Hello,
Sorry, i was away for a few days.
I actually ran w3af using this script (it's from owtf, but i've run it
directly):
if [ $# -ne 2 -a $# -ne 3 ]; then
echo "Usage $0 <tool_dir> <target url> (<user agent -spaces replaced by
# symbol->)"
exit
fi
TOOL_DIR=$1
URL=$2
USER_AGENT="Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0" #
Default to something less obvious
if [ $3 ]; then
USER_AGENT=$(echo $3 | sed 's/#/ /g') # Expand to real User Agent
fi
DATE=$(date +%F_%R:%S | sed 's/:/_/g')
OUTFILE="w3af_report$DATE"
REPORT_HTTP=$OUTFILE.http.txt
REPORT_TXT=$OUTFILE.txt
REPORT_HTML=$OUTFILE.html
W3AF_SCRIPT=$OUTFILE.script.w3af
DIR=$(pwd) # Remember current dir
cd "$TOOL_DIR" # W3AF needs to be run from its own folder
echo "# w3af script used for testing
cleanup
profiles
use full_audit
back
plugins
bruteforce !basicAuthBrute,!formAuthBrute
discovery
sharedHosting,allowedMethods,digitSum,content_negotiation,robotsReader,serverStatus,webSpider
#discovery config importResults
#set input_csv reqs.csv
#back
output htmlFile,textFile
output config htmlFile
set fileName $REPORT_HTML
back
output config textFile
#set httpFileName $REPORT_HTTP
set fileName $REPORT_TXT
set verbose false
back
back
misc-settings
set fuzzFileName True
set fuzzCookie True
#set fuzzFormComboValues all
set maxDiscoveryTime 240
back
http-settings
set timeout 60
set userAgent $USER_AGENT
set maxRetrys 3
back
target
set target $URL
back
start
exit
" > $W3AF_SCRIPT
#Redirecting stdout/stderr is messy due to having to use a background tail
process with remains hanging if "Control+C"
#echo "./w3af_console -n -s $W3AF_SCRIPT" > $LOG_TXT 2> $ERR_FILE
COMMAND="./w3af_console -n -s $W3AF_SCRIPT"
echo "[*] Running: $COMMAND"
./w3af_console -n -s $W3AF_SCRIPT
mv $OUTFILE* $DIR
cd $DIR # Back to working folder
strings $REPORT_HTTP > $REPORT_HTTP.tmp # Removing binary garbage
mv $REPORT_HTTP.tmp $REPORT_HTTP
echo
echo "[*] Done!]"
What do you think? Is it necessary to run w3af again and input all those params
manually?
Thanks,
________________________________
From: Andres Riancho <[email protected]>
To: Adi Mutu <[email protected]>
Cc: "[email protected]" <[email protected]>
Sent: Friday, March 16, 2012 3:07 PM
Subject: Re: [W3af-users] error can't start new thread
Adi,
Does the same happen if you run w3af directly? (without owtf)
On Fri, Mar 16, 2012 at 3:42 AM, Adi Mutu <[email protected]> wrote:
>
>
> Hello,
>
> I get this error in my report file:
>
> ri Mar 16 03:13:21 2012 - error] Error in grep plugin, "motw" raised the
> exception: can't start new thread. Please report this bug to the
> w3af sourceforge project page [
> https://sourceforge.net/apps/trac/w3af/newticket ]
> Exception: Traceback (most recent call last):
> File "/opt/owtf/tools/restricted/w3af/w3af/core/data/url/xUrllib.py", line
> 841, in _grep_worker
> timedout_grep_wrapper(request, response)
> error: can't start new thread
>
> [Fri Mar 16 03:13:21 2012 - error] Traceback (most recent call last):
> File "/opt/owtf/tools/restricted/w3af/w3af/core/data/url/xUrllib.py", line
> 841, in _grep_worker
> timedout_grep_wrapper(request, response)
> File
> "/opt/owtf/tools/restricted/w3af/w3af/core/controllers/misc/timeout_function.py",
> line 144, in __call__
> return timelimited(self._timeout, self._function, *args, **kwds)
> File
> "/opt/owtf/tools/restricted/w3af/w3af/core/controllers/misc/timeout_function.py",
> line 102, in timelimited
> t.start()
> File "/usr/lib/python2.6/threading.py", line 471, in start
> _start_new_thread(self.__bootstrap, ())
> error: can't start new thread
>
>
> This error basically repeats a lot of times:
> This is how it was w3af ran:
>
> cleanup
> profiles
> use full_audit
> back
> plugins
> bruteforce !basicAuthBrute,!formAuthBrute
> discovery
> sharedHosting,allowedMethods,digitSum,content_negotiation,robotsReader,serverStatus,webSpider
> #discovery config importResults
> #set input_csv reqs.csv
> #back
> output htmlFile,textFile
> output config htmlFile
> set fileName w3af_report2012-03-15_21_58_53.html
> back
> output config textFile
> #set httpFileName w3af_report2012-03-15_21_58_53.http.txt
> set fileName w3af_report2012-03-15_21_58_53.txt
> set verbose false
> back
> back
> misc-settings
> set fuzzFileName True
> set fuzzCookie True
> #set fuzzFormComboValues all
> set maxDiscoveryTime 240
> back
> http-settings
> set timeout 60
> set userAgent Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101
> Firefox/6.0
> set maxRetrys 3
> back
> target
> set target www.aaaaaaaaaaaaa.com
> back
> start
> exit
>
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
