Arjun icon indicating copy to clipboard operation
Arjun copied to clipboard
verified publisher icon s0md3v

Arjun stuck at "Probing the target for stability"

Open s3rdz0x opened this issue 2 years ago • 2 comments

Hi! Recently, I used arjun to scan a list of subdomains and encountered an issue. So, every time arjun got to a specific URL, it would just freeze at "Probing the target for stability" and it would stay like that. The tool doesn't continue/skip to the next URL. Did anyone else experience this? It would be great if you could help me out :D

s3rdz0x avatar Nov 25 '23 16:11 s3rdz0x

Same issue here.

iambouali avatar Nov 29 '23 20:11 iambouali

Looking into it. Would you be able to share the specific URL?

You can DM me on twitter (@s0md3v) for privacy or send me an email.

s0md3v avatar Dec 02 '23 21:12 s0md3v

@s0md3v same issue here, has this been resolved yet? image I am running insiderPHDs Generic University Lab and I know there are parameters, at /api/users endpoint even InsiderPHD found them with her arjun in this vid https://www.youtube.com/watch?v=fvcKwUS4PTE&list=PLbyncTkpno5HqX1h2MnV6Qt4wvTb8Mpol&index=9, min 45:30

i tried with --stable and without, same thing

c137-hacker-rick avatar Jan 30 '24 14:01 c137-hacker-rick

Same issue here as well, think one possible solution would be to add a --threshold flag or something along the lines where you can do something like ``--threshold 60` and after 60 minutes arjun would automatically start scanning the next url. It's not a perfect solution but is at least a feasible one that shouldn't be too hard to implement.

NotoriousRebel avatar Apr 03 '24 17:04 NotoriousRebel

@s3rdz0x @iambouali @s0md3v @c137-hacker-rick After debugging the issue and while I can't provide the url I am using it should be easy enough to replicate. The problem is that infinite recursion is occurring in these lines in main.py. I have only started using this tool as of yesterday so it is hard for me to give possible solutions as I don't understand the entire codebase and how the compare function normally operates. You can confirm the infinite recursion by adding a simple print statement right before this line in anomaly.py : print(f'Currently comparing: {response} {factors} and: {params}') Maybe a possible solution could be changing it from while factors: to for same_header in factors["same_headers"]): ? For how I was running the tool: arjun -t 10 -u "url" -T 12 --disable-redirects -w small

Ah turns out by defaullt factors["same_headers"] is set to False so if it a bool that will cause a crash. An alternative approach that could use some refining but should be a good enough stopgap although it may cause results to be missed? :

print(f'Dumping same_headers: {factors["same_headers"]}')
print(f'Dumping {len(found)} found: {found}')
if not isinstance(factors['same_headers'], bool):
    for _ in factors['same_headers']:
        reason = compare(response_3, factors, {zzuf[:-1]: zzuf[::-1][:-1]})[2]
        if not reason:
            break
        factors[reason] = []
else:
    for _ in found:
        reason = compare(response_3, factors, {zzuf[:-1]: zzuf[::-1][:-1]})[2]
        if not reason:
            break
        factors[reason] = []

NotoriousRebel avatar Apr 03 '24 18:04 NotoriousRebel

Thank you for your patience. This issue has been fixed in the latest update.

CC: @NotoriousRebel @iambouali @s3rdz0x @c137-hacker-rick

s0md3v avatar Apr 13 '24 04:04 s0md3v