I am going to close this.