Wayne, On Sun, Dec 14, 2008 at 3:05 AM, Wayne Dawson <[email protected]> wrote: > I've tried a couple of internal sites, and my Audit progress seems to hang > each time. I've tried from both windows and linux. > > At some point there is an error and after that the audit log keeps running > but never stops. > > Here's some details. Maybe someone can shed some light on what's happening > for me? > > wayd...@hwt-ka-ptah:~/Downloads/WebAppAssement/w3af$ ./w3af_gui > Starting w3af, running on: > Python version: > 2.5.2 (r252:60911, Jul 31 2008, 17:28:52) > [GCC 4.2.3 (Ubuntu 4.2.3-2ubuntu7)] > GTK version: 2.12.9 > PyGTK version: 2.12.1 > > w3af - Web Application Attack and Audit Framework > Version: beta7 > Revision: 2175 > Author: Andres Riancho and the w3af team. > > > Exception in thread Thread-52: > Traceback (most recent call last): > File "/usr/lib/python2.5/threading.py", line 486, in __bootstrap_inner > self.run() > File "/usr/lib/python2.5/threading.py", line 446, in run > self.__target(*self.__args, **self.__kwargs) > File "/home/waydaws/Downloads/WebAppAssement/w3af/core/ui/gtkUi/main.py", > line 557, in startScanWrap > self.w3af.start() > File > "/home/waydaws/Downloads/WebAppAssement/w3af/core/controllers/w3afCore.py", > line 389, in start > raise e > IOError: [Errno 13] Permission denied: 'webroot/m2zfQVISeGDdnx1OHoVuZRhQH9n' > > > The Audit Log (currently shows) 42.30% (which I don't think has changed in > the last day) - the ETA keeps counting (it's now at 2d 21h 45m 56s...) >
I suspect that this is generated by the remoteFileInclude plugin. Could you re-run the scan with only that audit plugin enabled? After finding where the problem is, I could change the code and handle the error correctly. A quick fix, without touching any code: Change the permissions of the webroot directory inside the w3af dir. Cheers, > > > Wayne Dawson, Security Analyst > Inventure Solutions Inc | A Vancity Company > www.inventuresolutions.com > 4th Fl - 183 Terminal Avenue, Vancouver, BC V6A 4G2 > Business (604) 877-6507 Fax (604) 871-5403 > ------------------------------------------------------------------------------ > SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. > The future of the web can't happen without you. Join us at MIX09 to help > pave the way to the Next Web now. Learn more and register at > http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
