[Wed Feb 12 09:35:53 2020 - information] Enabling redos's dependency server_header [Wed Feb 12 09:35:53 2020 - information] Enabling dav's dependency allowed_methods [Wed Feb 12 09:35:53 2020 - information] Enabling frontpage's dependency frontpage_version [Wed Feb 12 09:35:53 2020 - information] Enabling user_dir's dependency finger_bing [Wed Feb 12 09:35:54 2020 - information] Enabling user_dir's dependency finger_google [Wed Feb 12 09:35:54 2020 - information] Enabling user_dir's dependency finger_pks [Wed Feb 12 09:35:56 2020 - debug] Called w3afCore.start() [Wed Feb 12 09:35:56 2020 - debug] Enabling _dns_cache() [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] plugins [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] audit file_upload, csrf, deserialization, os_commanding, lfi, sqli, blind_sqli, phishing_vector, generic, format_string, websocket_hijacking, shell_shock, memcachei, un_ssl, ldapi, buffer_overflow, redos, global_redirect, xpath, cors_origin, htaccess_methods, dav, ssi, xxe, eval, rosetta_flash, xss, xst, ssl_certificate, preg_replace, mx_injection, response_splitting, rfd, rfi, frontpage [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] back [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] plugins [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] infrastructure server_header, allowed_methods, frontpage_version, finger_bing, finger_google, finger_pks [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] back [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] plugins [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] grep symfony, file_upload, wsdl_greper, cross_domain_js, http_in_body, expect_ct, svn_users, xss_protection_header, private_ip, motw, retirejs, websockets_links, form_cleartext_password, serialized_object, cache_control, blank_body, path_disclosure, strange_http_codes, credit_cards, code_disclosure, csp, dom_xss, vulners_db, strict_transport_security, keys, form_autocomplete, clamav, html_comments, http_auth_detect, strange_parameters, url_session, dot_net_event_validation, objects, error_500, hash_analysis, lang, click_jacking, feeds, password_profiling, get_emails, meta_tags, error_pages, strange_reason, content_sniffing, user_defined_regex, meta_generator, strange_headers, ssn, oracle, directory_indexing, analyze_cookies [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] back [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] plugins [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] output text_file, console [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] output config text_file [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set verbose True [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set output_file output-w3af.txt [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set http_output_file /home/ayush/output-http.txt [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] back [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] output config console [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set verbose False [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set use_colors True [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] back [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] back [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] plugins [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] crawl genexus_xml, wordpress_fingerprint, dot_listing, content_negotiation, robots_txt, archive_dot_org, ria_enumerator, wordnet, user_dir, sitemap_xml, dir_file_bruter, phpinfo, find_dvcs, import_results, payment_webhook_finder, url_fuzzer, urllist_txt, find_backdoors, web_spider, find_captchas, oracle_discovery, wsdl_finder, wordpress_enumerate_users, web_diff, dwsync_xml, pykto, wordpress_fullpathdisclosure, phishtank, digit_sum, open_api, dot_ds_store, ghdb [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] back [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] plugins [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] auth detailed [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] auth config detailed [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set username admin [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set password admin [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set username_field username [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set password_field password [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set auth_url http://localhost:9090/login [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set check_url http://localhost:9090/learn/vulnerability/a1_injection [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set check_string Logout [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set data_format %u=%U&%p=%P [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set follow_redirects False [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set method POST [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set url_encode_params True [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] back [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] back [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] target [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] set target http://localhost:9090/ [ Wed Feb 12 09:35:56 2020 - Enabled plugins ] back [Wed Feb 12 09:36:00 2020 - debug] Starting the scan using w3af version 2019.1.2 / 1910600684 - 04 Nov 2019 11:40 / master [Wed Feb 12 09:36:00 2020 - debug] DNS response from DNS server for domain: localhost [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=1,from_cache=0,grep=1,rtt=0.05,did=QUEcyn4z) [Wed Feb 12 09:36:00 2020 - debug] Increased the worker pool size to 31 (error rate: 0%) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=2,from_cache=0,grep=1,rtt=0.01,did=VFKcLB83) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=3,from_cache=0,grep=1,rtt=0.00,did=yPlx3EOt) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=4,from_cache=0,grep=1,rtt=0.00,did=qpaPVZMn) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=5,from_cache=0,grep=1,rtt=0.00,did=0xH6xUow) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=6,from_cache=0,grep=1,rtt=0.00,did=57JKaCYo) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=7,from_cache=0,grep=1,rtt=0.01,did=6Y1X1tAf) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=8,from_cache=0,grep=1,rtt=0.01,did=k1mZSa9V) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=9,from_cache=0,grep=1,rtt=0.01,did=jyI5Icq5) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=10,from_cache=0,grep=1,rtt=0.01,did=B02qFXhH) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=11,from_cache=0,grep=1,rtt=0.01,did=01hdn6Vp) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=12,from_cache=0,grep=1,rtt=0.01,did=ukbXXM8Z) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=13,from_cache=0,grep=1,rtt=0.00,did=3VOnfzVV) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=14,from_cache=0,grep=1,rtt=0.01,did=LVK7PcMZ) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=15,from_cache=0,grep=1,rtt=0.01,did=AxeOkVPB) [Wed Feb 12 09:36:00 2020 - debug] Updating socket timeout for localhost from 6.00 to 3.00 seconds [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=16,from_cache=0,grep=1,rtt=0.01,did=rRq7qXSv) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=17,from_cache=0,grep=1,rtt=0.00,did=AZpr2lqe) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "200" (id=19,from_cache=0,grep=1,rtt=0.06,did=ueyJauwj) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=20,from_cache=0,grep=1,rtt=0.01,did=5JBtB1df) [Wed Feb 12 09:36:00 2020 - debug] detailed.has_active_session() and detailed.login() [Wed Feb 12 09:36:00 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: xoKAXAQ1) [Wed Feb 12 09:36:00 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=22,from_cache=0,grep=0,rtt=0.01,did=xoKAXAQ1) [Wed Feb 12 09:36:00 2020 - debug] [auth.detailed] User "admin" is NOT logged into the application, the `check_string` was not found in the HTTP response with ID 22. (did: xoKAXAQ1) [Wed Feb 12 09:36:00 2020 - debug] [auth.detailed] Logging into the application with user: admin (did: A8115daB) [Wed Feb 12 09:36:01 2020 - debug] POST http://localhost:9090/login with data: "username=admin&password=admin" returned HTTP code "302" (id=23,from_cache=0,grep=0,rtt=0.30,did=A8115daB) [Wed Feb 12 09:36:01 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: oSGsR7iu) [Wed Feb 12 09:36:01 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=24,from_cache=0,grep=0,rtt=0.03,did=oSGsR7iu) [Wed Feb 12 09:36:01 2020 - debug] [auth.detailed] User "admin" is currently logged into the application (did: oSGsR7iu) [Wed Feb 12 09:36:01 2020 - debug] Login success for admin [Wed Feb 12 09:36:01 2020 - debug] detailed._login() took 0.38s to run [Wed Feb 12 09:36:01 2020 - debug] Called _setup_audit() [Wed Feb 12 09:36:01 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=25,from_cache=1,grep=1,rtt=0.01,did=A51I4v2f) [Wed Feb 12 09:36:01 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 0, 'reject-seen-url': 0, 'reject-out-of-scope': 0, 'accept': 0} [Wed Feb 12 09:36:01 2020 - debug] The framework has 108 active threads. [Wed Feb 12 09:36:01 2020 - debug] file_upload.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] wsdl_greper.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] cross_domain_js.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] expect_ct.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] svn_users.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] xss_protection_header.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] private_ip.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] motw.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] Unknown post-data. Content-type: "None" and/or post-data "" [Wed Feb 12 09:36:01 2020 - debug] serialized_object.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] blank_body.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] strange_http_codes.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] credit_cards.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] websockets_links.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] csp.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] dom_xss.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] strict_transport_security.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] keys.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - error] The ClamAV plugin failed to connect to clamd using the provided unix socket: "/var/run/clamav/clamd.ctl". Please verify your configuration and try again. [Wed Feb 12 09:36:01 2020 - debug] clamav.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] symfony.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] localhost:9090 connection pool stats (free:24 / in_use:0 / max:50 / total:24) [Wed Feb 12 09:36:01 2020 - debug] There are no connections marked as in use in the connection pool at this time [Wed Feb 12 09:36:01 2020 - debug] GET http://localhost:9090/vCHYS returned HTTP code "404" (id=26,from_cache=0,grep=0,rtt=0.04,did=A51I4v2f) [Wed Feb 12 09:36:01 2020 - debug] Using RLIMIT_AS memory usage limit 2185 MB for new pool process [Wed Feb 12 09:36:01 2020 - debug] Received response for 404 URL http://localhost:9090/vCHYS (id:26, did:A51I4v2f, len:144) [Wed Feb 12 09:36:01 2020 - debug] "http://localhost:9090/" (id:25, code:302, len:28, did:A51I4v2f) is NOT a 404 [known 404 with ID 26 uses 404 code] [Wed Feb 12 09:36:01 2020 - debug] Waited 0.27 seconds in PreventMultipleThreads for event 140101166417168 and normalized path http://localhost:9090/ (did:None) [Wed Feb 12 09:36:01 2020 - debug] Waited 0.27 seconds in PreventMultipleThreads for event 140101166417168 and normalized path http://localhost:9090/ (did:None) [Wed Feb 12 09:36:01 2020 - debug] "http://localhost:9090/" (id:25, code:302, len:28, did:8Tc5vGwY) is NOT a 404 [URL 404 cache] [Wed Feb 12 09:36:01 2020 - debug] meta_generator.grep(uri="http://localhost:9090/") took 0.28s to run [Wed Feb 12 09:36:01 2020 - debug] "http://localhost:9090/" (id:25, code:302, len:28, did:nJ0Q1waT) is NOT a 404 [URL 404 cache] [Wed Feb 12 09:36:01 2020 - debug] code_disclosure.grep(uri="http://localhost:9090/") took 0.27s to run [Wed Feb 12 09:36:01 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=27,from_cache=1,grep=1,rtt=0.01,did=vJSwFymc) [Wed Feb 12 09:36:01 2020 - debug] path_disclosure.grep(uri="http://localhost:9090/") took 0.29s to run [Wed Feb 12 09:36:01 2020 - debug] dot_net_event_validation.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] objects.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] error_500.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] "http://localhost:9090/" (id:25, code:302, len:28, did:8H4c3dp4) is NOT a 404 [URL 404 cache] [Wed Feb 12 09:36:01 2020 - debug] DNS response from DNS server for domain: raw.githubusercontent.com [Wed Feb 12 09:36:01 2020 - debug] allowed_methods.discover(http://localhost:9090/, did=a6QYZFNE) [Wed Feb 12 09:36:01 2020 - debug] frontpage_version.discover(http://localhost:9090/, did=IAEjTfzV) [Wed Feb 12 09:36:01 2020 - debug] server_header.discover(http://localhost:9090/, did=roFiQxlb) [Wed Feb 12 09:36:01 2020 - debug] finger_bing.discover(http://localhost:9090/, did=mIdkE8qb) [Wed Feb 12 09:36:01 2020 - debug] finger_google.discover(http://localhost:9090/, did=ZKzvI2tq) [Wed Feb 12 09:36:01 2020 - debug] Producer Seed has finished (poison pill received, queue size: 0) [Wed Feb 12 09:36:01 2020 - debug] http_in_body.grep(uri="http://localhost:9090/") took 0.54s to run [Wed Feb 12 09:36:01 2020 - debug] password_profiling.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] click_jacking.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] form_cleartext_password.grep(uri="http://localhost:9090/") took 0.52s to run [Wed Feb 12 09:36:01 2020 - debug] "http://localhost:9090/" (id:25, code:302, len:28, did:HgekYgkV) is NOT a 404 [URL 404 cache] [Wed Feb 12 09:36:01 2020 - debug] directory_indexing.grep(uri="http://localhost:9090/") took 0.05s to run [Wed Feb 12 09:36:01 2020 - debug] meta_tags.grep(uri="http://localhost:9090/") took 0.28s to run [Wed Feb 12 09:36:01 2020 - debug] hash_analysis.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] html_comments.grep(uri="http://localhost:9090/") took 0.53s to run [Wed Feb 12 09:36:01 2020 - debug] strange_reason.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] http_auth_detect.grep(uri="http://localhost:9090/") took 0.47s to run [Wed Feb 12 09:36:01 2020 - debug] user_defined_regex.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] cache_control.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] strange_headers.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] ssn.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] oracle.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] feeds.grep(uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:01 2020 - debug] url_session.grep(uri="http://localhost:9090/") took 0.32s to run [Wed Feb 12 09:36:01 2020 - debug] strange_parameters.grep(uri="http://localhost:9090/") took 0.32s to run [Wed Feb 12 09:36:01 2020 - debug] form_autocomplete.grep(uri="http://localhost:9090/") took 0.55s to run [Wed Feb 12 09:36:01 2020 - debug] finger_pks.discover(http://localhost:9090/, did=Roq60N1e) [Wed Feb 12 09:36:02 2020 - debug] error_pages.grep(uri="http://localhost:9090/") took 0.05s to run [Wed Feb 12 09:36:02 2020 - debug] analyze_cookies.grep(uri="http://localhost:9090/") took 0.06s to run [Wed Feb 12 09:36:02 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=28,from_cache=0,grep=0,rtt=0.03,did=TYIIP5mv) [Wed Feb 12 09:36:02 2020 - debug] genexus_xml.discover(http://localhost:9090/, did=jbOLulUj) [Wed Feb 12 09:36:02 2020 - vulnerability] The URL "http://localhost:9090/" returned an HTTP response without the recommended HTTP header X-Content-Type-Options. This information was found in the request with id 25. [Wed Feb 12 09:36:02 2020 - debug] content_sniffing.grep(uri="http://localhost:9090/") took 0.10s to run [Wed Feb 12 09:36:02 2020 - debug] wordpress_fingerprint.discover(http://localhost:9090/, did=SMyIcAPt) [Wed Feb 12 09:36:02 2020 - debug] [wordpress_fingerprint] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:02 2020 - debug] dot_listing.discover(http://localhost:9090/, did=ftMHsj5T) [Wed Feb 12 09:36:02 2020 - debug] [dot_listing] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:02 2020 - debug] [genexus_xml] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:02 2020 - information] The page is written in: "en". [Wed Feb 12 09:36:02 2020 - debug] content_negotiation.discover(http://localhost:9090/, did=v680J9eZ) [Wed Feb 12 09:36:02 2020 - debug] [content_negotiation] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:02 2020 - debug] content_negotiation.discover(did="v680J9eZ",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] GET http://localhost:9090/_vti_inf.html returned HTTP code "404" (id=31,from_cache=0,grep=1,rtt=0.17,did=cX51P4Ej) [Wed Feb 12 09:36:02 2020 - debug] file_upload.audit(did="BZHmsKKH", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] file_upload.audit(did="BZHmsKKH",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=29,from_cache=1,grep=1,rtt=0.01,did=sXKKBynF) [Wed Feb 12 09:36:02 2020 - information] The remote HTTP Server omitted the "server" header in its response. This information was found in the request with id 29. [Wed Feb 12 09:36:02 2020 - information] The x-powered-by header for the target HTTP server is "Express". This information was found in the request with id 29. [Wed Feb 12 09:36:02 2020 - debug] server_header.discover(did="roFiQxlb",uri="http://localhost:9090/") took 0.36s to run [Wed Feb 12 09:36:02 2020 - debug] OPTIONS http://localhost:9090/ returned HTTP code "200" (id=30,from_cache=0,grep=1,rtt=0.10,did=Qh8y2P8t) [Wed Feb 12 09:36:02 2020 - debug] csrf.audit(did="Z0g6I5ao", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] csrf.audit(did="Z0g6I5ao",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] deserialization.audit(did="NeWtEPlC", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] deserialization.audit(did="NeWtEPlC",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] robots_txt.discover(http://localhost:9090/, did=T6jTzgzE) [Wed Feb 12 09:36:02 2020 - debug] [robots_txt] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:02 2020 - debug] lang.grep(uri="http://localhost:9090/") took 0.36s to run [Wed Feb 12 09:36:02 2020 - debug] frontpage_version.discover(did="IAEjTfzV",uri="http://localhost:9090/") took 0.44s to run [Wed Feb 12 09:36:02 2020 - debug] symfony.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] file_upload.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] wsdl_greper.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] cross_domain_js.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] expect_ct.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] svn_users.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] xss_protection_header.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] private_ip.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] motw.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] meta_generator.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] code_disclosure.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] Unknown post-data. Content-type: "None" and/or post-data "" [Wed Feb 12 09:36:02 2020 - debug] serialized_object.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] blank_body.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] path_disclosure.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] strange_http_codes.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] os_commanding.audit(did="qkAmxOOy", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:qkAmxOOy) [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] os_commanding.audit(did="qkAmxOOy",uri="http://localhost:9090/") took 0.01s to run [Wed Feb 12 09:36:02 2020 - debug] credit_cards.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] lfi.audit(did="dgOxr40m", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:dgOxr40m) [Wed Feb 12 09:36:02 2020 - debug] websockets_links.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] csp.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] dom_xss.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] archive_dot_org.discover(http://localhost:9090/, did=hNxunmSq) [Wed Feb 12 09:36:02 2020 - debug] [archive_dot_org] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:02 2020 - debug] ria_enumerator.discover(http://localhost:9090/, did=6oxXsePs) [Wed Feb 12 09:36:02 2020 - debug] strict_transport_security.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] keys.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] [ria_enumerator] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:02 2020 - debug] clamav.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] sqli.audit(did="fAgl4mXp", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:fAgl4mXp) [Wed Feb 12 09:36:02 2020 - debug] sqli.audit(did="fAgl4mXp",uri="http://localhost:9090/") took 0.01s to run [Wed Feb 12 09:36:02 2020 - debug] Will increase timeout to 3.30 seconds after HTTP socket error (did:pRzzmMkb) [Wed Feb 12 09:36:02 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.30 seconds [Wed Feb 12 09:36:02 2020 - debug] Raising HTTP error "ARGENTINA" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:pRzzmMkb). [Wed Feb 12 09:36:02 2020 - debug] lfi.audit(did="dgOxr40m",uri="http://localhost:9090/") took 0.11s to run [Wed Feb 12 09:36:02 2020 - debug] GET http://localhost:9090/.listing returned HTTP code "404" (id=32,from_cache=0,grep=1,rtt=0.05,did=K1CQsfU1) [Wed Feb 12 09:36:02 2020 - debug] GET http://localhost:9090/wp-login.php returned HTTP code "404" (id=33,from_cache=0,grep=1,rtt=0.18,did=7rUWRyNX) [Wed Feb 12 09:36:02 2020 - debug] blind_sqli.audit(did="atRJHs5x", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] blind_sqli.audit(did="atRJHs5x",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] phishing_vector.audit(did="ds3mHPYv", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] wordpress_fingerprint.discover(did="SMyIcAPt",uri="http://localhost:9090/") took 0.54s to run [Wed Feb 12 09:36:02 2020 - debug] generic.audit(did="esIQb3Yv", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] dot_listing.discover(did="ftMHsj5T",uri="http://localhost:9090/") took 0.55s to run [Wed Feb 12 09:36:02 2020 - debug] GET http://localhost:9090/robots.txt returned HTTP code "404" (id=35,from_cache=0,grep=1,rtt=0.05,did=Z0xwWbSm) [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:ds3mHPYv) [Wed Feb 12 09:36:02 2020 - debug] Finished audit.phishing_vector (did=ds3mHPYv) [Wed Feb 12 09:36:02 2020 - debug] phishing_vector.audit(did="ds3mHPYv",uri="http://localhost:9090/") took 0.06s to run [Wed Feb 12 09:36:02 2020 - debug] wordnet.discover(http://localhost:9090/, did=BQboBk2F) [Wed Feb 12 09:36:02 2020 - debug] [wordnet] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:02 2020 - debug] user_dir.discover(http://localhost:9090/, did=O0hJZvrR) [Wed Feb 12 09:36:02 2020 - debug] [user_dir] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:02 2020 - debug] format_string.audit(did="MQqhp8QS", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:MQqhp8QS) [Wed Feb 12 09:36:02 2020 - debug] websocket_hijacking.audit(did="jLi7nfm5", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] websocket_hijacking.audit(did="jLi7nfm5",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] generic.audit(did="esIQb3Yv",uri="http://localhost:9090/") took 0.06s to run [Wed Feb 12 09:36:02 2020 - debug] GET http://localhost:9090/execute.xml returned HTTP code "404" (id=34,from_cache=0,grep=1,rtt=0.16,did=kdK0Dq4S) [Wed Feb 12 09:36:02 2020 - debug] robots_txt.discover(did="T6jTzgzE",uri="http://localhost:9090/") took 0.46s to run [Wed Feb 12 09:36:02 2020 - debug] shell_shock.audit(did="2v0jCkwm", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=36,from_cache=0,grep=1,rtt=0.14,did=MZuFkpo1) [Wed Feb 12 09:36:02 2020 - debug] format_string.audit(did="MQqhp8QS",uri="http://localhost:9090/") took 0.07s to run [Wed Feb 12 09:36:02 2020 - debug] http_in_body.grep(uri="http://localhost:9090/_vti_inf.html") took 0.48s to run [Wed Feb 12 09:36:02 2020 - debug] genexus_xml.discover(did="jbOLulUj",uri="http://localhost:9090/") took 0.67s to run [Wed Feb 12 09:36:02 2020 - debug] memcachei.audit(did="5rVTFwzg", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:5rVTFwzg) [Wed Feb 12 09:36:02 2020 - debug] form_cleartext_password.grep(uri="http://localhost:9090/_vti_inf.html") took 0.54s to run [Wed Feb 12 09:36:02 2020 - debug] http_auth_detect.grep(uri="http://localhost:9090/_vti_inf.html") took 0.41s to run [Wed Feb 12 09:36:02 2020 - debug] dot_net_event_validation.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] objects.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] error_500.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] meta_tags.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] password_profiling.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] click_jacking.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] directory_indexing.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] lang.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] html_comments.grep(uri="http://localhost:9090/_vti_inf.html") took 0.46s to run [Wed Feb 12 09:36:02 2020 - debug] hash_analysis.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] form_autocomplete.grep(uri="http://localhost:9090/_vti_inf.html") took 0.46s to run [Wed Feb 12 09:36:02 2020 - debug] strange_reason.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] content_sniffing.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] user_defined_regex.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] cache_control.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] strange_headers.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] ssn.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] oracle.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] feeds.grep(uri="http://localhost:9090/_vti_inf.html") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] dir_file_bruter.discover(http://localhost:9090/, did=bCwnp0g9) [Wed Feb 12 09:36:02 2020 - debug] [dir_file_bruter] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:02 2020 - debug] un_ssl.audit(did="QzEwjTZM", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] un_ssl.audit(did="QzEwjTZM",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] Will increase timeout to 3.63 seconds after HTTP socket error (did:d5eo6Bef) [Wed Feb 12 09:36:02 2020 - debug] Updating socket timeout for localhost from 3.30 to 3.63 seconds [Wed Feb 12 09:36:02 2020 - debug] Raising HTTP error "INDEX" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:d5eo6Bef). [Wed Feb 12 09:36:02 2020 - debug] sitemap_xml.discover(http://localhost:9090/, did=zlPzhpCp) [Wed Feb 12 09:36:02 2020 - debug] [sitemap_xml] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:02 2020 - debug] ldapi.audit(did="4o6AKXzt", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:4o6AKXzt) [Wed Feb 12 09:36:02 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=37,from_cache=1,grep=1,rtt=0.03,did=OBvIdLt9) [Wed Feb 12 09:36:02 2020 - debug] wordnet.discover(did="BQboBk2F",uri="http://localhost:9090/") took 0.22s to run [Wed Feb 12 09:36:02 2020 - debug] phpinfo.discover(http://localhost:9090/, did=hz1QZP0K) [Wed Feb 12 09:36:02 2020 - debug] ldapi.audit(did="4o6AKXzt",uri="http://localhost:9090/") took 0.01s to run [Wed Feb 12 09:36:02 2020 - debug] buffer_overflow.audit(did="vd5Q3vHZ", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] buffer_overflow.audit(did="vd5Q3vHZ",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:02 2020 - debug] redos.audit(did="ULXWyogv", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] global_redirect.audit(did="nCoYmNKF", uri="http://localhost:9090/") [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:nCoYmNKF) [Wed Feb 12 09:36:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:nCoYmNKF) [Wed Feb 12 09:36:03 2020 - debug] strange_parameters.grep(uri="http://localhost:9090/_vti_inf.html") took 0.18s to run [Wed Feb 12 09:36:03 2020 - debug] symfony.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] file_upload.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] DNS response from DNS server for domain: web.archive.org [Wed Feb 12 09:36:03 2020 - debug] error_pages.grep(uri="http://localhost:9090/_vti_inf.html") took 0.11s to run [Wed Feb 12 09:36:03 2020 - debug] wsdl_greper.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] cross_domain_js.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] url_session.grep(uri="http://localhost:9090/_vti_inf.html") took 0.12s to run [Wed Feb 12 09:36:03 2020 - debug] expect_ct.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] svn_users.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] xss_protection_header.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] private_ip.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] motw.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] meta_generator.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] analyze_cookies.grep(uri="http://localhost:9090/_vti_inf.html") took 0.11s to run [Wed Feb 12 09:36:03 2020 - debug] code_disclosure.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:03 2020 - debug] redos.audit(did="ULXWyogv",uri="http://localhost:9090/") took 0.04s to run [Wed Feb 12 09:36:03 2020 - debug] Will increase timeout to 3.99 seconds after HTTP socket error (did:6Wa1FbeM) [Wed Feb 12 09:36:03 2020 - debug] Updating socket timeout for localhost from 3.63 to 3.99 seconds [Wed Feb 12 09:36:03 2020 - debug] Raising HTTP error "INVOKE" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:6Wa1FbeM). [Wed Feb 12 09:36:03 2020 - debug] memcachei.audit(did="5rVTFwzg",uri="http://localhost:9090/") took 0.19s to run [Wed Feb 12 09:36:03 2020 - debug] get_emails.grep(uri="http://localhost:9090/") took 1.04s to run [Wed Feb 12 09:36:03 2020 - debug] [phpinfo] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:03 2020 - debug] Unknown post-data. Content-type: "None" and/or post-data "" [Wed Feb 12 09:36:03 2020 - debug] serialized_object.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] blank_body.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] path_disclosure.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] strange_http_codes.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] websockets_links.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] csp.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] dom_xss.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=38,from_cache=0,grep=1,rtt=0.10,did=2v0jCkwm) [Wed Feb 12 09:36:03 2020 - debug] xpath.audit(did="nTz80utf", uri="http://localhost:9090/") [Wed Feb 12 09:36:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:03 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:nTz80utf) [Wed Feb 12 09:36:03 2020 - debug] cors_origin.audit(did="j1kOq72o", uri="http://localhost:9090/") [Wed Feb 12 09:36:03 2020 - debug] global_redirect.audit(did="nCoYmNKF",uri="http://localhost:9090/") took 0.10s to run [Wed Feb 12 09:36:03 2020 - debug] credit_cards.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] strict_transport_security.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] keys.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] GET http://localhost:9090/~_w_3_a_f_/ returned HTTP code "404" (id=39,from_cache=0,grep=1,rtt=0.15,did=Mvo6a4Qq) [Wed Feb 12 09:36:03 2020 - debug] htaccess_methods.audit(did="WYc516p5", uri="http://localhost:9090/") [Wed Feb 12 09:36:03 2020 - debug] xpath.audit(did="nTz80utf",uri="http://localhost:9090/") took 0.20s to run [Wed Feb 12 09:36:03 2020 - debug] dav.audit(did="GXOPpO8n", uri="http://localhost:9090/") [Wed Feb 12 09:36:03 2020 - debug] ssi.audit(did="3nJo9S9g", uri="http://localhost:9090/") [Wed Feb 12 09:36:03 2020 - debug] localhost:9090 connection pool stats (free:37 / in_use:6 / max:50 / total:43) [Wed Feb 12 09:36:03 2020 - debug] Connections with more in use time: (941732cff4527333, 0.35 sec) (18f457b2f26810cd, 0.22 sec) (a712a1ad5fc5ab9c, 0.09 sec) (b9c732d80a5bb1dd, 0.01 sec) (d42b919264727ff8, 0.01 sec) [Wed Feb 12 09:36:03 2020 - debug] 0% of GrepWorker workers are idle. [Wed Feb 12 09:36:03 2020 - debug] GrepWorker worker pool internal thread state: (worker: True, task: True, result: True) [Wed Feb 12 09:36:03 2020 - debug] GrepWorker worker pool has 29 tasks in inqueue and 0 tasks in outqueue [Wed Feb 12 09:36:03 2020 - debug] xxe.audit(did="ct94V4Kg", uri="http://localhost:9090/") [Wed Feb 12 09:36:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:03 2020 - debug] xxe.audit(did="ct94V4Kg",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:03 2020 - debug] DNS response from DNS server for domain: www.google.com [Wed Feb 12 09:36:03 2020 - debug] eval.audit(did="DyZCAjlC", uri="http://localhost:9090/") [Wed Feb 12 09:36:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:03 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:DyZCAjlC) [Wed Feb 12 09:36:04 2020 - debug] MKCOL http://localhost:9090/ returned HTTP code "404" (id=43,from_cache=0,grep=1,rtt=0.49,did=Br20qfbx) [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/sitemap.xml returned HTTP code "404" (id=40,from_cache=0,grep=1,rtt=0.11,did=mkDC8mgK) [Wed Feb 12 09:36:04 2020 - debug] http_in_body.grep(uri="http://localhost:9090/.listing") took 0.72s to run [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/gears_manifest.php returned HTTP code "404" (id=42,from_cache=0,grep=1,rtt=0.07,did=DgWSxo2x) [Wed Feb 12 09:36:04 2020 - debug] form_autocomplete.grep(uri="http://localhost:9090/.listing") took 0.59s to run [Wed Feb 12 09:36:04 2020 - debug] clamav.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] form_cleartext_password.grep(uri="http://localhost:9090/.listing") took 0.76s to run [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/phpInfo.php returned HTTP code "404" (id=46,from_cache=0,grep=0,rtt=0.26,did=Lcue32xr) [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=45,from_cache=1,grep=1,rtt=0.01,did=2kdlhvps) [Wed Feb 12 09:36:04 2020 - debug] htaccess_methods.audit(did="WYc516p5",uri="http://localhost:9090/") took 0.53s to run [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/gears_config returned HTTP code "404" (id=41,from_cache=0,grep=1,rtt=0.20,did=GYZ0Pf4A) [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/xxx.php returned HTTP code "404" (id=44,from_cache=0,grep=0,rtt=0.15,did=RPFTI4S8) [Wed Feb 12 09:36:04 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:04 2020 - debug] localhost:9090 connection pool stats (free:28 / in_use:23 / max:50 / total:51) [Wed Feb 12 09:36:04 2020 - debug] Connections with more in use time: (a712a1ad5fc5ab9c, 0.57 sec) (d42b919264727ff8, 0.50 sec) (5aa0b4376f902084, 0.47 sec) (66eea2c1a1ffd98b, 0.46 sec) (7d7d275c65f0b360, 0.46 sec) [Wed Feb 12 09:36:04 2020 - debug] http_auth_detect.grep(uri="http://localhost:9090/.listing") took 0.12s to run [Wed Feb 12 09:36:04 2020 - debug] 0% of CrawlInfraWorker workers are idle. [Wed Feb 12 09:36:04 2020 - debug] CrawlInfraWorker worker pool internal thread state: (worker: True, task: True, result: True) [Wed Feb 12 09:36:04 2020 - debug] CrawlInfraWorker worker pool has 13 tasks in inqueue and 0 tasks in outqueue [Wed Feb 12 09:36:04 2020 - debug] Worker with ID WorkerThread(j9e6gcyy) is idle. [Wed Feb 12 09:36:04 2020 - debug] Worker with ID WorkerThread(hGEbXfwZ) is idle. [Wed Feb 12 09:36:04 2020 - debug] 6% of WorkerThread workers are idle. [Wed Feb 12 09:36:04 2020 - debug] Worker worker pool internal thread state: (worker: True, task: True, result: True) [Wed Feb 12 09:36:04 2020 - debug] html_comments.grep(uri="http://localhost:9090/.listing") took 0.22s to run [Wed Feb 12 09:36:04 2020 - debug] dot_net_event_validation.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] DNS response from DNS server for domain: www.bing.com [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/site-manifest returned HTTP code "404" (id=47,from_cache=0,grep=1,rtt=0.59,did=YKZEZGaK) [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/admin.php?mode=phpinfo returned HTTP code "404" (id=48,from_cache=0,grep=0,rtt=0.37,did=NuCDWjlT) [Wed Feb 12 09:36:04 2020 - debug] eval.audit(did="DyZCAjlC",uri="http://localhost:9090/") took 0.40s to run [Wed Feb 12 09:36:04 2020 - debug] rosetta_flash.audit(did="X8gdzyUS", uri="http://localhost:9090/") [Wed Feb 12 09:36:04 2020 - debug] rosetta_flash.audit(did="X8gdzyUS",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] Worker worker pool has 6 tasks in inqueue and 0 tasks in outqueue [Wed Feb 12 09:36:04 2020 - debug] sitemap_xml.discover(did="zlPzhpCp",uri="http://localhost:9090/") took 1.17s to run [Wed Feb 12 09:36:04 2020 - debug] find_dvcs.discover(http://localhost:9090/, did=RKHnLsTM) [Wed Feb 12 09:36:04 2020 - debug] strange_parameters.grep(uri="http://localhost:9090/.listing") took 0.25s to run [Wed Feb 12 09:36:04 2020 - debug] error_500.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] meta_tags.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] password_profiling.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] click_jacking.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] directory_indexing.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] lang.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/phpinfo1.php returned HTTP code "404" (id=50,from_cache=0,grep=0,rtt=0.49,did=OUxNSrTS) [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/sitemanifest.gears returned HTTP code "404" (id=52,from_cache=0,grep=1,rtt=0.53,did=ytijXcBj) [Wed Feb 12 09:36:04 2020 - debug] url_session.grep(uri="http://localhost:9090/.listing") took 0.28s to run [Wed Feb 12 09:36:04 2020 - debug] hash_analysis.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] [find_dvcs] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/index.php?view=phpinfo returned HTTP code "404" (id=49,from_cache=0,grep=0,rtt=0.44,did=NNDwpmrU) [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/phpinfo.php returned HTTP code "404" (id=54,from_cache=0,grep=0,rtt=0.49,did=BIU6Sp9n) [Wed Feb 12 09:36:04 2020 - debug] error_pages.grep(uri="http://localhost:9090/.listing") took 0.14s to run [Wed Feb 12 09:36:04 2020 - debug] strange_reason.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] content_sniffing.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] user_defined_regex.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] cache_control.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:04 2020 - debug] objects.grep(uri="http://localhost:9090/.listing") took 0.34s to run [Wed Feb 12 09:36:04 2020 - debug] GET http://localhost:9090/x.php returned HTTP code "404" (id=53,from_cache=0,grep=0,rtt=0.67,did=NgFRBLsM) [Wed Feb 12 09:36:04 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:04 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:3nJo9S9g) [Wed Feb 12 09:36:04 2020 - debug] Worker with ID AuditorWorker(3lIHqMdP) is idle. [Wed Feb 12 09:36:04 2020 - debug] Worker with ID AuditorWorker(AAwzqj5O) is idle. [Wed Feb 12 09:36:04 2020 - debug] Worker with ID AuditorWorker(OFMDNz5i) is idle. [Wed Feb 12 09:36:04 2020 - debug] Worker with ID AuditorWorker(Rim1zDwH) is idle. [Wed Feb 12 09:36:04 2020 - debug] Worker with ID AuditorWorker(E71iJb08) is idle. [Wed Feb 12 09:36:04 2020 - debug] Worker with ID AuditorWorker(SmdJFVYa) is idle. [Wed Feb 12 09:36:04 2020 - debug] 60% of AuditorWorker workers are idle. [Wed Feb 12 09:36:05 2020 - debug] AuditorWorker worker pool internal thread state: (worker: True, task: True, result: True) [Wed Feb 12 09:36:05 2020 - debug] AuditorWorker worker pool has 0 tasks in inqueue and 0 tasks in outqueue [Wed Feb 12 09:36:05 2020 - debug] xss.audit(did="nLecQCRc", uri="http://localhost:9090/") [Wed Feb 12 09:36:05 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:05 2020 - debug] xss.audit(did="nLecQCRc",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:05 2020 - debug] GET http://localhost:9090/PHPinfo.php returned HTTP code "404" (id=58,from_cache=0,grep=0,rtt=0.47,did=VFLZSzZH) [Wed Feb 12 09:36:05 2020 - debug] GET http://localhost:9090/phpversion.php returned HTTP code "404" (id=64,from_cache=0,grep=0,rtt=0.47,did=PdRykxlW) [Wed Feb 12 09:36:05 2020 - debug] GET http://localhost:9090/xx.php returned HTTP code "404" (id=65,from_cache=0,grep=0,rtt=0.48,did=eJ3zDw2w) [Wed Feb 12 09:36:06 2020 - debug] GET http://localhost:9090/index.php?mode=phpinfo returned HTTP code "404" (id=66,from_cache=0,grep=0,rtt=0.42,did=rKFtwmSR) [Wed Feb 12 09:36:06 2020 - debug] GET http://localhost:9090/phpVersion.php returned HTTP code "404" (id=69,from_cache=0,grep=0,rtt=0.68,did=PglIA9kg) [Wed Feb 12 09:36:06 2020 - debug] GET http://localhost:9090/gears-config.txt returned HTTP code "404" (id=71,from_cache=0,grep=1,rtt=0.70,did=wI8UzaAN) [Wed Feb 12 09:36:06 2020 - debug] strange_headers.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:06 2020 - debug] ssn.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:06 2020 - debug] oracle.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:06 2020 - debug] feeds.grep(uri="http://localhost:9090/.listing") took 0.00s to run [Wed Feb 12 09:36:06 2020 - debug] GET http://localhost:9090/test1.php returned HTTP code "404" (id=56,from_cache=0,grep=0,rtt=0.43,did=Ehc1nYjT) [Wed Feb 12 09:36:06 2020 - debug] GET http://localhost:9090/test.php?mode=phpinfo returned HTTP code "404" (id=67,from_cache=0,grep=0,rtt=0.72,did=glICirgP) [Wed Feb 12 09:36:06 2020 - debug] GET http://localhost:9090/filesInCache.json returned HTTP code "404" (id=70,from_cache=0,grep=1,rtt=0.75,did=tgmHK4Rb) [Wed Feb 12 09:36:06 2020 - debug] GET http://localhost:9090/info1.php returned HTTP code "404" (id=57,from_cache=0,grep=0,rtt=0.52,did=HPaNxfCF) [Wed Feb 12 09:36:06 2020 - debug] GET http://localhost:9090/INSTALL.php?mode=phpinfo returned HTTP code "404" (id=68,from_cache=0,grep=0,rtt=0.57,did=JmUeBJ9x) [Wed Feb 12 09:36:06 2020 - debug] GET http://localhost:9090/info.php returned HTTP code "404" (id=60,from_cache=0,grep=0,rtt=0.67,did=Pu2YtqZ3) [Wed Feb 12 09:36:06 2020 - debug] ssi.audit(did="3nJo9S9g",uri="http://localhost:9090/") took 1.16s to run [Wed Feb 12 09:36:06 2020 - debug] GET http://localhost:9090/cache_manifest.php returned HTTP code "404" (id=62,from_cache=0,grep=1,rtt=0.78,did=YEBJqj4b) [Wed Feb 12 09:36:07 2020 - debug] GET http://localhost:9090/TEST.php?mode=phpinfo returned HTTP code "404" (id=51,from_cache=0,grep=0,rtt=0.48,did=pn84PBHx) [Wed Feb 12 09:36:07 2020 - debug] xst.audit(did="l59Pqisy", uri="http://localhost:9090/") [Wed Feb 12 09:36:07 2020 - debug] symfony.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:07 2020 - debug] Updating socket timeout for localhost from 3.99 to 4.41 seconds [Wed Feb 12 09:36:07 2020 - debug] GET http://localhost:9090/offline-manifest.json returned HTTP code "404" (id=73,from_cache=0,grep=1,rtt=0.43,did=34QsKrgH) [Wed Feb 12 09:36:07 2020 - debug] GET http://localhost:9090/cache-manifest.gears returned HTTP code "404" (id=72,from_cache=0,grep=1,rtt=0.71,did=RGn5qeGZ) [Wed Feb 12 09:36:07 2020 - debug] file_upload.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:07 2020 - debug] wsdl_greper.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:07 2020 - debug] cross_domain_js.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:07 2020 - debug] analyze_cookies.grep(uri="http://localhost:9090/.listing") took 0.11s to run [Wed Feb 12 09:36:07 2020 - debug] expect_ct.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:07 2020 - debug] svn_users.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:07 2020 - debug] xss_protection_header.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:07 2020 - debug] private_ip.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:07 2020 - debug] motw.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:07 2020 - debug] GET http://localhost:9090/gearsconfig returned HTTP code "404" (id=75,from_cache=0,grep=1,rtt=0.16,did=kwXBLQ8s) [Wed Feb 12 09:36:07 2020 - debug] MOVE http://localhost:9090/ returned HTTP code "404" (id=76,from_cache=0,grep=1,rtt=0.15,did=QAB6wY3y) [Wed Feb 12 09:36:07 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=55,from_cache=0,grep=1,rtt=0.45,did=j1kOq72o) [Wed Feb 12 09:36:07 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 6, 'reject-seen-url': 9, 'reject-out-of-scope': 0, 'accept': 10} [Wed Feb 12 09:36:07 2020 - debug] GET http://localhost:9090/install.php?mode=phpinfo returned HTTP code "404" (id=59,from_cache=0,grep=0,rtt=0.56,did=8DaffRyj) [Wed Feb 12 09:36:07 2020 - debug] GET http://localhost:9090/phpInfo1.php returned HTTP code "404" (id=61,from_cache=0,grep=0,rtt=0.71,did=wSaDMqhQ) [Wed Feb 12 09:36:07 2020 - debug] get_emails.grep(uri="http://localhost:9090/_vti_inf.html") took 1.86s to run [Wed Feb 12 09:36:07 2020 - debug] meta_generator.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:07 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=77,from_cache=0,grep=0,rtt=0.16,did=2v0jCkwm) [Wed Feb 12 09:36:07 2020 - debug] ssl_certificate.audit(did="kNLjaJuS", uri="http://localhost:9090/") [Wed Feb 12 09:36:08 2020 - debug] GET http://localhost:9090/PHPversion.php returned HTTP code "404" (id=79,from_cache=0,grep=0,rtt=0.58,did=rRE6VGgE) [Wed Feb 12 09:36:08 2020 - debug] preg_replace.audit(did="5NNQSp9r", uri="http://localhost:9090/") [Wed Feb 12 09:36:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:08 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:5NNQSp9r) [Wed Feb 12 09:36:08 2020 - debug] mx_injection.audit(did="pH6dui5G", uri="http://localhost:9090/") [Wed Feb 12 09:36:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:08 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:pH6dui5G) [Wed Feb 12 09:36:08 2020 - debug] response_splitting.audit(did="YUs56fc8", uri="http://localhost:9090/") [Wed Feb 12 09:36:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:08 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:YUs56fc8) [Wed Feb 12 09:36:08 2020 - debug] GET http://localhost:9090/PHPINFO.php returned HTTP code "404" (id=74,from_cache=0,grep=0,rtt=0.86,did=FEdizShG) [Wed Feb 12 09:36:08 2020 - debug] response_splitting.audit(did="YUs56fc8",uri="http://localhost:9090/") took 0.01s to run [Wed Feb 12 09:36:08 2020 - debug] mx_injection.audit(did="pH6dui5G",uri="http://localhost:9090/") took 0.02s to run [Wed Feb 12 09:36:08 2020 - debug] code_disclosure.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:08 2020 - debug] preg_replace.audit(did="5NNQSp9r",uri="http://localhost:9090/") took 0.07s to run [Wed Feb 12 09:36:08 2020 - debug] GET http://web.archive.org/web/*/http:/localhost:9090/ returned HTTP code "200" (id=63,from_cache=0,grep=1,rtt=1.46,did=ehlD1MFC) [Wed Feb 12 09:36:08 2020 - debug] GET http://www.google.com/xhtml?q=@localhost.&start=300 returned HTTP code "200" (id=78,from_cache=0,grep=1,rtt=1.01,did=jQKSI8DC) [Wed Feb 12 09:36:08 2020 - debug] ssl_certificate.audit(did="kNLjaJuS",uri="http://localhost:9090/") took 0.16s to run [Wed Feb 12 09:36:08 2020 - debug] rfd.audit(did="ct1y2IpX", uri="http://localhost:9090/") [Wed Feb 12 09:36:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/%3B/w3af.cmd%3B/w3af.cmd" () [Wed Feb 12 09:36:08 2020 - debug] rfd.audit(did="ct1y2IpX",uri="http://localhost:9090/") took 0.45s to run [Wed Feb 12 09:36:08 2020 - debug] TRACE http://localhost:9090/ returned HTTP code "404" (id=80,from_cache=0,grep=1,rtt=0.11,did=y3ONNk8H) [Wed Feb 12 09:36:08 2020 - debug] xst.audit(did="l59Pqisy",uri="http://localhost:9090/") took 0.87s to run [Wed Feb 12 09:36:08 2020 - debug] rfi.audit(did="HfhCDJOa", uri="http://localhost:9090/") [Wed Feb 12 09:36:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:08 2020 - debug] GET http://localhost:9090/gears_config.txt returned HTTP code "404" (id=85,from_cache=0,grep=1,rtt=0.10,did=SF0K988w) [Wed Feb 12 09:36:08 2020 - debug] GET http://localhost:9090/gears-manifest.php returned HTTP code "404" (id=86,from_cache=0,grep=1,rtt=0.24,did=7CeJX6JF) [Wed Feb 12 09:36:08 2020 - debug] frontpage.audit(did="DYmdC5ig", uri="http://localhost:9090/") [Wed Feb 12 09:36:08 2020 - debug] HEAD http://localhost:9090/ returned HTTP code "302" (id=88,from_cache=0,grep=1,rtt=0.21,did=pfDzJFJ7) [Wed Feb 12 09:36:08 2020 - debug] GET http://localhost:9090/site_manifest returned HTTP code "404" (id=83,from_cache=0,grep=1,rtt=0.03,did=WRz2gBvz) [Wed Feb 12 09:36:08 2020 - debug] GET http://localhost:9090/PhpInfo.php returned HTTP code "404" (id=81,from_cache=0,grep=0,rtt=0.19,did=q6tXqUXB) [Wed Feb 12 09:36:08 2020 - debug] localhost:9090 connection pool stats (free:42 / in_use:9 / max:50 / total:51) [Wed Feb 12 09:36:08 2020 - debug] Connections with more in use time: (ea99060d2e3c1bee, 0.29 sec) (a712a1ad5fc5ab9c, 0.28 sec) (cd9918a2d17819fb, 0.28 sec) (859514ff2302e122, 0.24 sec) (f830fbba42644f2d, 0.23 sec) [Wed Feb 12 09:36:08 2020 - debug] PROPFIND http://localhost:9090/ with data: " Select \'D..." returned HTTP code "404" (id=92,from_cache=0,grep=1,rtt=0.15,did=5mCxEzuE) [Wed Feb 12 09:36:09 2020 - debug] frontpage.audit(did="DYmdC5ig",uri="http://localhost:9090/") took 0.20s to run [Wed Feb 12 09:36:09 2020 - debug] RFI using local web server for URL: http://localhost:9090/ [Wed Feb 12 09:36:09 2020 - debug] GET http://localhost:9090/cachemanifest.php returned HTTP code "404" (id=94,from_cache=0,grep=1,rtt=0.31,did=O6SFynEP) [Wed Feb 12 09:36:09 2020 - debug] phpinfo.discover(did="hz1QZP0K",uri="http://localhost:9090/") took 2.55s to run [Wed Feb 12 09:36:09 2020 - debug] import_results.discover(http://localhost:9090/, did=SaM618oA) [Wed Feb 12 09:36:09 2020 - debug] [import_results] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:09 2020 - debug] cors_origin.audit(did="j1kOq72o",uri="http://localhost:9090/") took 2.63s to run (0.52s 19% sending HTTP requests) [Wed Feb 12 09:36:09 2020 - debug] GET http://localhost:9090/gears_manifest.gears returned HTTP code "404" (id=105,from_cache=0,grep=1,rtt=0.40,did=8tzFBCbr) [Wed Feb 12 09:36:09 2020 - debug] GET http://localhost:9090/cache_manifest.gears returned HTTP code "404" (id=99,from_cache=0,grep=1,rtt=0.20,did=JesoKv3n) [Wed Feb 12 09:36:09 2020 - debug] GET http://localhost:9090/.gitignore returned HTTP code "404" (id=100,from_cache=0,grep=0,rtt=0.33,did=KvJiwMFR) [Wed Feb 12 09:36:09 2020 - debug] GET http://localhost:9090/.bzr/checkout/dirstate returned HTTP code "404" (id=102,from_cache=0,grep=0,rtt=0.29,did=fcjp8rih) [Wed Feb 12 09:36:09 2020 - debug] Archive.org did not find any pages. [Wed Feb 12 09:36:09 2020 - debug] GET http://localhost:9090/.cvsignore returned HTTP code "404" (id=97,from_cache=0,grep=0,rtt=0.19,did=EX2UBRwh) [Wed Feb 12 09:36:09 2020 - debug] http_in_body.grep(uri="http://localhost:9090/wp-login.php") took 1.23s to run [Wed Feb 12 09:36:09 2020 - debug] Unknown post-data. Content-type: "None" and/or post-data "" [Wed Feb 12 09:36:09 2020 - debug] serialized_object.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:09 2020 - debug] blank_body.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:09 2020 - debug] path_disclosure.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:09 2020 - debug] form_cleartext_password.grep(uri="http://localhost:9090/wp-login.php") took 0.96s to run [Wed Feb 12 09:36:09 2020 - debug] strange_http_codes.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:09 2020 - debug] credit_cards.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:09 2020 - debug] websockets_links.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:09 2020 - debug] csp.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:09 2020 - debug] dom_xss.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:09 2020 - debug] archive_dot_org.discover(did="hNxunmSq",uri="http://localhost:9090/") took 3.38s to run [Wed Feb 12 09:36:09 2020 - debug] payment_webhook_finder.discover(http://localhost:9090/, did=ZAlDpgzj) [Wed Feb 12 09:36:09 2020 - debug] [payment_webhook_finder] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:09 2020 - debug] detailed.has_active_session() and detailed.login() [Wed Feb 12 09:36:09 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: LWsweJff) [Wed Feb 12 09:36:09 2020 - debug] import_results.discover(did="SaM618oA",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:09 2020 - debug] url_fuzzer.discover(http://localhost:9090/, did=WPPCljOO) [Wed Feb 12 09:36:09 2020 - debug] [url_fuzzer] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:09 2020 - debug] strict_transport_security.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:09 2020 - debug] keys.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:10 2020 - debug] GET http://localhost:9090/.bzrignore returned HTTP code "404" (id=98,from_cache=0,grep=0,rtt=0.16,did=OMcPO6TP) [Wed Feb 12 09:36:10 2020 - debug] GET http://localhost:9090/site-manifest.txt returned HTTP code "404" (id=111,from_cache=0,grep=1,rtt=0.52,did=rpj0IkkB) [Wed Feb 12 09:36:10 2020 - debug] GET http://localhost:9090/cache-manifest returned HTTP code "404" (id=109,from_cache=0,grep=1,rtt=0.06,did=42pZTNLR) [Wed Feb 12 09:36:10 2020 - debug] GET http://localhost:9090/offline_manifest.json returned HTTP code "404" (id=108,from_cache=0,grep=1,rtt=0.42,did=wJHQjywX) [Wed Feb 12 09:36:10 2020 - debug] GET http://localhost:9090/fetchmail/ returned HTTP code "404" (id=107,from_cache=0,grep=1,rtt=0.13,did=89YMPx6t) [Wed Feb 12 09:36:10 2020 - debug] GET http://localhost:9090/.hgignore returned HTTP code "404" (id=104,from_cache=0,grep=0,rtt=0.18,did=RglRi5wD) [Wed Feb 12 09:36:10 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=1 returned HTTP code "200" (id=96,from_cache=0,grep=0,rtt=1.50,did=g9OYFqNE) [Wed Feb 12 09:36:10 2020 - debug] GET http://localhost:9090/~fetchmail/ returned HTTP code "404" (id=110,from_cache=0,grep=1,rtt=0.17,did=4oHIBg0X) [Wed Feb 12 09:36:11 2020 - debug] GET http://localhost:9090/~Debian-exim/ returned HTTP code "404" (id=113,from_cache=0,grep=1,rtt=0.22,did=CiW1bgrs) [Wed Feb 12 09:36:11 2020 - debug] GET http://localhost:9090/.hg/dirstate returned HTTP code "404" (id=106,from_cache=0,grep=0,rtt=0.20,did=5ROJ4uds) [Wed Feb 12 09:36:11 2020 - debug] GET http://localhost:9090/Debian-exim/ returned HTTP code "404" (id=112,from_cache=0,grep=1,rtt=0.26,did=k4GrPErk) [Wed Feb 12 09:36:11 2020 - debug] ACL http://localhost:9090/ returned HTTP code "404" (id=114,from_cache=0,grep=1,rtt=0.09,did=Sk1Xn8Zb) [Wed Feb 12 09:36:11 2020 - debug] form_autocomplete.grep(uri="http://localhost:9090/wp-login.php") took 0.24s to run [Wed Feb 12 09:36:11 2020 - debug] clamav.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:11 2020 - debug] localhost:9090 connection pool stats (free:47 / in_use:4 / max:50 / total:51) [Wed Feb 12 09:36:11 2020 - debug] Connections with more in use time: (18e90d0005f69337, 0.12 sec) (859514ff2302e122, 0.11 sec) (ea99060d2e3c1bee, 0.11 sec) (2209cc403a0c5f20, 0.11 sec) [Wed Feb 12 09:36:11 2020 - debug] GET http://localhost:9090/~smmsp/ returned HTTP code "404" (id=115,from_cache=0,grep=1,rtt=0.13,did=ZJiXAWU9) [Wed Feb 12 09:36:11 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:11 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:HfhCDJOa) [Wed Feb 12 09:36:11 2020 - debug] find_dvcs.discover(did="RKHnLsTM",uri="http://localhost:9090/") took 2.22s to run [Wed Feb 12 09:36:11 2020 - debug] urllist_txt.discover(http://localhost:9090/, did=MbfoOBoI) [Wed Feb 12 09:36:11 2020 - debug] [urllist_txt] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:11 2020 - debug] rfi.audit(did="HfhCDJOa",uri="http://localhost:9090/") took 0.90s to run [Wed Feb 12 09:36:11 2020 - debug] html_comments.grep(uri="http://localhost:9090/wp-login.php") took 0.19s to run [Wed Feb 12 09:36:11 2020 - debug] GET http://localhost:9090/smmsp/ returned HTTP code "404" (id=116,from_cache=0,grep=1,rtt=0.14,did=mXBiD5cX) [Wed Feb 12 09:36:11 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=117,from_cache=0,grep=0,rtt=0.19,did=2v0jCkwm) [Wed Feb 12 09:36:11 2020 - debug] GET http://localhost:9090/~eximuser/ returned HTTP code "404" (id=119,from_cache=0,grep=1,rtt=0.10,did=UDrDo3DR) [Wed Feb 12 09:36:11 2020 - debug] GET http://localhost:9090/gearsconfig.txt returned HTTP code "404" (id=120,from_cache=0,grep=1,rtt=0.30,did=AAD2okdB) [Wed Feb 12 09:36:11 2020 - debug] http_auth_detect.grep(uri="http://localhost:9090/wp-login.php") took 0.18s to run [Wed Feb 12 09:36:12 2020 - debug] GET http://localhost:9090/gearsmanifest.php returned HTTP code "404" (id=118,from_cache=0,grep=1,rtt=0.27,did=tX7l0ZtF) [Wed Feb 12 09:36:12 2020 - debug] Returning fresh average RTT of 0.14 seconds for mutant 7b34d43e0db6f6b0713a9fc60359e929 [Wed Feb 12 09:36:12 2020 - debug] Returning cached average RTT of 0.14 seconds for mutant 7b34d43e0db6f6b0713a9fc60359e929 [Wed Feb 12 09:36:12 2020 - debug] strange_parameters.grep(uri="http://localhost:9090/wp-login.php") took 0.27s to run [Wed Feb 12 09:36:12 2020 - debug] GET http://localhost:9090/gears-manifest.gears returned HTTP code "404" (id=133,from_cache=0,grep=1,rtt=0.09,did=yqZEoOSO) [Wed Feb 12 09:36:12 2020 - debug] GET http://localhost:9090/sitemanifest returned HTTP code "404" (id=121,from_cache=0,grep=1,rtt=0.17,did=ssFnAiMw) [Wed Feb 12 09:36:12 2020 - debug] GET http://localhost:9090/DMIoG returned HTTP code "404" (id=132,from_cache=0,grep=1,rtt=0.17,did=LP8V4frD) [Wed Feb 12 09:36:12 2020 - debug] dav.audit(did="GXOPpO8n",uri="http://localhost:9090/") took 3.57s to run [Wed Feb 12 09:36:12 2020 - debug] GET http://localhost:9090/snort/ returned HTTP code "404" (id=126,from_cache=0,grep=1,rtt=0.32,did=ZceyaRrA) [Wed Feb 12 09:36:12 2020 - debug] GET http://localhost:9090/eximuser/ returned HTTP code "404" (id=127,from_cache=0,grep=1,rtt=0.07,did=KR8W8DBe) [Wed Feb 12 09:36:12 2020 - debug] get_emails.grep(uri="http://localhost:9090/.listing") took 2.85s to run [Wed Feb 12 09:36:12 2020 - debug] dot_net_event_validation.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:12 2020 - debug] objects.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:12 2020 - debug] error_500.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:12 2020 - debug] meta_tags.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:12 2020 - debug] password_profiling.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:12 2020 - debug] click_jacking.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:12 2020 - debug] directory_indexing.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:12 2020 - debug] lang.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/~defang/ returned HTTP code "404" (id=137,from_cache=0,grep=1,rtt=0.35,did=jfX43NeT) [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/~logwatch/ returned HTTP code "404" (id=124,from_cache=0,grep=1,rtt=0.11,did=Am3kAhsF) [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=129,from_cache=0,grep=0,rtt=0.16,did=LWsweJff) [Wed Feb 12 09:36:13 2020 - debug] [auth.detailed] User "admin" is currently logged into the application (did: LWsweJff) [Wed Feb 12 09:36:13 2020 - debug] detailed._login() took 1.08s to run [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/defang/ returned HTTP code "404" (id=130,from_cache=0,grep=1,rtt=0.29,did=3s9fPzS6) [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/logwatch/ returned HTTP code "404" (id=131,from_cache=0,grep=1,rtt=0.23,did=dWrGPfn1) [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/debian-tor/ returned HTTP code "404" (id=125,from_cache=0,grep=1,rtt=0.16,did=wYCQCw9s) [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/cachemanifest.gears returned HTTP code "404" (id=122,from_cache=0,grep=1,rtt=0.12,did=LMPnHIWz) [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/~snort/ returned HTTP code "404" (id=123,from_cache=0,grep=1,rtt=0.25,did=ZYJ8qES6) [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/~privoxy/ returned HTTP code "404" (id=128,from_cache=0,grep=1,rtt=0.21,did=xrSm8GW3) [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/~debian-tor/ returned HTTP code "404" (id=136,from_cache=0,grep=1,rtt=0.26,did=FuqlwDWS) [Wed Feb 12 09:36:13 2020 - debug] url_session.grep(uri="http://localhost:9090/wp-login.php") took 0.33s to run [Wed Feb 12 09:36:13 2020 - debug] hash_analysis.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/offlinemanifest.json returned HTTP code "404" (id=135,from_cache=0,grep=1,rtt=0.47,did=VBJq7Zn0) [Wed Feb 12 09:36:13 2020 - debug] error_pages.grep(uri="http://localhost:9090/wp-login.php") took 0.05s to run [Wed Feb 12 09:36:13 2020 - debug] strange_reason.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:13 2020 - debug] content_sniffing.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:13 2020 - debug] user_defined_regex.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:13 2020 - debug] cache_control.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:13 2020 - debug] strange_headers.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:13 2020 - debug] ssn.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:13 2020 - debug] oracle.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:13 2020 - debug] feeds.grep(uri="http://localhost:9090/wp-login.php") took 0.00s to run [Wed Feb 12 09:36:13 2020 - debug] localhost:9090 connection pool stats (free:48 / in_use:3 / max:50 / total:51) [Wed Feb 12 09:36:13 2020 - debug] Connections with more in use time: (ea99060d2e3c1bee, 0.22 sec) (18e90d0005f69337, 0.17 sec) (859514ff2302e122, 0.01 sec) [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/privoxy/ returned HTTP code "404" (id=134,from_cache=0,grep=1,rtt=0.12,did=QHY0rSdm) [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/openvpn/ returned HTTP code "404" (id=138,from_cache=0,grep=1,rtt=0.13,did=IUvCPyaa) [Wed Feb 12 09:36:13 2020 - debug] analyze_cookies.grep(uri="http://localhost:9090/wp-login.php") took 0.15s to run [Wed Feb 12 09:36:13 2020 - debug] GET http://localhost:9090/~openvpn/ returned HTTP code "404" (id=140,from_cache=0,grep=1,rtt=0.28,did=0OoSd2bl) [Wed Feb 12 09:36:14 2020 - debug] GET http://localhost:9090/nagios/ returned HTTP code "404" (id=142,from_cache=0,grep=1,rtt=0.05,did=C4JknwZz) [Wed Feb 12 09:36:14 2020 - debug] GET http://www.google.com/search?q=@localhost.&start=300&sa=N&hl=en returned HTTP code "200" (id=141,from_cache=0,grep=1,rtt=1.63,did=ZTXgWKiU) [Wed Feb 12 09:36:14 2020 - debug] Google search for: '@localhost.' returned 0 unique results [Wed Feb 12 09:36:14 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=144,from_cache=0,grep=1,rtt=0.33,did=mlZKkcVf) [Wed Feb 12 09:36:14 2020 - debug] GET http://localhost:9090/manifest.php returned HTTP code "404" (id=146,from_cache=0,grep=1,rtt=0.25,did=d5uk92nE) [Wed Feb 12 09:36:14 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=147,from_cache=0,grep=1,rtt=0.32,did=2v0jCkwm) [Wed Feb 12 09:36:14 2020 - debug] GET http://localhost:9090/urllist.txt returned HTTP code "404" (id=148,from_cache=0,grep=1,rtt=0.28,did=cjRMqk95) [Wed Feb 12 09:36:14 2020 - debug] GET http://localhost:9090/~ntop/ returned HTTP code "404" (id=149,from_cache=0,grep=1,rtt=0.11,did=wJT2Wcf7) [Wed Feb 12 09:36:14 2020 - debug] GET http://localhost:9090/ntop/ returned HTTP code "404" (id=150,from_cache=0,grep=1,rtt=0.29,did=RguLhfqy) [Wed Feb 12 09:36:14 2020 - debug] symfony.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:14 2020 - debug] file_upload.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:14 2020 - debug] wsdl_greper.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:14 2020 - debug] cross_domain_js.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:15 2020 - debug] GET http://localhost:9090/bigsis/ returned HTTP code "404" (id=151,from_cache=0,grep=1,rtt=0.09,did=PrWO7Hbh) [Wed Feb 12 09:36:15 2020 - debug] GET http://localhost:9090/site_manifest.txt returned HTTP code "404" (id=139,from_cache=0,grep=1,rtt=0.24,did=dZ7M9WdO) [Wed Feb 12 09:36:15 2020 - debug] finger_google.discover(did="ZKzvI2tq",uri="http://localhost:9090/") took 5.63s to run [Wed Feb 12 09:36:15 2020 - debug] find_backdoors.discover(http://localhost:9090/, did=yPXZoTJn) [Wed Feb 12 09:36:15 2020 - debug] [find_backdoors] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:15 2020 - debug] [id: 140100635385616] HTTP response delay was 0.32. (lower, expected, upper): 8.00, 8.00, 16.17. [Wed Feb 12 09:36:15 2020 - debug] [did: 2v0jCkwm] [id: 140100635385616] Failed to control HTTP response delay for URL http://localhost:9090/ - parameter "User-Agent" for 8 seconds using , response wait time was: 0.324299097061 seconds and response ID: 147. [Wed Feb 12 09:36:15 2020 - debug] GET http://localhost:9090/~bigsis/ returned HTTP code "404" (id=152,from_cache=0,grep=1,rtt=0.15,did=g0AoGFVj) [Wed Feb 12 09:36:15 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=145,from_cache=0,grep=1,rtt=0.19,did=2v0jCkwm) [Wed Feb 12 09:36:15 2020 - debug] LINK http://localhost:9090/ returned HTTP code "404" (id=154,from_cache=0,grep=1,rtt=0.43,did=uRLIxnEe) [Wed Feb 12 09:36:15 2020 - debug] GET http://pgp.mit.edu:11371/pks/lookup?op=index&search=localhost. returned HTTP code "500" (id=143,from_cache=0,grep=0,rtt=2.60,did=ER4XBHF0) [Wed Feb 12 09:36:15 2020 - debug] [id: 140100634362896] HTTP response delay was 0.19. (lower, expected, upper): 8.00, 8.00, 16.17. [Wed Feb 12 09:36:15 2020 - debug] [did: 2v0jCkwm] [id: 140100634362896] Failed to control HTTP response delay for URL http://localhost:9090/ - parameter "User-Agent" for 8 seconds using , response wait time was: 0.18837594986 seconds and response ID: 145. [Wed Feb 12 09:36:15 2020 - debug] PKS search for hostname: "localhost." returned 0 results. [Wed Feb 12 09:36:15 2020 - debug] finger_pks.discover(did="Roq60N1e",uri="http://localhost:9090/") took 5.78s to run [Wed Feb 12 09:36:15 2020 - debug] web_spider.discover(http://localhost:9090/, did=wKQcq2el) [Wed Feb 12 09:36:15 2020 - debug] [web_spider] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:15 2020 - debug] GET http://localhost:9090/cache_manifest returned HTTP code "404" (id=155,from_cache=0,grep=1,rtt=0.31,did=dnwn0NrZ) [Wed Feb 12 09:36:15 2020 - debug] GET http://localhost:9090/offline-manifest.php returned HTTP code "404" (id=153,from_cache=0,grep=1,rtt=0.08,did=noSmgFDa) [Wed Feb 12 09:36:15 2020 - debug] shell_shock.audit(did="2v0jCkwm",uri="http://localhost:9090/") took 5.05s to run (1.02s 20% sending HTTP requests) [Wed Feb 12 09:36:15 2020 - debug] GET http://localhost:9090/~nagios/ returned HTTP code "404" (id=156,from_cache=0,grep=1,rtt=0.09,did=GVIJt9yq) [Wed Feb 12 09:36:15 2020 - debug] Updating socket timeout for localhost from 4.41 to 3.00 seconds [Wed Feb 12 09:36:15 2020 - debug] urllist_txt.discover(did="MbfoOBoI",uri="http://localhost:9090/") took 1.61s to run [Wed Feb 12 09:36:15 2020 - debug] find_captchas.discover(http://localhost:9090/, did=4fnUpKXg) [Wed Feb 12 09:36:15 2020 - debug] [find_captchas] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:15 2020 - debug] GET http://localhost:9090/scanlogd/ returned HTTP code "404" (id=160,from_cache=0,grep=1,rtt=0.16,did=IEWB7PyP) [Wed Feb 12 09:36:15 2020 - debug] GET http://localhost:9090/pf/ returned HTTP code "404" (id=157,from_cache=0,grep=1,rtt=0.07,did=cbQAzYRX) [Wed Feb 12 09:36:15 2020 - debug] GET http://localhost:9090/iplog/ returned HTTP code "404" (id=158,from_cache=0,grep=1,rtt=0.12,did=TvQewvrL) [Wed Feb 12 09:36:15 2020 - debug] GET http://localhost:9090/gears-config.json returned HTTP code "404" (id=161,from_cache=0,grep=1,rtt=0.16,did=i67ShA1i) [Wed Feb 12 09:36:15 2020 - debug] Will increase timeout to 3.30 seconds after HTTP socket error (did:LThDS5w4) [Wed Feb 12 09:36:15 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.30 seconds [Wed Feb 12 09:36:15 2020 - debug] Raising HTTP error "RMDIR" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:LThDS5w4). [Wed Feb 12 09:36:16 2020 - debug] GET http://localhost:9090/gears_manifest returned HTTP code "404" (id=164,from_cache=0,grep=1,rtt=0.28,did=ExiZBmhQ) [Wed Feb 12 09:36:16 2020 - debug] GET http://localhost:9090/xfs/ returned HTTP code "404" (id=165,from_cache=0,grep=1,rtt=0.15,did=G9jgq6DC) [Wed Feb 12 09:36:16 2020 - debug] http_in_body.grep(uri="http://localhost:9090/robots.txt") took 1.01s to run [Wed Feb 12 09:36:16 2020 - debug] GET http://localhost:9090/gearsmanifest.gears returned HTTP code "404" (id=167,from_cache=0,grep=1,rtt=0.33,did=6OVfnhp7) [Wed Feb 12 09:36:16 2020 - debug] GET http://localhost:9090/~gdm/ returned HTTP code "404" (id=170,from_cache=0,grep=1,rtt=0.09,did=gaaJ43QP) [Wed Feb 12 09:36:16 2020 - debug] GET http://localhost:9090/~iplog/ returned HTTP code "404" (id=159,from_cache=0,grep=1,rtt=0.16,did=qcDSujWJ) [Wed Feb 12 09:36:16 2020 - debug] GET http://localhost:9090/~pf/ returned HTTP code "404" (id=163,from_cache=0,grep=1,rtt=0.37,did=aefschrE) [Wed Feb 12 09:36:16 2020 - debug] GET http://localhost:9090/manifest.gears returned HTTP code "404" (id=169,from_cache=0,grep=1,rtt=0.33,did=GN1HI1EG) [Wed Feb 12 09:36:16 2020 - debug] GET http://localhost:9090/gnats/ returned HTTP code "404" (id=168,from_cache=0,grep=1,rtt=0.16,did=MQHGQr7G) [Wed Feb 12 09:36:16 2020 - debug] GET http://localhost:9090/~scanlogd/ returned HTTP code "404" (id=171,from_cache=0,grep=1,rtt=0.40,did=AerbzGM2) [Wed Feb 12 09:36:16 2020 - debug] GET http://localhost:9090/gdm/ returned HTTP code "404" (id=166,from_cache=0,grep=1,rtt=0.14,did=uXPupoch) [Wed Feb 12 09:36:16 2020 - debug] GET http://localhost:9090/cache-manifest.txt returned HTTP code "404" (id=162,from_cache=0,grep=1,rtt=0.22,did=5IWutPaB) [Wed Feb 12 09:36:16 2020 - debug] expect_ct.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:16 2020 - debug] svn_users.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:16 2020 - debug] xss_protection_header.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:16 2020 - debug] private_ip.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:16 2020 - debug] motw.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:16 2020 - debug] meta_generator.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:16 2020 - debug] Will increase timeout to 3.63 seconds after HTTP socket error (did:RBIFiX0j) [Wed Feb 12 09:36:16 2020 - debug] Updating socket timeout for localhost from 3.30 to 3.63 seconds [Wed Feb 12 09:36:16 2020 - debug] Raising HTTP error "REPLY" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:RBIFiX0j). [Wed Feb 12 09:36:16 2020 - debug] get_emails.grep(uri="http://localhost:9090/wp-login.php") took 1.72s to run [Wed Feb 12 09:36:17 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=173,from_cache=0,grep=1,rtt=0.27,did=7GCqAfgR) [Wed Feb 12 09:36:17 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=11 returned HTTP code "200" (id=172,from_cache=0,grep=0,rtt=1.20,did=rsnB8XES) [Wed Feb 12 09:36:17 2020 - debug] GET http://localhost:9090/filesInCache.php returned HTTP code "404" (id=174,from_cache=0,grep=1,rtt=0.17,did=FoneocLL) [Wed Feb 12 09:36:17 2020 - debug] code_disclosure.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:17 2020 - debug] localhost:9090 connection pool stats (free:49 / in_use:1 / max:50 / total:50) [Wed Feb 12 09:36:17 2020 - debug] Connections with more in use time: (3ce9ab02a668de73, 0.00 sec) [Wed Feb 12 09:36:17 2020 - debug] GET http://localhost:9090/~_ntp/ returned HTTP code "404" (id=175,from_cache=0,grep=1,rtt=0.20,did=VYOmQXpN) [Wed Feb 12 09:36:17 2020 - debug] GET http://localhost:9090/~xfs/ returned HTTP code "404" (id=177,from_cache=0,grep=1,rtt=0.07,did=DibwDfVG) [Wed Feb 12 09:36:17 2020 - debug] GET http://localhost:9090/~gnats/ returned HTTP code "404" (id=179,from_cache=0,grep=1,rtt=0.16,did=k1G9QfdS) [Wed Feb 12 09:36:17 2020 - debug] GET http://localhost:9090/~www-data/ returned HTTP code "404" (id=176,from_cache=0,grep=1,rtt=0.25,did=g0r6Dn67) [Wed Feb 12 09:36:17 2020 - debug] GET http://localhost:9090/cachemanifest returned HTTP code "404" (id=181,from_cache=0,grep=1,rtt=0.10,did=ZSSDWZDD) [Wed Feb 12 09:36:17 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=178,from_cache=1,grep=1,rtt=0.03,did=BbS14ofy) [Wed Feb 12 09:36:17 2020 - debug] "http://localhost:9090/" (id:178, code:302, len:28, did:BbS14ofy) is NOT a 404 [URL 404 cache] [Wed Feb 12 09:36:17 2020 - debug] GET http://localhost:9090/www-data/ returned HTTP code "404" (id=182,from_cache=0,grep=1,rtt=0.29,did=bnvbVnk1) [Wed Feb 12 09:36:17 2020 - debug] form_cleartext_password.grep(uri="http://localhost:9090/robots.txt") took 0.61s to run [Wed Feb 12 09:36:17 2020 - debug] GET http://localhost:9090/~ntp/ returned HTTP code "404" (id=187,from_cache=0,grep=1,rtt=0.09,did=QUu3rt6p) [Wed Feb 12 09:36:17 2020 - debug] REPORT http://localhost:9090/ returned HTTP code "404" (id=188,from_cache=0,grep=1,rtt=0.26,did=IkjuCG6H) [Wed Feb 12 09:36:17 2020 - debug] localhost:9090 connection pool stats (free:40 / in_use:10 / max:50 / total:50) [Wed Feb 12 09:36:17 2020 - debug] GET http://localhost:9090/ntp/ returned HTTP code "404" (id=185,from_cache=0,grep=1,rtt=0.11,did=N162iday) [Wed Feb 12 09:36:18 2020 - debug] GET http://localhost:9090/sshd/ returned HTTP code "404" (id=180,from_cache=0,grep=1,rtt=0.04,did=OWfFv92o) [Wed Feb 12 09:36:18 2020 - debug] GET http://localhost:9090/~apache/ returned HTTP code "404" (id=186,from_cache=0,grep=1,rtt=0.17,did=oPfDULs8) [Wed Feb 12 09:36:18 2020 - debug] Unknown post-data. Content-type: "None" and/or post-data "" [Wed Feb 12 09:36:18 2020 - debug] serialized_object.grep(uri="http://localhost:9090/robots.txt") took 0.12s to run [Wed Feb 12 09:36:18 2020 - debug] blank_body.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:18 2020 - debug] path_disclosure.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:18 2020 - debug] strange_http_codes.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:18 2020 - debug] credit_cards.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:18 2020 - debug] websockets_links.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:18 2020 - debug] csp.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:18 2020 - debug] dom_xss.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:18 2020 - debug] GET http://localhost:9090/~sshd/ returned HTTP code "404" (id=184,from_cache=0,grep=1,rtt=0.05,did=3xFPVQvb) [Wed Feb 12 09:36:18 2020 - debug] GET http://localhost:9090/_ntp/ returned HTTP code "404" (id=183,from_cache=0,grep=1,rtt=0.13,did=a5EEVNhX) [Wed Feb 12 09:36:18 2020 - debug] GET http://localhost:9090/apache/ returned HTTP code "404" (id=191,from_cache=0,grep=1,rtt=0.18,did=p5QVABVX) [Wed Feb 12 09:36:18 2020 - debug] GET http://localhost:9090/gears_config.json returned HTTP code "404" (id=190,from_cache=0,grep=1,rtt=0.12,did=JnpmgnN5) [Wed Feb 12 09:36:18 2020 - debug] GET http://localhost:9090/sitemanifest.txt returned HTTP code "404" (id=189,from_cache=0,grep=1,rtt=0.24,did=KOvZFxcG) [Wed Feb 12 09:36:18 2020 - debug] Connections with more in use time: No connections marked as in_use have started to send the first byte. They are in_use but still inactive. The in_use connections are: 2efc049900345f70 5aa0b4376f902084 510958b4bb1ade75 ee57bf4e9093aa89 ea99060d2e3c1bee [Wed Feb 12 09:36:18 2020 - debug] GET http://localhost:9090/~postgres/ returned HTTP code "404" (id=194,from_cache=0,grep=1,rtt=0.12,did=3pD3IYGg) [Wed Feb 12 09:36:18 2020 - debug] GET http://localhost:9090/gears-manifest returned HTTP code "404" (id=192,from_cache=0,grep=1,rtt=0.19,did=taLnBFy4) [Wed Feb 12 09:36:18 2020 - debug] GET http://localhost:9090/mysql/ returned HTTP code "404" (id=198,from_cache=0,grep=1,rtt=0.33,did=yn62ObgV) [Wed Feb 12 09:36:19 2020 - debug] GET http://localhost:9090/~named/ returned HTTP code "404" (id=197,from_cache=0,grep=1,rtt=0.31,did=9Cs0uSmt) [Wed Feb 12 09:36:19 2020 - debug] GET http://localhost:9090/offline-manifest.gears returned HTTP code "404" (id=200,from_cache=0,grep=1,rtt=0.20,did=Hhd310AX) [Wed Feb 12 09:36:19 2020 - debug] GET http://localhost:9090/named/ returned HTTP code "404" (id=193,from_cache=0,grep=1,rtt=0.26,did=vaaAmKk8) [Wed Feb 12 09:36:19 2020 - debug] GET http://localhost:9090/~radiusd/ returned HTTP code "404" (id=201,from_cache=0,grep=1,rtt=0.08,did=MwKFX3eT) [Wed Feb 12 09:36:19 2020 - debug] GET http://localhost:9090/offline_manifest.php returned HTTP code "404" (id=195,from_cache=0,grep=1,rtt=0.27,did=mHzqi3vZ) [Wed Feb 12 09:36:19 2020 - debug] GET http://localhost:9090/~mysql/ returned HTTP code "404" (id=199,from_cache=0,grep=1,rtt=0.20,did=x1QTlmLT) [Wed Feb 12 09:36:19 2020 - debug] GET http://localhost:9090/cache_manifest.txt returned HTTP code "404" (id=202,from_cache=0,grep=1,rtt=0.22,did=Z1FXTOvz) [Wed Feb 12 09:36:20 2020 - debug] GET http://localhost:9090/postgres/ returned HTTP code "404" (id=196,from_cache=0,grep=1,rtt=0.13,did=seMTHYRw) [Wed Feb 12 09:36:20 2020 - debug] GET http://localhost:9090/site-manifest.json returned HTTP code "404" (id=203,from_cache=0,grep=1,rtt=0.08,did=Q9UeBvIb) [Wed Feb 12 09:36:20 2020 - debug] UNLINK http://localhost:9090/ returned HTTP code "404" (id=207,from_cache=0,grep=1,rtt=0.22,did=8wp10ZFH) [Wed Feb 12 09:36:20 2020 - debug] GET http://localhost:9090/radiusd/ returned HTTP code "404" (id=206,from_cache=0,grep=1,rtt=0.09,did=DVNuX832) [Wed Feb 12 09:36:20 2020 - debug] GET http://localhost:9090/filesInCache.gears returned HTTP code "404" (id=204,from_cache=0,grep=1,rtt=0.28,did=DAiLlYdA) [Wed Feb 12 09:36:20 2020 - debug] GET http://localhost:9090/~ircd/ returned HTTP code "404" (id=208,from_cache=0,grep=1,rtt=0.24,did=ALSKKGf4) [Wed Feb 12 09:36:20 2020 - debug] GET http://localhost:9090/ircd/ returned HTTP code "404" (id=205,from_cache=0,grep=1,rtt=0.11,did=WxIjUv9Y) [Wed Feb 12 09:36:20 2020 - debug] GET http://localhost:9090/hacluster/ returned HTTP code "404" (id=209,from_cache=0,grep=1,rtt=0.17,did=dlAFrR5A) [Wed Feb 12 09:36:20 2020 - debug] GET http://localhost:9090/~tinysnmp/ returned HTTP code "404" (id=213,from_cache=0,grep=1,rtt=0.10,did=Y5Lpz5v9) [Wed Feb 12 09:36:20 2020 - debug] GET http://localhost:9090/tinysnmp/ returned HTTP code "404" (id=212,from_cache=0,grep=1,rtt=0.27,did=xl3IGUhQ) [Wed Feb 12 09:36:20 2020 - debug] "http://localhost:9090/" (id:178, code:302, len:28, did:BbS14ofy) is NOT a 404 [URL 404 cache] [Wed Feb 12 09:36:20 2020 - debug] GET http://localhost:9090/gears_manifest.txt returned HTTP code "404" (id=214,from_cache=0,grep=1,rtt=0.10,did=wnDr8QLe) [Wed Feb 12 09:36:20 2020 - debug] localhost:9090 connection pool stats (free:43 / in_use:7 / max:50 / total:50) [Wed Feb 12 09:36:20 2020 - debug] Connections with more in use time: (859514ff2302e122, 0.33 sec) (8e309178b5b40c35, 0.18 sec) (2efc049900345f70, 0.15 sec) (d18056b97c7890a7, 0.09 sec) (ea99060d2e3c1bee, 0.08 sec) [Wed Feb 12 09:36:20 2020 - debug] GET http://localhost:9090/manifest returned HTTP code "404" (id=210,from_cache=0,grep=1,rtt=0.12,did=koVgfOlR) [Wed Feb 12 09:36:20 2020 - debug] GET http://localhost:9090/~hacluster/ returned HTTP code "404" (id=211,from_cache=0,grep=1,rtt=0.08,did=ciMhvsTZ) [Wed Feb 12 09:36:21 2020 - debug] GET http://localhost:9090/plone/ returned HTTP code "404" (id=218,from_cache=0,grep=1,rtt=0.36,did=GxnoWTK7) [Wed Feb 12 09:36:21 2020 - debug] NOTIFY http://localhost:9090/ returned HTTP code "404" (id=219,from_cache=0,grep=1,rtt=0.20,did=zj3kAWt9) [Wed Feb 12 09:36:21 2020 - debug] GET http://localhost:9090/zope/ returned HTTP code "404" (id=215,from_cache=0,grep=1,rtt=0.06,did=ndUalIrb) [Wed Feb 12 09:36:21 2020 - debug] GET http://localhost:9090/gearsmanifest returned HTTP code "404" (id=216,from_cache=0,grep=1,rtt=0.05,did=iVVV7KWA) [Wed Feb 12 09:36:21 2020 - debug] text_file.flush() took 0.00s to run [Wed Feb 12 09:36:21 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn" [Wed Feb 12 09:36:21 2020 - debug] console.flush() took 0.00s to run [Wed Feb 12 09:36:21 2020 - debug] GET http://localhost:9090/tinydns/ returned HTTP code "404" (id=220,from_cache=0,grep=1,rtt=0.20,did=fyV76GdR) [Wed Feb 12 09:36:21 2020 - debug] GET http://localhost:9090/offlinemanifest.php returned HTTP code "404" (id=217,from_cache=0,grep=1,rtt=0.18,did=yZqz83LZ) [Wed Feb 12 09:36:21 2020 - debug] GET http://localhost:9090/gearsconfig.json returned HTTP code "404" (id=227,from_cache=0,grep=1,rtt=0.15,did=S7WceWwP) [Wed Feb 12 09:36:21 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 96, 'reject-seen-url': 26, 'reject-out-of-scope': 4, 'accept': 24} [Wed Feb 12 09:36:21 2020 - debug] GET http://localhost:9090/interch/ returned HTTP code "404" (id=228,from_cache=0,grep=1,rtt=0.10,did=dEFPBI5N) [Wed Feb 12 09:36:21 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 96, 'reject-seen-url': 26, 'reject-out-of-scope': 4, 'accept': 24} [Wed Feb 12 09:36:21 2020 - debug] GET http://localhost:9090/pwhois/ returned HTTP code "404" (id=229,from_cache=0,grep=1,rtt=0.19,did=WhRt5HbA) [Wed Feb 12 09:36:21 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 96, 'reject-seen-url': 26, 'reject-out-of-scope': 4, 'accept': 24} [Wed Feb 12 09:36:21 2020 - debug] GET http://localhost:9090/~zope/ returned HTTP code "404" (id=226,from_cache=0,grep=1,rtt=0.26,did=ceYFFmEQ) [Wed Feb 12 09:36:21 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 96, 'reject-seen-url': 26, 'reject-out-of-scope': 4, 'accept': 24} [Wed Feb 12 09:36:21 2020 - debug] GET http://localhost:9090/ldapdns/ returned HTTP code "404" (id=223,from_cache=0,grep=1,rtt=0.19,did=99XXNAST) [Wed Feb 12 09:36:21 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 96, 'reject-seen-url': 26, 'reject-out-of-scope': 4, 'accept': 24} [Wed Feb 12 09:36:21 2020 - debug] GET http://localhost:9090/rbldns/ returned HTTP code "404" (id=233,from_cache=0,grep=1,rtt=0.19,did=xGlTsq36) [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/~plone/ returned HTTP code "404" (id=235,from_cache=0,grep=1,rtt=0.43,did=4bZZGq2b) [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/~rbldns/ returned HTTP code "404" (id=238,from_cache=0,grep=1,rtt=0.52,did=seiSZ1hI) [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/site_manifest.json returned HTTP code "404" (id=224,from_cache=0,grep=1,rtt=0.35,did=cfxVjuD3) [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/~ldapdns/ returned HTTP code "404" (id=225,from_cache=0,grep=1,rtt=0.13,did=BDiAobdY) [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=222,from_cache=0,grep=1,rtt=0.29,did=ZewVT46M) [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/~tinydns/ returned HTTP code "404" (id=221,from_cache=0,grep=1,rtt=0.10,did=n5d10TPn) [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/offline_manifest.gears returned HTTP code "404" (id=236,from_cache=0,grep=1,rtt=0.12,did=jJquFM6K) [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/~interch/ returned HTTP code "404" (id=239,from_cache=0,grep=1,rtt=0.15,did=Q1AmmDcw) [Wed Feb 12 09:36:22 2020 - debug] Updating socket timeout for localhost from 3.63 to 3.00 seconds [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/~dnsbl/ returned HTTP code "404" (id=232,from_cache=0,grep=1,rtt=0.34,did=uSWZCpkb) [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/~pwhois/ returned HTTP code "404" (id=243,from_cache=0,grep=1,rtt=0.46,did=9PyGEoFo) [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/cachemanifest.txt returned HTTP code "404" (id=237,from_cache=0,grep=1,rtt=0.24,did=WdGXu7HH) [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/dhcp-fwd/ returned HTTP code "404" (id=241,from_cache=0,grep=1,rtt=0.31,did=BkBwQJt2) [Wed Feb 12 09:36:22 2020 - debug] GET http://localhost:9090/~dhcp-fwd/ returned HTTP code "404" (id=240,from_cache=0,grep=1,rtt=0.34,did=MJcW0RDP) [Wed Feb 12 09:36:23 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=21 returned HTTP code "200" (id=234,from_cache=0,grep=0,rtt=1.19,did=t7QQhWbS) [Wed Feb 12 09:36:23 2020 - debug] GET http://localhost:9090/crossdomain.xml returned HTTP code "404" (id=231,from_cache=0,grep=1,rtt=0.11,did=Zfb07nZW) [Wed Feb 12 09:36:23 2020 - debug] GET http://localhost:9090/dnsbl/ returned HTTP code "404" (id=230,from_cache=0,grep=1,rtt=0.32,did=aJdMEVoL) [Wed Feb 12 09:36:23 2020 - debug] GET http://localhost:9090/~tclhttpd/ returned HTTP code "404" (id=242,from_cache=0,grep=1,rtt=0.09,did=CPekFJeY) [Wed Feb 12 09:36:23 2020 - debug] OPTIONS http://localhost:9090/ returned HTTP code "200" (id=245,from_cache=0,grep=1,rtt=0.17,did=ISYYTaKR) [Wed Feb 12 09:36:23 2020 - debug] GET http://localhost:9090/tclhttpd/ returned HTTP code "404" (id=246,from_cache=0,grep=1,rtt=0.43,did=87Yl1mZ2) [Wed Feb 12 09:36:23 2020 - debug] GET http://localhost:9090/gears-manifest.txt returned HTTP code "404" (id=244,from_cache=0,grep=1,rtt=0.16,did=9vJzceic) [Wed Feb 12 09:36:23 2020 - debug] localhost:9090 connection pool stats (free:50 / in_use:0 / max:50 / total:50) [Wed Feb 12 09:36:23 2020 - debug] There are no connections marked as in use in the connection pool at this time [Wed Feb 12 09:36:23 2020 - debug] GET http://localhost:9090/cyphesis/ returned HTTP code "404" (id=247,from_cache=0,grep=1,rtt=0.16,did=7FQzKZjW) [Wed Feb 12 09:36:23 2020 - debug] detailed.has_active_session() and detailed.login() [Wed Feb 12 09:36:23 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: F9q5iRsP) [Wed Feb 12 09:36:23 2020 - debug] GET http://localhost:9090/lum/ returned HTTP code "404" (id=248,from_cache=0,grep=1,rtt=0.09,did=TKrnW9rd) [Wed Feb 12 09:36:23 2020 - debug] GET http://localhost:9090/filesInCache returned HTTP code "404" (id=249,from_cache=0,grep=1,rtt=0.06,did=Vlvnmv40) [Wed Feb 12 09:36:23 2020 - debug] GET http://localhost:9090/sitemanifest.json returned HTTP code "404" (id=252,from_cache=0,grep=1,rtt=0.02,did=1cijyE03) [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/~lum/ returned HTTP code "404" (id=250,from_cache=0,grep=1,rtt=0.07,did=4AtOXN6y) [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/offline-manifest returned HTTP code "404" (id=251,from_cache=0,grep=1,rtt=0.08,did=zBJyewuL) [Wed Feb 12 09:36:24 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 119, 'reject-seen-url': 28, 'reject-out-of-scope': 4, 'accept': 24} [Wed Feb 12 09:36:24 2020 - debug] Will increase timeout to 3.30 seconds after HTTP socket error (did:4oCM9DF5) [Wed Feb 12 09:36:24 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.30 seconds [Wed Feb 12 09:36:24 2020 - debug] Raising HTTP error "BASELINE_CONTROL" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:4oCM9DF5). [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/~otrs/ returned HTTP code "404" (id=255,from_cache=0,grep=1,rtt=0.12,did=niSAHU8y) [Wed Feb 12 09:36:24 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 119, 'reject-seen-url': 28, 'reject-out-of-scope': 4, 'accept': 24} [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/~jive/ returned HTTP code "404" (id=256,from_cache=0,grep=1,rtt=0.12,did=UXKG1IeG) [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/cache-manifest.json returned HTTP code "404" (id=258,from_cache=0,grep=1,rtt=0.29,did=ZO1vpzzA) [Wed Feb 12 09:36:24 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 119, 'reject-seen-url': 28, 'reject-out-of-scope': 4, 'accept': 24} [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/~cyphesis/ returned HTTP code "404" (id=253,from_cache=0,grep=1,rtt=0.19,did=OYK4wofi) [Wed Feb 12 09:36:24 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 119, 'reject-seen-url': 28, 'reject-out-of-scope': 4, 'accept': 24} [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/opencm/ returned HTTP code "404" (id=254,from_cache=0,grep=1,rtt=0.14,did=PdxFSIdg) [Wed Feb 12 09:36:24 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 119, 'reject-seen-url': 28, 'reject-out-of-scope': 4, 'accept': 24} [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/offlinemanifest.gears returned HTTP code "404" (id=262,from_cache=0,grep=1,rtt=0.33,did=RwWSKncg) [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/kavuser/ returned HTTP code "404" (id=263,from_cache=0,grep=1,rtt=0.24,did=cqNsBb15) [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/~opencm/ returned HTTP code "404" (id=261,from_cache=0,grep=1,rtt=0.21,did=pNKh7myy) [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=259,from_cache=0,grep=0,rtt=0.17,did=F9q5iRsP) [Wed Feb 12 09:36:24 2020 - debug] [auth.detailed] User "admin" is currently logged into the application (did: F9q5iRsP) [Wed Feb 12 09:36:24 2020 - debug] detailed._login() took 0.62s to run [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/manifest.txt returned HTTP code "404" (id=264,from_cache=0,grep=1,rtt=0.22,did=mNAHrr92) [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/~kavuser/ returned HTTP code "404" (id=260,from_cache=0,grep=1,rtt=0.15,did=KpkqDr8o) [Wed Feb 12 09:36:24 2020 - debug] GET http://localhost:9090/Debian-exim/ returned HTTP code "404" (id=267,from_cache=1,grep=1,rtt=0.26,did=IYIZqbHe) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/~Debian-exim/ returned HTTP code "404" (id=268,from_cache=1,grep=1,rtt=0.22,did=tnbMEsRE) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/otrs/ returned HTTP code "404" (id=257,from_cache=0,grep=1,rtt=0.26,did=jjqGk96y) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/clientaccesspolicy.xml returned HTTP code "404" (id=270,from_cache=0,grep=1,rtt=0.10,did=333If6dM) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/jive/ returned HTTP code "404" (id=265,from_cache=0,grep=1,rtt=0.13,did=S1TBPoKY) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/www-data/ returned HTTP code "404" (id=271,from_cache=1,grep=1,rtt=0.29,did=IjXbDOR8) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/~kmem/ returned HTTP code "404" (id=269,from_cache=0,grep=1,rtt=0.01,did=bfiAlETH) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/~www-data/ returned HTTP code "404" (id=272,from_cache=1,grep=1,rtt=0.25,did=Neb28eIC) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/~amavis/ returned HTTP code "404" (id=273,from_cache=0,grep=1,rtt=0.10,did=RsHF7slP) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/gears-config.php returned HTTP code "404" (id=266,from_cache=0,grep=1,rtt=0.26,did=q7R85vtd) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/debian-tor/ returned HTTP code "404" (id=274,from_cache=1,grep=1,rtt=0.16,did=Wxc8dnaG) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/~debian-tor/ returned HTTP code "404" (id=275,from_cache=1,grep=1,rtt=0.26,did=KiUbGWZb) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/gearsmanifest.txt returned HTTP code "404" (id=276,from_cache=0,grep=1,rtt=0.03,did=figWN5Gn) [Wed Feb 12 09:36:25 2020 - debug] localhost:9090 connection pool stats (free:50 / in_use:0 / max:50 / total:50) [Wed Feb 12 09:36:25 2020 - debug] There are no connections marked as in use in the connection pool at this time [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/kmem/ returned HTTP code "404" (id=277,from_cache=0,grep=1,rtt=0.02,did=64Odu11J) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/amavis/ returned HTTP code "404" (id=278,from_cache=0,grep=1,rtt=0.24,did=ReBV4CvJ) [Wed Feb 12 09:36:25 2020 - debug] SEARCH http://localhost:9090/ returned HTTP code "404" (id=279,from_cache=0,grep=1,rtt=0.21,did=ngmvfw4e) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/site-manifest.php returned HTTP code "404" (id=280,from_cache=0,grep=1,rtt=0.04,did=MKnSdSfo) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/gears-config.gears returned HTTP code "404" (id=282,from_cache=0,grep=1,rtt=0.07,did=G5iRy8Lo) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/nobody/ returned HTTP code "404" (id=286,from_cache=0,grep=1,rtt=0.29,did=b0km9pmX) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/admin/ returned HTTP code "404" (id=284,from_cache=0,grep=1,rtt=0.06,did=2BDLmN9a) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/www/ returned HTTP code "404" (id=283,from_cache=0,grep=1,rtt=0.18,did=g3sZC9c6) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/~test/ returned HTTP code "404" (id=290,from_cache=0,grep=1,rtt=0.09,did=oNhSp5wh) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/root/ returned HTTP code "404" (id=285,from_cache=0,grep=1,rtt=0.28,did=DiWtoTvs) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/~root/ returned HTTP code "404" (id=293,from_cache=0,grep=1,rtt=0.24,did=V8gn8fS0) [Wed Feb 12 09:36:25 2020 - debug] Will increase timeout to 3.63 seconds after HTTP socket error (did:jfTuL5go) [Wed Feb 12 09:36:25 2020 - debug] Updating socket timeout for localhost from 3.30 to 3.63 seconds [Wed Feb 12 09:36:25 2020 - debug] Raising HTTP error "POLL" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:jfTuL5go). [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/~www/ returned HTTP code "404" (id=281,from_cache=0,grep=1,rtt=0.06,did=3bVdaAlk) [Wed Feb 12 09:36:25 2020 - debug] find_captchas.discover(did="4fnUpKXg",uri="http://localhost:9090/") took 5.72s to run [Wed Feb 12 09:36:25 2020 - debug] oracle_discovery.discover(http://localhost:9090/, did=wjUj42dv) [Wed Feb 12 09:36:25 2020 - debug] [oracle_discovery] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/~admin/ returned HTTP code "404" (id=288,from_cache=0,grep=1,rtt=0.19,did=zkNEsIAK) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/~ftp/ returned HTTP code "404" (id=295,from_cache=0,grep=1,rtt=0.10,did=uHrcGAcM) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/localhost.tar.gz returned HTTP code "404" (id=296,from_cache=0,grep=1,rtt=0.24,did=USvpLrDP) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/offline_manifest returned HTTP code "404" (id=291,from_cache=0,grep=1,rtt=0.19,did=PUkv25Nj) [Wed Feb 12 09:36:25 2020 - debug] localhost:9090 connection pool stats (free:48 / in_use:2 / max:50 / total:50) [Wed Feb 12 09:36:25 2020 - debug] Connections with more in use time: (ea99060d2e3c1bee, 0.23 sec) (8e309178b5b40c35, 0.10 sec) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/ftp/ returned HTTP code "404" (id=289,from_cache=0,grep=1,rtt=0.07,did=Ks0kK5KN) [Wed Feb 12 09:36:25 2020 - debug] GET http://localhost:9090/~nobody/ returned HTTP code "404" (id=287,from_cache=0,grep=1,rtt=0.32,did=X8gpPU7Q) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/~backup/ returned HTTP code "404" (id=297,from_cache=0,grep=1,rtt=0.21,did=0DdneJQR) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/cache_manifest.json returned HTTP code "404" (id=292,from_cache=0,grep=1,rtt=0.25,did=Sdxcbk3N) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/backup/ returned HTTP code "404" (id=294,from_cache=0,grep=1,rtt=0.10,did=A5ihJTkS) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/test/ returned HTTP code "404" (id=298,from_cache=0,grep=1,rtt=0.13,did=j3IX6jQC) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/gears_config.php returned HTTP code "404" (id=299,from_cache=0,grep=1,rtt=0.18,did=St1hMYEO) [Wed Feb 12 09:36:26 2020 - debug] Will increase timeout to 3.99 seconds after HTTP socket error (did:PfC3TqEM) [Wed Feb 12 09:36:26 2020 - debug] Updating socket timeout for localhost from 3.63 to 3.99 seconds [Wed Feb 12 09:36:26 2020 - debug] Raising HTTP error "PIN" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:PfC3TqEM). [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/localhost.cab returned HTTP code "404" (id=302,from_cache=0,grep=1,rtt=0.11,did=2cfh4KQG) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/localhost.gz returned HTTP code "404" (id=303,from_cache=0,grep=1,rtt=0.14,did=gc2AReof) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/localhost.gzip returned HTTP code "404" (id=305,from_cache=0,grep=1,rtt=0.07,did=YxQsOBS0) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/offline-manifest.txt returned HTTP code "404" (id=306,from_cache=0,grep=1,rtt=0.07,did=IGvzABp5) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/localhost.tgz returned HTTP code "404" (id=304,from_cache=0,grep=1,rtt=0.13,did=IbX5Xlxs) [Wed Feb 12 09:36:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 0. [Wed Feb 12 09:36:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 1. [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/gears_manifest.json returned HTTP code "404" (id=307,from_cache=0,grep=1,rtt=0.41,did=T9Qm717q) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/localhost.bzip2 returned HTTP code "404" (id=308,from_cache=0,grep=1,rtt=0.24,did=9l2EtHN5) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/localhost.7z returned HTTP code "404" (id=301,from_cache=0,grep=1,rtt=0.10,did=vL61qFEQ) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/localhost.zip returned HTTP code "404" (id=309,from_cache=0,grep=1,rtt=0.04,did=YPgS4OjZ) [Wed Feb 12 09:36:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 2. [Wed Feb 12 09:36:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 3. [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=311,from_cache=0,grep=0,rtt=0.06,did=i7uBkgYg) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=314,from_cache=0,grep=1,rtt=0.13,did=iXoUgwiy) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/offlinemanifest returned HTTP code "404" (id=313,from_cache=0,grep=1,rtt=0.29,did=hvxXYdNl) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/gears_config.gears returned HTTP code "404" (id=310,from_cache=0,grep=1,rtt=0.11,did=LNZiqVMl) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/NCC-Shell.php returned HTTP code "404" (id=312,from_cache=0,grep=1,rtt=0.05,did=oJo9gpaw) [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/localhost.rar returned HTTP code "404" (id=315,from_cache=0,grep=1,rtt=0.16,did=3yaYx3My) [Wed Feb 12 09:36:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 4. [Wed Feb 12 09:36:26 2020 - debug] GET http://localhost:9090/cachemanifest.json returned HTTP code "404" (id=318,from_cache=0,grep=1,rtt=0.02,did=GAM2JSpG) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/iMHaPFtp.php returned HTTP code "404" (id=317,from_cache=0,grep=1,rtt=0.06,did=EQZjHEIC) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/php-backdoor.php returned HTTP code "404" (id=316,from_cache=0,grep=1,rtt=0.09,did=UitwIPXF) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/matamu.php returned HTTP code "404" (id=320,from_cache=0,grep=1,rtt=0.10,did=ZVPk8Kz4) [Wed Feb 12 09:36:27 2020 - debug] Updating socket timeout for localhost from 3.99 to 3.00 seconds [Wed Feb 12 09:36:27 2020 - debug] Will increase timeout to 3.30 seconds after HTTP socket error (did:vWjUqtnn) [Wed Feb 12 09:36:27 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.30 seconds [Wed Feb 12 09:36:27 2020 - debug] Raising HTTP error "CHECKIN" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:vWjUqtnn). [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/cmd.php returned HTTP code "404" (id=321,from_cache=0,grep=1,rtt=0.08,did=oWLzlL4v) [Wed Feb 12 09:36:27 2020 - debug] localhost:9090 connection pool stats (free:47 / in_use:2 / max:50 / total:49) [Wed Feb 12 09:36:27 2020 - debug] Connections with more in use time: (859514ff2302e122, 0.09 sec) (5aa0b4376f902084, 0.03 sec) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/site_manifest.php returned HTTP code "404" (id=319,from_cache=0,grep=1,rtt=0.15,did=oh82kvQc) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/gearsconfig.php returned HTTP code "404" (id=322,from_cache=0,grep=1,rtt=0.22,did=qUbTOsuN) [Wed Feb 12 09:36:27 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 5. [Wed Feb 12 09:36:27 2020 - debug] user_dir.discover(did="O0hJZvrR",uri="http://localhost:9090/") took 12.58s to run [Wed Feb 12 09:36:27 2020 - debug] wsdl_finder.discover(http://localhost:9090/, did=FOctPWve) [Wed Feb 12 09:36:27 2020 - debug] [wsdl_finder] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/mysql_tool.php returned HTTP code "404" (id=323,from_cache=0,grep=1,rtt=0.25,did=AGEum8il) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/cybershell.php returned HTTP code "404" (id=326,from_cache=0,grep=1,rtt=0.18,did=ouYSS00W) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/lamashell.php returned HTTP code "404" (id=324,from_cache=0,grep=1,rtt=0.26,did=MgcfJ88Y) [Wed Feb 12 09:36:27 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 6. [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/c99_PSych0.php returned HTTP code "404" (id=325,from_cache=0,grep=1,rtt=0.05,did=67PjNb3Z) [Wed Feb 12 09:36:27 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 167, 'reject-seen-url': 36, 'reject-out-of-scope': 4, 'accept': 43} [Wed Feb 12 09:36:27 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 167, 'reject-seen-url': 36, 'reject-out-of-scope': 4, 'accept': 43} [Wed Feb 12 09:36:27 2020 - debug] Will increase timeout to 3.63 seconds after HTTP socket error (did:at79U8jZ) [Wed Feb 12 09:36:27 2020 - debug] Updating socket timeout for localhost from 3.30 to 3.63 seconds [Wed Feb 12 09:36:27 2020 - debug] Raising HTTP error "*" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:at79U8jZ). [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/Crystal.php returned HTTP code "404" (id=328,from_cache=0,grep=1,rtt=0.06,did=ENqWMveD) [Wed Feb 12 09:36:27 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 167, 'reject-seen-url': 36, 'reject-out-of-scope': 4, 'accept': 43} [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/accept_language.php returned HTTP code "404" (id=329,from_cache=0,grep=1,rtt=0.10,did=2FcOlNue) [Wed Feb 12 09:36:27 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 167, 'reject-seen-url': 36, 'reject-out-of-scope': 4, 'accept': 43} [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/c99_locus7s.php returned HTTP code "404" (id=327,from_cache=0,grep=1,rtt=0.12,did=N73ZhSmq) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/ru24_post_sh.php returned HTTP code "404" (id=330,from_cache=0,grep=1,rtt=0.12,did=u78H0P49) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/gears-config returned HTTP code "404" (id=331,from_cache=0,grep=1,rtt=0.06,did=zW2elTxA) [Wed Feb 12 09:36:27 2020 - debug] Will increase timeout to 3.99 seconds after HTTP socket error (did:Y0IhAE2b) [Wed Feb 12 09:36:27 2020 - debug] Updating socket timeout for localhost from 3.63 to 3.99 seconds [Wed Feb 12 09:36:27 2020 - debug] Raising HTTP error "CONNECT" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:Y0IhAE2b). [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/r57_iFX.php returned HTTP code "404" (id=333,from_cache=0,grep=1,rtt=0.07,did=uPo5Fsth) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/gears-manifest.json returned HTTP code "404" (id=335,from_cache=0,grep=1,rtt=0.21,did=j8mgcj9a) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/offline_manifest.txt returned HTTP code "404" (id=336,from_cache=0,grep=1,rtt=0.31,did=D8s79Mxy) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/mysql.php returned HTTP code "404" (id=332,from_cache=0,grep=1,rtt=0.05,did=sO6IT1Qs) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/gearsconfig.gears returned HTTP code "404" (id=337,from_cache=0,grep=1,rtt=0.25,did=2wydUMNh) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/pws.php returned HTTP code "404" (id=334,from_cache=0,grep=1,rtt=0.05,did=sEEbSjnJ) [Wed Feb 12 09:36:27 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 7. [Wed Feb 12 09:36:27 2020 - debug] localhost:9090 connection pool stats (free:39 / in_use:11 / max:50 / total:50) [Wed Feb 12 09:36:27 2020 - debug] Connections with more in use time: (fe7e87f27a03e2ee, 0.09 sec) (859514ff2302e122, 0.07 sec) (8e309178b5b40c35, 0.06 sec) (5aa0b4376f902084, 0.06 sec) (2209cc403a0c5f20, 0.05 sec) [Wed Feb 12 09:36:27 2020 - debug] GET http://localhost:9090/simple-backdoor.php returned HTTP code "404" (id=338,from_cache=0,grep=1,rtt=0.14,did=R5dZBDyV) [Wed Feb 12 09:36:27 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 8. [Wed Feb 12 09:36:27 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 9. [Wed Feb 12 09:36:27 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 10. [Wed Feb 12 09:36:28 2020 - debug] CHECKOUT http://localhost:9090/ returned HTTP code "404" (id=340,from_cache=0,grep=1,rtt=0.09,did=2ISZS2nm) [Wed Feb 12 09:36:28 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 11. [Wed Feb 12 09:36:28 2020 - debug] GET http://localhost:9090/rootshell.php returned HTTP code "404" (id=339,from_cache=0,grep=1,rtt=0.05,did=w8j3ELlr) [Wed Feb 12 09:36:28 2020 - debug] GET http://localhost:9090/Private-i3lue.php returned HTTP code "404" (id=349,from_cache=0,grep=1,rtt=0.10,did=KCX1U9Gt) [Wed Feb 12 09:36:28 2020 - debug] GET http://localhost:9090/manifest.json returned HTTP code "404" (id=342,from_cache=0,grep=1,rtt=0.24,did=mdq9mvnw) [Wed Feb 12 09:36:28 2020 - debug] GET http://localhost:9090/c99_madnet.php returned HTTP code "404" (id=343,from_cache=0,grep=1,rtt=0.22,did=huhd59rs) [Wed Feb 12 09:36:28 2020 - debug] GET http://localhost:9090/c99_w4cking.php returned HTTP code "404" (id=347,from_cache=0,grep=1,rtt=0.28,did=by6XW5zq) [Wed Feb 12 09:36:28 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=31 returned HTTP code "200" (id=341,from_cache=0,grep=0,rtt=3.40,did=ENvrDM8n) [Wed Feb 12 09:36:28 2020 - debug] GET http://localhost:9090/gfs_sh.php returned HTTP code "404" (id=350,from_cache=0,grep=1,rtt=0.35,did=Fjx22Hh5) [Wed Feb 12 09:36:28 2020 - debug] GET http://localhost:9090/r57_Mohajer22.php returned HTTP code "404" (id=348,from_cache=0,grep=1,rtt=0.36,did=yk2dE9Nd) [Wed Feb 12 09:36:28 2020 - debug] GET http://localhost:9090/Dx.php returned HTTP code "404" (id=351,from_cache=0,grep=1,rtt=0.26,did=2YouYTUb) [Wed Feb 12 09:36:28 2020 - debug] GET http://localhost:9090/cache-manifest.php returned HTTP code "404" (id=352,from_cache=0,grep=1,rtt=0.38,did=tHp9UZhX) [Wed Feb 12 09:36:28 2020 - debug] GET http://localhost:9090/ctt_sh.php returned HTTP code "404" (id=345,from_cache=0,grep=1,rtt=0.29,did=CDTi05zb) [Wed Feb 12 09:36:28 2020 - debug] GET http://localhost:9090/c99.php returned HTTP code "404" (id=356,from_cache=0,grep=1,rtt=0.38,did=Id06IN6Y) [Wed Feb 12 09:36:29 2020 - debug] url_fuzzer.discover(did="WPPCljOO",uri="http://localhost:9090/") took 10.40s to run [Wed Feb 12 09:36:29 2020 - debug] GET http://localhost:9090/PHPJackal.php returned HTTP code "404" (id=354,from_cache=0,grep=1,rtt=0.34,did=iY173L7h) [Wed Feb 12 09:36:29 2020 - debug] GET http://localhost:9090/elarn returned HTTP code "404" (id=359,from_cache=0,grep=0,rtt=0.30,did=i7uBkgYg) [Wed Feb 12 09:36:29 2020 - debug] Received response for 404 URL http://localhost:9090/elarn (id:359, did:i7uBkgYg, len:144) [Wed Feb 12 09:36:29 2020 - debug] GET http://localhost:9090/phpshell.php returned HTTP code "404" (id=346,from_cache=0,grep=1,rtt=0.27,did=Um2bSgkF) [Wed Feb 12 09:36:29 2020 - debug] GET http://localhost:9090/ironshell.php returned HTTP code "404" (id=355,from_cache=0,grep=1,rtt=0.42,did=TOrji0NJ) [Wed Feb 12 09:36:29 2020 - debug] wordpress_enumerate_users.discover(http://localhost:9090/, did=H0d783y7) [Wed Feb 12 09:36:29 2020 - debug] [wordpress_enumerate_users] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:29 2020 - debug] Will increase timeout to 4.39 seconds after HTTP socket error (did:SzxUtG5W) [Wed Feb 12 09:36:29 2020 - debug] Updating socket timeout for localhost from 3.99 to 4.39 seconds [Wed Feb 12 09:36:29 2020 - debug] Raising HTTP error "LABEL" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:SzxUtG5W). [Wed Feb 12 09:36:29 2020 - debug] GET http://localhost:9090/load_shell.php returned HTTP code "404" (id=357,from_cache=0,grep=1,rtt=0.36,did=SCBRshOZ) [Wed Feb 12 09:36:29 2020 - debug] GET http://localhost:9090/nstview.php returned HTTP code "404" (id=353,from_cache=0,grep=1,rtt=0.13,did=ACnzzXCp) [Wed Feb 12 09:36:29 2020 - debug] GET http://localhost:9090/zacosmall.php returned HTTP code "404" (id=358,from_cache=0,grep=1,rtt=0.31,did=CcA0ptDJ) [Wed Feb 12 09:36:29 2020 - debug] GET http://localhost:9090/sitemanifest.php returned HTTP code "404" (id=344,from_cache=0,grep=1,rtt=0.24,did=YZPVvvBF) [Wed Feb 12 09:36:29 2020 - debug] GET http://localhost:9090/r57_kartal.php returned HTTP code "404" (id=361,from_cache=0,grep=1,rtt=0.17,did=Z2nIM3aT) [Wed Feb 12 09:36:29 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 191, 'reject-seen-url': 37, 'reject-out-of-scope': 4, 'accept': 43} [Wed Feb 12 09:36:29 2020 - debug] GET http://localhost:9090/NetworkFileManagerPHP.php returned HTTP code "404" (id=360,from_cache=0,grep=1,rtt=0.11,did=v0RvTTsy) [Wed Feb 12 09:36:29 2020 - debug] GET http://localhost:9090/c100shell.php returned HTTP code "404" (id=364,from_cache=0,grep=1,rtt=0.06,did=LvTsPMPs) [Wed Feb 12 09:36:30 2020 - debug] GET http://localhost:9090/Uploader.php returned HTTP code "404" (id=366,from_cache=0,grep=1,rtt=0.10,did=Zu99xjZx) [Wed Feb 12 09:36:30 2020 - debug] "http://localhost:9090/learn" (id:311, code:200, len:10863, did:i7uBkgYg) is NOT a 404 [known 404 with ID 359 uses 404 code] [Wed Feb 12 09:36:30 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn" at "http://localhost:9090/" [Wed Feb 12 09:36:30 2020 - debug] web_spider.discover(did="wKQcq2el",uri="http://localhost:9090/") took 9.05s to run [Wed Feb 12 09:36:30 2020 - debug] web_diff.discover(http://localhost:9090/, did=PoWJLtBs) [Wed Feb 12 09:36:30 2020 - debug] [web_diff] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:30 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn" [Wed Feb 12 09:36:30 2020 - debug] GET http://localhost:9090/gearsmanifest.json returned HTTP code "404" (id=369,from_cache=0,grep=1,rtt=0.12,did=7NouXT5W) [Wed Feb 12 09:36:30 2020 - debug] GET http://localhost:9090/offlinemanifest.txt returned HTTP code "404" (id=363,from_cache=0,grep=1,rtt=0.08,did=G5080n4F) [Wed Feb 12 09:36:30 2020 - debug] GET http://localhost:9090/r57.php returned HTTP code "404" (id=362,from_cache=0,grep=1,rtt=0.05,did=PJKbi9Ql) [Wed Feb 12 09:36:30 2020 - debug] GET http://localhost:9090/locus.php returned HTTP code "404" (id=365,from_cache=0,grep=1,rtt=0.28,did=5WMuJtnV) [Wed Feb 12 09:36:30 2020 - debug] GET http://localhost:9090/c99shell.php returned HTTP code "404" (id=367,from_cache=0,grep=1,rtt=0.41,did=7w9rUkpz) [Wed Feb 12 09:36:30 2020 - debug] GET http://localhost:9090/stresbypass.php returned HTTP code "404" (id=368,from_cache=0,grep=1,rtt=0.07,did=ay6nBLCV) [Wed Feb 12 09:36:30 2020 - debug] localhost:9090 connection pool stats (free:47 / in_use:3 / max:50 / total:50) [Wed Feb 12 09:36:30 2020 - debug] Connections with more in use time: (859514ff2302e122, 0.20 sec) (f48c7d0502b1c449, 0.04 sec) (8e309178b5b40c35, 0.00 sec) [Wed Feb 12 09:36:30 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn" [Wed Feb 12 09:36:30 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn" [Wed Feb 12 09:36:30 2020 - debug] GET http://localhost:9090/wp-login.php returned HTTP code "404" (id=371,from_cache=1,grep=1,rtt=0.18,did=zkIoMCM2) [Wed Feb 12 09:36:30 2020 - debug] wordpress_enumerate_users.discover(did="H0d783y7",uri="http://localhost:9090/") took 0.59s to run [Wed Feb 12 09:36:30 2020 - debug] dwsync_xml.discover(http://localhost:9090/, did=h9FfD8t3) [Wed Feb 12 09:36:30 2020 - debug] [dwsync_xml] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:30 2020 - debug] GET http://localhost:9090/backupsql.php returned HTTP code "404" (id=370,from_cache=0,grep=1,rtt=0.19,did=NYFKeBpg) [Wed Feb 12 09:36:30 2020 - debug] PROPFIND http://localhost:9090/ returned HTTP code "404" (id=374,from_cache=0,grep=1,rtt=0.05,did=pZtgbnQn) [Wed Feb 12 09:36:30 2020 - debug] GET http://localhost:9090/PHANTASMA.php returned HTTP code "404" (id=373,from_cache=0,grep=1,rtt=0.30,did=QumCe23X) [Wed Feb 12 09:36:30 2020 - debug] GET http://localhost:9090/w4k.php returned HTTP code "404" (id=380,from_cache=0,grep=1,rtt=0.13,did=ZfHT2dpx) [Wed Feb 12 09:36:30 2020 - debug] GET http://localhost:9090/sosyete.php returned HTTP code "404" (id=377,from_cache=0,grep=1,rtt=0.04,did=u9AQjWa5) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/liz0zim.php returned HTTP code "404" (id=378,from_cache=0,grep=1,rtt=0.12,did=paOdRJSF) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/zaco.php returned HTTP code "404" (id=372,from_cache=0,grep=1,rtt=0.05,did=HoAW86en) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/heykir.php returned HTTP code "404" (id=375,from_cache=0,grep=1,rtt=0.15,did=Bd5CzZCH) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/avent.php returned HTTP code "404" (id=381,from_cache=0,grep=1,rtt=0.18,did=GG8qbZVx) [Wed Feb 12 09:36:31 2020 - debug] pykto.discover(http://localhost:9090/, did=oflILjS2) [Wed Feb 12 09:36:31 2020 - debug] [pykto] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/dx.php returned HTTP code "404" (id=379,from_cache=0,grep=1,rtt=0.14,did=WhOtdR5W) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/w4cking.php returned HTTP code "404" (id=386,from_cache=0,grep=1,rtt=0.23,did=8BWFK9xH) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/xx.php returned HTTP code "404" (id=376,from_cache=1,grep=1,rtt=0.48,did=09Gbi0nC) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/mysql2.php returned HTTP code "404" (id=384,from_cache=0,grep=1,rtt=0.14,did=cCM0rXbF) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/spybypass.php returned HTTP code "404" (id=382,from_cache=0,grep=1,rtt=0.20,did=DXUagZ94) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/PHPRemoteView.php returned HTTP code "404" (id=383,from_cache=0,grep=1,rtt=0.24,did=xoI4LONX) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/safemod.php returned HTTP code "404" (id=388,from_cache=0,grep=1,rtt=0.15,did=xkdAmPPl) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/nshell.php returned HTTP code "404" (id=385,from_cache=0,grep=1,rtt=0.18,did=h6eLf6Bf) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/locus7s.php returned HTTP code "404" (id=391,from_cache=0,grep=1,rtt=0.29,did=uJQ6b7ko) [Wed Feb 12 09:36:31 2020 - debug] detailed.has_active_session() and detailed.login() [Wed Feb 12 09:36:31 2020 - debug] localhost:9090 connection pool stats (free:45 / in_use:6 / max:50 / total:51) [Wed Feb 12 09:36:31 2020 - debug] Connections with more in use time: (859514ff2302e122, 0.17 sec) (2209cc403a0c5f20, 0.16 sec) (60c911515a0e8ec0, 0.12 sec) (ee57bf4e9093aa89, 0.09 sec) (cd9918a2d17819fb, 0.05 sec) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/jackal.php returned HTTP code "404" (id=387,from_cache=0,grep=1,rtt=0.20,did=xsJ4pmZt) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/w3k.php returned HTTP code "404" (id=392,from_cache=0,grep=1,rtt=0.12,did=AyMK1wdz) [Wed Feb 12 09:36:31 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=41 returned HTTP code "200" (id=389,from_cache=0,grep=0,rtt=0.71,did=EGK69W71) [Wed Feb 12 09:36:31 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: D6Xw7iBP) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/pHpINJ.php returned HTTP code "404" (id=390,from_cache=0,grep=1,rtt=0.25,did=DHyKOkaZ) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/c100.php returned HTTP code "404" (id=395,from_cache=0,grep=1,rtt=0.13,did=ysvYMG26) [Wed Feb 12 09:36:31 2020 - debug] Will increase timeout to 4.83 seconds after HTTP socket error (did:e1kkAPtp) [Wed Feb 12 09:36:31 2020 - debug] Updating socket timeout for localhost from 4.39 to 4.83 seconds [Wed Feb 12 09:36:31 2020 - debug] Raising HTTP error "SPACEJUMP" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:e1kkAPtp). [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/simple_cmd.php returned HTTP code "404" (id=394,from_cache=0,grep=1,rtt=0.09,did=GFuO0pv4) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/safe0ver.php returned HTTP code "404" (id=393,from_cache=0,grep=1,rtt=0.10,did=okE13GFF) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/cod3rz.php returned HTTP code "404" (id=399,from_cache=0,grep=1,rtt=0.22,did=oaRAq18G) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/cod3r.php returned HTTP code "404" (id=396,from_cache=0,grep=1,rtt=0.21,did=xL1VmFp6) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/php-include-w-shell.php returned HTTP code "404" (id=397,from_cache=0,grep=1,rtt=0.08,did=PzGX7TOd) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/h4x0r.php returned HTTP code "404" (id=398,from_cache=0,grep=1,rtt=0.13,did=IXhC0WF3) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/filesInCache.txt returned HTTP code "404" (id=300,from_cache=0,grep=1,rtt=0.29,did=aCezj2Cp) [Wed Feb 12 09:36:31 2020 - debug] Updating socket timeout for localhost from 4.83 to 3.00 seconds [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/locu.php returned HTTP code "404" (id=402,from_cache=0,grep=1,rtt=0.44,did=ncfFI0uq) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/worm.php returned HTTP code "404" (id=405,from_cache=0,grep=1,rtt=0.24,did=JDgsiqsT) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/simattacker.php returned HTTP code "404" (id=401,from_cache=0,grep=1,rtt=0.18,did=lRnuIcze) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/erne.php returned HTTP code "404" (id=409,from_cache=0,grep=1,rtt=0.41,did=y7256Ji9) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/remview.php returned HTTP code "404" (id=410,from_cache=0,grep=1,rtt=0.26,did=ulSGwt6r) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/ekin0x.php returned HTTP code "404" (id=411,from_cache=0,grep=1,rtt=0.41,did=xkXJUDfL) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/nst.php returned HTTP code "404" (id=404,from_cache=0,grep=1,rtt=0.15,did=MhxFL1ox) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=407,from_cache=0,grep=0,rtt=0.22,did=D6Xw7iBP) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/myshell.php returned HTTP code "404" (id=414,from_cache=0,grep=1,rtt=0.22,did=JSfazhL1) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/owned.php returned HTTP code "404" (id=408,from_cache=0,grep=1,rtt=0.18,did=4kAqNVMc) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/winshell.php returned HTTP code "404" (id=406,from_cache=0,grep=1,rtt=0.19,did=RSfURl8t) [Wed Feb 12 09:36:31 2020 - debug] GET http://localhost:9090/phpbypass.php returned HTTP code "404" (id=415,from_cache=0,grep=1,rtt=0.18,did=POIJIvN6) [Wed Feb 12 09:36:32 2020 - debug] GET https://raw.githubusercontent.com/vulnersCom/detect-rules/master/rules.json returned HTTP code "200" (id=403,from_cache=0,grep=1,rtt=16.50,did=q0uut9Zh) [Wed Feb 12 09:36:32 2020 - debug] GET http://localhost:9090/x.php returned HTTP code "404" (id=413,from_cache=1,grep=1,rtt=0.67,did=FrQE9012) [Wed Feb 12 09:36:32 2020 - debug] GET http://localhost:9090/perlcmd.cgi returned HTTP code "404" (id=417,from_cache=0,grep=1,rtt=0.11,did=sZr3B6ez) [Wed Feb 12 09:36:32 2020 - debug] [auth.detailed] User "admin" is currently logged into the application (did: D6Xw7iBP) [Wed Feb 12 09:36:32 2020 - debug] detailed._login() took 0.98s to run [Wed Feb 12 09:36:32 2020 - debug] GET http://localhost:9090/fatal.php returned HTTP code "404" (id=416,from_cache=0,grep=1,rtt=0.30,did=P9kfskmF) [Wed Feb 12 09:36:32 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 238, 'reject-seen-url': 39, 'reject-out-of-scope': 5, 'accept': 43} [Wed Feb 12 09:36:32 2020 - debug] GET http://localhost:9090/xxx.php returned HTTP code "404" (id=412,from_cache=1,grep=1,rtt=0.15,did=Qy6uSDHN) [Wed Feb 12 09:36:32 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 238, 'reject-seen-url': 39, 'reject-out-of-scope': 5, 'accept': 43} [Wed Feb 12 09:36:32 2020 - debug] GET http://localhost:9090/sql.php returned HTTP code "404" (id=418,from_cache=0,grep=1,rtt=0.10,did=Xwi1cPy8) [Wed Feb 12 09:36:32 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 238, 'reject-seen-url': 39, 'reject-out-of-scope': 5, 'accept': 43} [Wed Feb 12 09:36:32 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=419,from_cache=0,grep=0,rtt=0.14,did=YxBaSPLr) [Wed Feb 12 09:36:32 2020 - debug] file_upload.audit(did="jjmCwnRz", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:32 2020 - debug] file_upload.audit(did="jjmCwnRz",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:32 2020 - debug] SUBSCRIBE http://localhost:9090/ returned HTTP code "404" (id=420,from_cache=0,grep=1,rtt=0.17,did=S9yJpfcR) [Wed Feb 12 09:36:32 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 238, 'reject-seen-url': 39, 'reject-out-of-scope': 5, 'accept': 43} [Wed Feb 12 09:36:32 2020 - debug] GET http://localhost:9090/shell.pl returned HTTP code "404" (id=421,from_cache=0,grep=1,rtt=0.13,did=OzC1pbGU) [Wed Feb 12 09:36:32 2020 - debug] GET http://localhost:9090/shell.cgi returned HTTP code "404" (id=422,from_cache=0,grep=1,rtt=0.05,did=6LWo9xnO) [Wed Feb 12 09:36:32 2020 - debug] csrf.audit(did="mItJwN62", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:32 2020 - debug] csrf.audit(did="mItJwN62",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:32 2020 - debug] GET http://localhost:9090/dc.php returned HTTP code "404" (id=423,from_cache=0,grep=1,rtt=0.16,did=GYoPbT32) [Wed Feb 12 09:36:32 2020 - debug] localhost:9090 connection pool stats (free:48 / in_use:3 / max:50 / total:51) [Wed Feb 12 09:36:32 2020 - debug] Connections with more in use time: (859514ff2302e122, 0.10 sec) (f48c7d0502b1c449, 0.10 sec) (8e309178b5b40c35, 0.08 sec) [Wed Feb 12 09:36:32 2020 - debug] deserialization.audit(did="L1j6rOTX", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:32 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:32 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 12. [Wed Feb 12 09:36:32 2020 - debug] GET http://localhost:9090/cmdjsp.jsp returned HTTP code "404" (id=424,from_cache=0,grep=1,rtt=0.16,did=T5ZNtV5K) [Wed Feb 12 09:36:32 2020 - debug] deserialization.audit(did="L1j6rOTX",uri="http://localhost:9090/learn") took 0.02s to run [Wed Feb 12 09:36:33 2020 - debug] os_commanding.audit(did="O4PPzuft", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:33 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:33 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:33 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:O4PPzuft) [Wed Feb 12 09:36:33 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/locus.php returned HTTP code "404" (id=428,from_cache=1,grep=1,rtt=0.28,did=ifpf8ibY) [Wed Feb 12 09:36:33 2020 - debug] LOCK http://localhost:9090/ returned HTTP code "404" (id=425,from_cache=0,grep=1,rtt=0.19,did=w4HKYauL) [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/JspWebshell1.2.jsp returned HTTP code "404" (id=427,from_cache=0,grep=1,rtt=0.20,did=AwB6hf1l) [Wed Feb 12 09:36:33 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 13. [Wed Feb 12 09:36:33 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:33 2020 - debug] lfi.audit(did="RHEy5TiZ", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:33 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:33 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:RHEy5TiZ) [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/h4x.php returned HTTP code "404" (id=426,from_cache=0,grep=1,rtt=0.12,did=7LlmbMjC) [Wed Feb 12 09:36:33 2020 - debug] os_commanding.audit(did="O4PPzuft",uri="http://localhost:9090/learn") took 0.29s to run [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/0wn3d.php returned HTTP code "404" (id=430,from_cache=0,grep=1,rtt=0.09,did=Dof040zt) [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/JspWebshell.jspx returned HTTP code "404" (id=432,from_cache=0,grep=1,rtt=0.09,did=1wOMYD46) [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/site-manifest.gears returned HTTP code "404" (id=433,from_cache=0,grep=1,rtt=0.20,did=H4KFeUf4) [Wed Feb 12 09:36:33 2020 - debug] lfi.audit(did="RHEy5TiZ",uri="http://localhost:9090/learn") took 0.07s to run [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/jsp-reverse.jspx returned HTTP code "404" (id=431,from_cache=0,grep=1,rtt=0.19,did=IxHTmtjp) [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/shell.jspx returned HTTP code "404" (id=434,from_cache=0,grep=1,rtt=0.20,did=KubxFyu4) [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/cod3rzshell.php returned HTTP code "404" (id=437,from_cache=0,grep=1,rtt=0.39,did=bppJp6dc) [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/cmd_win32.jsp returned HTTP code "404" (id=440,from_cache=0,grep=1,rtt=0.34,did=w321K9MV) [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/unreal.php returned HTTP code "404" (id=429,from_cache=0,grep=1,rtt=0.10,did=2YSn7M6H) [Wed Feb 12 09:36:33 2020 - debug] sqli.audit(did="CB4Xh7Bf", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:33 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:33 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:CB4Xh7Bf) [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/l33t.php returned HTTP code "404" (id=435,from_cache=0,grep=1,rtt=0.32,did=rGtD4Bum) [Wed Feb 12 09:36:33 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 14. [Wed Feb 12 09:36:33 2020 - debug] blind_sqli.audit(did="PnHNu94r", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:33 2020 - debug] sqli.audit(did="CB4Xh7Bf",uri="http://localhost:9090/learn") took 0.06s to run [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/cmd.jspx returned HTTP code "404" (id=438,from_cache=0,grep=1,rtt=0.46,did=n8JiGtwJ) [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/servlet/cmdServlet returned HTTP code "404" (id=436,from_cache=0,grep=1,rtt=0.08,did=NDRVZBuV) [Wed Feb 12 09:36:33 2020 - debug] phishing_vector.audit(did="7S1hFivL", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:33 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:33 2020 - debug] GET http://localhost:9090/simp-worm_sys.p5.php returned HTTP code "404" (id=439,from_cache=0,grep=1,rtt=0.12,did=1keiNQkW) [Wed Feb 12 09:36:33 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 15. [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/jsback.php returned HTTP code "404" (id=445,from_cache=0,grep=1,rtt=0.17,did=V65KM2qA) [Wed Feb 12 09:36:34 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:34 2020 - debug] generic.audit(did="SUt01QIA", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/cmd_win32.jsp returned HTTP code "404" (id=442,from_cache=0,grep=1,rtt=0.32,did=uQ043Y77) [Wed Feb 12 09:36:34 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:34 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:7S1hFivL) [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/UpServlet returned HTTP code "404" (id=446,from_cache=0,grep=1,rtt=0.36,did=qPaPZM6i) [Wed Feb 12 09:36:34 2020 - debug] blind_sqli.audit(did="PnHNu94r",uri="http://localhost:9090/learn") took 0.25s to run [Wed Feb 12 09:36:34 2020 - debug] Will increase timeout to 3.30 seconds after HTTP socket error (did:l59WiXpU) [Wed Feb 12 09:36:34 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.30 seconds [Wed Feb 12 09:36:34 2020 - debug] Raising HTTP error "MKDIR" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:l59WiXpU). [Wed Feb 12 09:36:34 2020 - debug] Finished audit.phishing_vector (did=7S1hFivL) [Wed Feb 12 09:36:34 2020 - debug] phishing_vector.audit(did="7S1hFivL",uri="http://localhost:9090/learn") took 0.15s to run [Wed Feb 12 09:36:34 2020 - debug] format_string.audit(did="1fFO1rVH", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:34 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:1fFO1rVH) [Wed Feb 12 09:36:34 2020 - debug] websocket_hijacking.audit(did="fhUQxLle", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] shell_shock.audit(did="QVLGzKv1", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] format_string.audit(did="1fFO1rVH",uri="http://localhost:9090/learn") took 0.05s to run [Wed Feb 12 09:36:34 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=51 returned HTTP code "200" (id=443,from_cache=0,grep=0,rtt=0.80,did=wLwG7Ov2) [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/cmd.cgi returned HTTP code "404" (id=444,from_cache=0,grep=1,rtt=0.16,did=r56eMCXe) [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/cmdServlet returned HTTP code "404" (id=441,from_cache=0,grep=1,rtt=0.33,did=gnOHxQKG) [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/cmd.asp returned HTTP code "404" (id=447,from_cache=0,grep=1,rtt=0.31,did=prF86v5z) [Wed Feb 12 09:36:34 2020 - debug] memcachei.audit(did="OZ0tw0i6", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:34 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:OZ0tw0i6) [Wed Feb 12 09:36:34 2020 - debug] memcachei.audit(did="OZ0tw0i6",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:34 2020 - debug] generic.audit(did="SUt01QIA",uri="http://localhost:9090/learn") took 0.33s to run [Wed Feb 12 09:36:34 2020 - debug] un_ssl.audit(did="NoWWjhHi", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] un_ssl.audit(did="NoWWjhHi",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:34 2020 - debug] localhost:9090 connection pool stats (free:48 / in_use:2 / max:50 / total:50) [Wed Feb 12 09:36:34 2020 - debug] Connections with more in use time: (b3e6f2b4bc2d284d, 0.01 sec) (8e309178b5b40c35, 0.00 sec) [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/fso.asp returned HTTP code "404" (id=449,from_cache=0,grep=1,rtt=0.15,did=QUjmWWGK) [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/ntdaddy.aspx returned HTTP code "404" (id=450,from_cache=0,grep=1,rtt=0.22,did=K9mFNvkB) [Wed Feb 12 09:36:34 2020 - vulnerability] An HTTP response matching the web backdoor signature "cmd.jsp" was found at: "http://localhost:9090/cmd.jspx"; this could indicate that the server has been compromised. This vulnerability was found in the request with id 438. [Wed Feb 12 09:36:34 2020 - debug] Will increase timeout to 3.63 seconds after HTTP socket error (did:zr8KusXP) [Wed Feb 12 09:36:34 2020 - debug] Updating socket timeout for localhost from 3.30 to 3.63 seconds [Wed Feb 12 09:36:34 2020 - debug] Raising HTTP error "INVALID" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:zr8KusXP). [Wed Feb 12 09:36:34 2020 - debug] websocket_hijacking.audit(did="fhUQxLle",uri="http://localhost:9090/learn") took 0.37s to run [Wed Feb 12 09:36:34 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/cmd.jspx" [Wed Feb 12 09:36:34 2020 - debug] ldapi.audit(did="TUQR8jjY", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:34 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:TUQR8jjY) [Wed Feb 12 09:36:34 2020 - debug] ldapi.audit(did="TUQR8jjY",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/cmdasp.asp returned HTTP code "404" (id=448,from_cache=0,grep=1,rtt=0.18,did=7N4Oeihi) [Wed Feb 12 09:36:34 2020 - debug] buffer_overflow.audit(did="6XkUbeCP", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:34 2020 - debug] buffer_overflow.audit(did="6XkUbeCP",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:34 2020 - debug] redos.audit(did="urNY93l4", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/cmd.mspx returned HTTP code "404" (id=452,from_cache=0,grep=1,rtt=0.32,did=CaAbvZY9) [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/zehir4.asp returned HTTP code "404" (id=451,from_cache=0,grep=1,rtt=0.32,did=YcBE9aHr) [Wed Feb 12 09:36:34 2020 - debug] global_redirect.audit(did="0u2Yo4k3", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:34 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:0u2Yo4k3) [Wed Feb 12 09:36:34 2020 - debug] xpath.audit(did="ZjSusM9G", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:34 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:ZjSusM9G) [Wed Feb 12 09:36:34 2020 - debug] xpath.audit(did="ZjSusM9G",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:34 2020 - debug] Will increase timeout to 3.99 seconds after HTTP socket error (did:PEDz7vP4) [Wed Feb 12 09:36:34 2020 - debug] Updating socket timeout for localhost from 3.63 to 3.99 seconds [Wed Feb 12 09:36:34 2020 - debug] Raising HTTP error "UNCHECKOUT" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:PEDz7vP4). [Wed Feb 12 09:36:34 2020 - debug] cors_origin.audit(did="gieLmh8d", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/aspydrv.asp returned HTTP code "404" (id=455,from_cache=0,grep=1,rtt=0.06,did=5Ap24hqR) [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/JspWebshell1.2.jspx returned HTTP code "404" (id=456,from_cache=0,grep=1,rtt=0.10,did=vF7MA5H9) [Wed Feb 12 09:36:34 2020 - debug] htaccess_methods.audit(did="n3ab8gR8", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/site_manifest.gears returned HTTP code "404" (id=457,from_cache=0,grep=1,rtt=0.12,did=dKNT1wBS) [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/fso.aspx returned HTTP code "404" (id=464,from_cache=0,grep=1,rtt=0.15,did=96inFdoa) [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/zehir4.mspx returned HTTP code "404" (id=458,from_cache=0,grep=1,rtt=0.13,did=gZ589MHE) [Wed Feb 12 09:36:34 2020 - debug] GET http://localhost:9090/JspWebshell.jsp returned HTTP code "404" (id=462,from_cache=0,grep=1,rtt=0.14,did=hII3uCB9) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/fso.mspx returned HTTP code "404" (id=465,from_cache=0,grep=1,rtt=0.08,did=0YxjO48C) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=454,from_cache=0,grep=1,rtt=0.17,did=R3j0fpzn) [Wed Feb 12 09:36:35 2020 - debug] dav.audit(did="fxWl3s4W", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/cmd.pl returned HTTP code "404" (id=461,from_cache=0,grep=1,rtt=0.19,did=r2GBcnF2) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/cmd.aspx returned HTTP code "404" (id=453,from_cache=0,grep=1,rtt=0.15,did=s57ROWWC) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/CmdServlet returned HTTP code "404" (id=463,from_cache=0,grep=1,rtt=0.08,did=kZhLSn2a) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/zehir4.aspx returned HTTP code "404" (id=460,from_cache=0,grep=1,rtt=0.10,did=DEJwDqAd) [Wed Feb 12 09:36:35 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 16. [Wed Feb 12 09:36:35 2020 - debug] Will increase timeout to 4.39 seconds after HTTP socket error (did:wIGfKpwF) [Wed Feb 12 09:36:35 2020 - debug] Updating socket timeout for localhost from 3.99 to 4.39 seconds [Wed Feb 12 09:36:35 2020 - debug] Raising HTTP error "MKWORKSPACE" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:wIGfKpwF). [Wed Feb 12 09:36:35 2020 - debug] ssi.audit(did="sJkre3Hf", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] dav.audit(did="fxWl3s4W",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/browser.jsp returned HTTP code "404" (id=459,from_cache=0,grep=1,rtt=0.11,did=7zPpSrze) [Wed Feb 12 09:36:35 2020 - debug] localhost:9090 connection pool stats (free:43 / in_use:7 / max:50 / total:50) [Wed Feb 12 09:36:35 2020 - debug] Connections with more in use time: (510958b4bb1ade75, 0.18 sec) (60c911515a0e8ec0, 0.18 sec) (ee57bf4e9093aa89, 0.17 sec) (c8b9d551939e41be, 0.17 sec) (c184bfcf8e3861b7, 0.17 sec) [Wed Feb 12 09:36:35 2020 - debug] ria_enumerator.discover(did="6oxXsePs",uri="http://localhost:9090/") took 18.73s to run [Wed Feb 12 09:36:35 2020 - debug] xxe.audit(did="nONoTKC2", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/shell.jsp returned HTTP code "404" (id=466,from_cache=0,grep=1,rtt=0.11,did=DMiJ6Uyu) [Wed Feb 12 09:36:35 2020 - debug] wordpress_fullpathdisclosure.discover(http://localhost:9090/, did=P20Zanwu) [Wed Feb 12 09:36:35 2020 - debug] [wordpress_fullpathdisclosure] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:35 2020 - debug] eval.audit(did="SvjJM2O8", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:35 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:SvjJM2O8) [Wed Feb 12 09:36:35 2020 - debug] xxe.audit(did="nONoTKC2",uri="http://localhost:9090/learn") took 0.11s to run [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/kshell.aspx returned HTTP code "404" (id=471,from_cache=0,grep=1,rtt=0.20,did=Y1me00ns) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/servlet/CmdServlet returned HTTP code "404" (id=469,from_cache=0,grep=1,rtt=0.14,did=bNvDGXqN) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/up_win32.jsp returned HTTP code "404" (id=472,from_cache=0,grep=1,rtt=0.23,did=VkPtrpKZ) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/cmd.cfm returned HTTP code "404" (id=473,from_cache=0,grep=1,rtt=0.26,did=nkiXHO1G) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=468,from_cache=0,grep=1,rtt=0.20,did=gieLmh8d) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/shell.aspx returned HTTP code "404" (id=474,from_cache=0,grep=1,rtt=0.12,did=ohk3EvpQ) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=470,from_cache=0,grep=1,rtt=0.20,did=QVLGzKv1) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/kacak.aspx returned HTTP code "404" (id=477,from_cache=0,grep=1,rtt=0.38,did=BxHUHL5n) [Wed Feb 12 09:36:35 2020 - vulnerability] An HTTP response matching the web backdoor signature "cmd.jsp" was found at: "http://localhost:9090/cmd.jsp"; this could indicate that the server has been compromised. This vulnerability was found in the request with id 454. [Wed Feb 12 09:36:35 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:35 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/cmd.jspx" [Wed Feb 12 09:36:35 2020 - information] New URL found by find_backdoors plugin: "http://localhost:9090/cmd.jspx" [Wed Feb 12 09:36:35 2020 - debug] Updating socket timeout for localhost from 4.39 to 3.00 seconds [Wed Feb 12 09:36:35 2020 - debug] rosetta_flash.audit(did="Ov7Kj2S5", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] rosetta_flash.audit(did="Ov7Kj2S5",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:35 2020 - debug] eval.audit(did="SvjJM2O8",uri="http://localhost:9090/learn") took 0.25s to run [Wed Feb 12 09:36:35 2020 - debug] MERGE http://localhost:9090/ returned HTTP code "404" (id=476,from_cache=0,grep=1,rtt=0.27,did=gcBEsu5m) [Wed Feb 12 09:36:35 2020 - debug] xss.audit(did="vpuaxdDC", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:35 2020 - debug] xss.audit(did="vpuaxdDC",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:35 2020 - debug] xst.audit(did="TPeeIhQr", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] xst.audit(did="TPeeIhQr",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:35 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:35 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:sJkre3Hf) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/aspydrv.mspx returned HTTP code "404" (id=467,from_cache=0,grep=1,rtt=0.11,did=oDFAYy71) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/rhtools.asp returned HTTP code "404" (id=478,from_cache=0,grep=1,rtt=0.04,did=nm3ldA3K) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/cmd_win32.jspx returned HTTP code "404" (id=475,from_cache=0,grep=1,rtt=0.11,did=As6hB8vN) [Wed Feb 12 09:36:35 2020 - debug] ssi.audit(did="sJkre3Hf",uri="http://localhost:9090/learn") took 0.78s to run [Wed Feb 12 09:36:35 2020 - debug] ssl_certificate.audit(did="4N37KaTS", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] ssl_certificate.audit(did="4N37KaTS",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:35 2020 - debug] global_redirect.audit(did="0u2Yo4k3",uri="http://localhost:9090/learn") took 1.19s to run [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=480,from_cache=0,grep=1,rtt=0.16,did=uoavRUdv) [Wed Feb 12 09:36:35 2020 - debug] htaccess_methods.audit(did="n3ab8gR8",uri="http://localhost:9090/learn") took 1.14s to run [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/cmd-asp-5.1.asp returned HTTP code "404" (id=479,from_cache=0,grep=1,rtt=0.17,did=8CdoXone) [Wed Feb 12 09:36:35 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 294, 'reject-seen-url': 46, 'reject-out-of-scope': 5, 'accept': 55} [Wed Feb 12 09:36:35 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 17. [Wed Feb 12 09:36:35 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/kacak.asp returned HTTP code "404" (id=481,from_cache=0,grep=1,rtt=0.45,did=zydEJspn) [Wed Feb 12 09:36:35 2020 - debug] redos.audit(did="urNY93l4",uri="http://localhost:9090/learn") took 1.43s to run [Wed Feb 12 09:36:35 2020 - debug] preg_replace.audit(did="QpuUtYnP", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:35 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:QpuUtYnP) [Wed Feb 12 09:36:35 2020 - debug] mx_injection.audit(did="Vs8f6sxK", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:35 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:Vs8f6sxK) [Wed Feb 12 09:36:35 2020 - debug] mx_injection.audit(did="Vs8f6sxK",uri="http://localhost:9090/learn") took 0.01s to run [Wed Feb 12 09:36:35 2020 - debug] response_splitting.audit(did="hlMnMGl1", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:35 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:hlMnMGl1) [Wed Feb 12 09:36:35 2020 - debug] UNLOCK http://localhost:9090/ returned HTTP code "404" (id=482,from_cache=0,grep=1,rtt=0.07,did=C3kEB5uV) [Wed Feb 12 09:36:35 2020 - debug] response_splitting.audit(did="hlMnMGl1",uri="http://localhost:9090/learn") took 0.05s to run [Wed Feb 12 09:36:35 2020 - debug] preg_replace.audit(did="QpuUtYnP",uri="http://localhost:9090/learn") took 0.15s to run [Wed Feb 12 09:36:35 2020 - debug] rfd.audit(did="uKnHn1J7", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] URL "http://localhost:9090/learn" is not vulnerable to RFD because response content-type is "text/html" and content-disposition header is missing, response id 419 [Wed Feb 12 09:36:35 2020 - debug] rfd.audit(did="uKnHn1J7",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:35 2020 - debug] localhost:9090 connection pool stats (free:42 / in_use:8 / max:50 / total:50) [Wed Feb 12 09:36:35 2020 - debug] Connections with more in use time: (510958b4bb1ade75, 0.33 sec) (c8b9d551939e41be, 0.23 sec) (860a12f8d23ea2d9, 0.22 sec) (7a65d701500055b3, 0.22 sec) (2209cc403a0c5f20, 0.06 sec) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/rhtools.aspx returned HTTP code "404" (id=486,from_cache=0,grep=1,rtt=0.17,did=U44f8ueS) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/kshell.asp returned HTTP code "404" (id=485,from_cache=0,grep=1,rtt=0.09,did=mjFFdxVA) [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/shell.mspx returned HTTP code "404" (id=487,from_cache=0,grep=1,rtt=0.10,did=xSQOYr2S) [Wed Feb 12 09:36:35 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:35 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 18. [Wed Feb 12 09:36:35 2020 - debug] rfi.audit(did="PZDJadGq", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:35 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:PZDJadGq) [Wed Feb 12 09:36:35 2020 - debug] frontpage.audit(did="B8EcaTJy", uri="http://localhost:9090/learn") [Wed Feb 12 09:36:35 2020 - debug] GET http://localhost:9090/jsp-reverse.jsp returned HTTP code "404" (id=490,from_cache=0,grep=1,rtt=0.17,did=pM5zYhOM) [Wed Feb 12 09:36:35 2020 - debug] RFI using local web server for URL: http://localhost:9090/learn [Wed Feb 12 09:36:36 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=61 returned HTTP code "200" (id=484,from_cache=0,grep=0,rtt=0.72,did=ToLkH5pC) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/shell.cfm returned HTTP code "404" (id=483,from_cache=0,grep=1,rtt=0.09,did=We6RqMBJ) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/shell.nsf returned HTTP code "404" (id=488,from_cache=0,grep=1,rtt=0.15,did=fQnRKhhf) [Wed Feb 12 09:36:36 2020 - debug] frontpage.audit(did="B8EcaTJy",uri="http://localhost:9090/learn") took 0.10s to run [Wed Feb 12 09:36:36 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:36 2020 - information] New URL found by find_backdoors plugin: "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/cmd.GPL returned HTTP code "404" (id=489,from_cache=0,grep=1,rtt=0.16,did=AP0BEiDl) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/ntdaddy.asp returned HTTP code "404" (id=492,from_cache=0,grep=1,rtt=0.25,did=CfZKMhff) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/rhtools.mspx returned HTTP code "404" (id=493,from_cache=0,grep=1,rtt=0.36,did=z1hWZmFl) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/netcat.exe returned HTTP code "404" (id=495,from_cache=0,grep=1,rtt=0.04,did=vua1fQgw) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/shell.js returned HTTP code "404" (id=498,from_cache=0,grep=1,rtt=0.34,did=EiCd3Sqh) [Wed Feb 12 09:36:36 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 19. [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/cmd.nsf returned HTTP code "404" (id=494,from_cache=0,grep=1,rtt=0.12,did=QHxZ6a6x) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/kacak.mspx returned HTTP code "404" (id=499,from_cache=0,grep=1,rtt=0.02,did=0JcXpSzy) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/shell.GPL returned HTTP code "404" (id=496,from_cache=0,grep=1,rtt=0.14,did=Y6v4qNR6) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/up.sh returned HTTP code "404" (id=491,from_cache=0,grep=1,rtt=0.15,did=Haxv8Jo4) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/aspydrv.aspx returned HTTP code "404" (id=497,from_cache=0,grep=1,rtt=0.35,did=m23OnJKR) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/shell.py returned HTTP code "404" (id=502,from_cache=0,grep=1,rtt=0.20,did=D4iQcS4w) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/cmd.sh returned HTTP code "404" (id=504,from_cache=0,grep=1,rtt=0.05,did=3jsQdaCB) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/cmd.py returned HTTP code "404" (id=501,from_cache=0,grep=1,rtt=0.20,did=Dbli1GTB) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/exploit.c returned HTTP code "404" (id=503,from_cache=0,grep=1,rtt=0.26,did=S2u4zjpM) [Wed Feb 12 09:36:36 2020 - debug] PROPPATCH http://localhost:9090/ returned HTTP code "404" (id=505,from_cache=0,grep=1,rtt=0.08,did=LGn0pIQB) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/kshell.mspx returned HTTP code "404" (id=500,from_cache=0,grep=1,rtt=0.21,did=tEg1CP6c) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/wp-login.php returned HTTP code "404" (id=506,from_cache=1,grep=1,rtt=0.18,did=xdCMZZ5r) [Wed Feb 12 09:36:36 2020 - debug] wordpress_fullpathdisclosure.discover(did="P20Zanwu",uri="http://localhost:9090/") took 1.57s to run [Wed Feb 12 09:36:36 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 20. [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/cmd.pl returned HTTP code "404" (id=507,from_cache=1,grep=1,rtt=0.19,did=RhTViC0c) [Wed Feb 12 09:36:36 2020 - debug] GET http://localhost:9090/portal/page returned HTTP code "404" (id=510,from_cache=0,grep=1,rtt=0.17,did=OCSE1Nsn) [Wed Feb 12 09:36:36 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn" () [Wed Feb 12 09:36:36 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:PZDJadGq) [Wed Feb 12 09:36:37 2020 - debug] GET http://localhost:9090/reports/rwservlet/showenv returned HTTP code "404" (id=511,from_cache=0,grep=1,rtt=0.11,did=GfynDQoB) [Wed Feb 12 09:36:37 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 309, 'reject-seen-url': 50, 'reject-out-of-scope': 5, 'accept': 61} [Wed Feb 12 09:36:37 2020 - debug] rfi.audit(did="PZDJadGq",uri="http://localhost:9090/learn") took 0.69s to run [Wed Feb 12 09:36:37 2020 - debug] GET http://localhost:9090/cmdjsp.jspx returned HTTP code "404" (id=508,from_cache=0,grep=1,rtt=0.04,did=QyEaLopY) [Wed Feb 12 09:36:37 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 309, 'reject-seen-url': 50, 'reject-out-of-scope': 5, 'accept': 61} [Wed Feb 12 09:36:37 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 21. [Wed Feb 12 09:36:37 2020 - debug] GET http://localhost:9090/ListServlet returned HTTP code "404" (id=509,from_cache=0,grep=1,rtt=0.08,did=zSKcU93J) [Wed Feb 12 09:36:37 2020 - debug] Will increase timeout to 3.30 seconds after HTTP socket error (did:OgRVyRFG) [Wed Feb 12 09:36:37 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.30 seconds [Wed Feb 12 09:36:37 2020 - debug] Raising HTTP error "DEBUG" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:OgRVyRFG). [Wed Feb 12 09:36:37 2020 - debug] phishtank.discover(http://localhost:9090/, did=oGBZG4EY) [Wed Feb 12 09:36:37 2020 - debug] [phishtank] Crawling "http://localhost:9090/" [Wed Feb 12 09:36:37 2020 - debug] DNS response from DNS server for domain: localhost [Wed Feb 12 09:36:37 2020 - debug] GET http://localhost:9090/goonshell.php returned HTTP code "404" (id=400,from_cache=0,grep=1,rtt=0.23,did=EC04Yves) [Wed Feb 12 09:36:37 2020 - debug] GET http://localhost:9090/cmd.jspx returned HTTP code "404" (id=512,from_cache=0,grep=0,rtt=0.44,did=28XnT3Tn) [Wed Feb 12 09:36:37 2020 - debug] GET http://localhost:9090/cmdasp.aspx returned HTTP code "404" (id=514,from_cache=0,grep=1,rtt=0.06,did=UfNDatwC) [Wed Feb 12 09:36:37 2020 - debug] GET http://localhost:9090/shell.do returned HTTP code "404" (id=515,from_cache=0,grep=1,rtt=0.13,did=xSwfxtVV) [Wed Feb 12 09:36:37 2020 - debug] GET http://localhost:9090/?WSDL= returned HTTP code "302" (id=516,from_cache=0,grep=1,rtt=0.30,did=mXZnkJZ5) [Wed Feb 12 09:36:37 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 22. [Wed Feb 12 09:36:37 2020 - debug] file_upload.audit(did="isQewwIh", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:37 2020 - debug] file_upload.audit(did="isQewwIh",uri="http://localhost:9090/cmd.jspx") took 0.00s to run [Wed Feb 12 09:36:38 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=519,from_cache=0,grep=0,rtt=0.44,did=QVLGzKv1) [Wed Feb 12 09:36:38 2020 - debug] GET http://localhost:9090/?wsdl= returned HTTP code "302" (id=517,from_cache=0,grep=1,rtt=0.27,did=7ycMTfx1) [Wed Feb 12 09:36:38 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 23. [Wed Feb 12 09:36:38 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 24. [Wed Feb 12 09:36:38 2020 - debug] GET http://localhost:9090/ntdaddy.mspx returned HTTP code "404" (id=518,from_cache=0,grep=1,rtt=0.08,did=6WNhRMk7) [Wed Feb 12 09:36:38 2020 - debug] GET http://localhost:9090/_notes/dwsync.xml returned HTTP code "404" (id=513,from_cache=0,grep=1,rtt=0.16,did=CmyIUfSz) [Wed Feb 12 09:36:38 2020 - debug] GET http://localhost:9090/cmd.do returned HTTP code "404" (id=520,from_cache=0,grep=1,rtt=0.30,did=4jEsXBjm) [Wed Feb 12 09:36:38 2020 - debug] Will increase timeout to 3.63 seconds after HTTP socket error (did:kNJTZkYe) [Wed Feb 12 09:36:38 2020 - debug] Updating socket timeout for localhost from 3.30 to 3.63 seconds [Wed Feb 12 09:36:38 2020 - debug] Raising HTTP error "VERSION_CONTROL" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:kNJTZkYe). [Wed Feb 12 09:36:38 2020 - debug] GET http://localhost:9090/cmd.d2w returned HTTP code "404" (id=521,from_cache=0,grep=1,rtt=0.10,did=mmrSYyZa) [Wed Feb 12 09:36:38 2020 - debug] csrf.audit(did="ibLeJC9D", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:38 2020 - debug] csrf.audit(did="ibLeJC9D",uri="http://localhost:9090/cmd.jspx") took 0.00s to run [Wed Feb 12 09:36:38 2020 - debug] localhost:9090 connection pool stats (free:49 / in_use:0 / max:50 / total:49) [Wed Feb 12 09:36:38 2020 - debug] There are no connections marked as in use in the connection pool at this time [Wed Feb 12 09:36:38 2020 - debug] GET http://localhost:9090/shell.asp returned HTTP code "404" (id=522,from_cache=0,grep=1,rtt=0.20,did=wryy1XjX) [Wed Feb 12 09:36:38 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 25. [Wed Feb 12 09:36:38 2020 - debug] deserialization.audit(did="QOpBe9s9", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:38 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:38 2020 - debug] deserialization.audit(did="QOpBe9s9",uri="http://localhost:9090/cmd.jspx") took 0.01s to run [Wed Feb 12 09:36:38 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=523,from_cache=0,grep=1,rtt=0.19,did=gieLmh8d) [Wed Feb 12 09:36:39 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=525,from_cache=0,grep=0,rtt=0.10,did=QVLGzKv1) [Wed Feb 12 09:36:39 2020 - debug] os_commanding.audit(did="udn42CsB", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:udn42CsB) [Wed Feb 12 09:36:39 2020 - debug] cors_origin.audit(did="gieLmh8d",uri="http://localhost:9090/learn") took 3.11s to run (0.39s 12% sending HTTP requests) [Wed Feb 12 09:36:39 2020 - debug] GET http://localhost:9090/shell.show returned HTTP code "404" (id=524,from_cache=0,grep=1,rtt=0.25,did=MYDi9RJ3) [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] os_commanding.audit(did="udn42CsB",uri="http://localhost:9090/cmd.jspx") took 0.10s to run [Wed Feb 12 09:36:39 2020 - debug] lfi.audit(did="SfLfU2s7", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:SfLfU2s7) [Wed Feb 12 09:36:39 2020 - debug] sqli.audit(did="bo496qbK", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:bo496qbK) [Wed Feb 12 09:36:39 2020 - debug] detailed.has_active_session() and detailed.login() [Wed Feb 12 09:36:39 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: yH9YRVsV) [Wed Feb 12 09:36:39 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 26. [Wed Feb 12 09:36:39 2020 - debug] GET http://localhost:9090/cfexec.cfm returned HTTP code "404" (id=527,from_cache=0,grep=1,rtt=0.13,did=umSasOir) [Wed Feb 12 09:36:39 2020 - debug] GET http://localhost:9090/shell.d2w returned HTTP code "404" (id=528,from_cache=0,grep=1,rtt=0.10,did=StBAkF9G) [Wed Feb 12 09:36:39 2020 - debug] sqli.audit(did="bo496qbK",uri="http://localhost:9090/cmd.jspx") took 0.06s to run [Wed Feb 12 09:36:39 2020 - debug] blind_sqli.audit(did="oxVMavar", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] POST http://localhost:9090/ returned HTTP code "404" (id=529,from_cache=0,grep=1,rtt=0.12,did=PWQMDJ5P) [Wed Feb 12 09:36:39 2020 - debug] lfi.audit(did="SfLfU2s7",uri="http://localhost:9090/cmd.jspx") took 0.14s to run [Wed Feb 12 09:36:39 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 27. [Wed Feb 12 09:36:39 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=71 returned HTTP code "200" (id=526,from_cache=0,grep=0,rtt=0.66,did=Jt31DyXm) [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] phishing_vector.audit(did="QIaXv8iv", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:39 2020 - debug] blind_sqli.audit(did="oxVMavar",uri="http://localhost:9090/cmd.jspx") took 0.16s to run [Wed Feb 12 09:36:39 2020 - debug] generic.audit(did="FNvdCt3l", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 28. [Wed Feb 12 09:36:39 2020 - debug] generic.audit(did="FNvdCt3l",uri="http://localhost:9090/cmd.jspx") took 0.02s to run [Wed Feb 12 09:36:39 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=530,from_cache=0,grep=0,rtt=0.12,did=QVLGzKv1) [Wed Feb 12 09:36:39 2020 - debug] Returning cached average RTT of 0.22 seconds for mutant 39394de6ba9bfc4a7ad64ef897ce62ec [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:QIaXv8iv) [Wed Feb 12 09:36:39 2020 - debug] Returning fresh average RTT of 0.22 seconds for mutant 39394de6ba9bfc4a7ad64ef897ce62ec [Wed Feb 12 09:36:39 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=531,from_cache=0,grep=0,rtt=0.13,did=yH9YRVsV) [Wed Feb 12 09:36:39 2020 - debug] [auth.detailed] User "admin" is currently logged into the application (did: yH9YRVsV) [Wed Feb 12 09:36:39 2020 - debug] detailed._login() took 0.28s to run [Wed Feb 12 09:36:39 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 29. [Wed Feb 12 09:36:39 2020 - debug] format_string.audit(did="Wvt2yZcH", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:Wvt2yZcH) [Wed Feb 12 09:36:39 2020 - debug] format_string.audit(did="Wvt2yZcH",uri="http://localhost:9090/cmd.jspx") took 0.02s to run [Wed Feb 12 09:36:39 2020 - debug] Finished audit.phishing_vector (did=QIaXv8iv) [Wed Feb 12 09:36:39 2020 - debug] phishing_vector.audit(did="QIaXv8iv",uri="http://localhost:9090/cmd.jspx") took 0.13s to run [Wed Feb 12 09:36:39 2020 - debug] COPY http://localhost:9090/ returned HTTP code "404" (id=533,from_cache=0,grep=1,rtt=0.11,did=pljQtDJz) [Wed Feb 12 09:36:39 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 30. [Wed Feb 12 09:36:39 2020 - debug] websocket_hijacking.audit(did="hV9YDgHk", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:39 2020 - debug] shell_shock.audit(did="angK7cDm", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:39 2020 - debug] GET http://localhost:9090/socat.exe returned HTTP code "404" (id=532,from_cache=0,grep=1,rtt=0.20,did=h6totNaw) [Wed Feb 12 09:36:39 2020 - debug] websocket_hijacking.audit(did="hV9YDgHk",uri="http://localhost:9090/cmd.jspx") took 0.05s to run [Wed Feb 12 09:36:39 2020 - debug] memcachei.audit(did="kxjFKRbs", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:kxjFKRbs) [Wed Feb 12 09:36:39 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 31. [Wed Feb 12 09:36:39 2020 - debug] oracle_discovery found the URL: "http://localhost:9090/portal/page" but failed to parse it as an Oracle page. The first 50 bytes of the response body is: "\n\n\n, response wait time was: 0.158929109573 seconds and response ID: 536. [Wed Feb 12 09:36:39 2020 - debug] GET http://localhost:9090/list.sh returned HTTP code "404" (id=534,from_cache=0,grep=1,rtt=0.06,did=ktomJtyh) [Wed Feb 12 09:36:39 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 321, 'reject-seen-url': 54, 'reject-out-of-scope': 5, 'accept': 70} [Wed Feb 12 09:36:39 2020 - debug] GET http://localhost:9090/nc.exe returned HTTP code "404" (id=537,from_cache=0,grep=1,rtt=0.08,did=b30vPc8s) [Wed Feb 12 09:36:39 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 33. [Wed Feb 12 09:36:39 2020 - debug] memcachei.audit(did="kxjFKRbs",uri="http://localhost:9090/cmd.jspx") took 0.28s to run [Wed Feb 12 09:36:39 2020 - debug] buffer_overflow.audit(did="zGIc4erQ", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:39 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jspx" () [Wed Feb 12 09:36:39 2020 - debug] GET http://localhost:9090/cmd.show returned HTTP code "404" (id=539,from_cache=0,grep=1,rtt=0.07,did=dyQeIDou) [Wed Feb 12 09:36:39 2020 - debug] ldapi.audit(did="n5qCKITZ",uri="http://localhost:9090/cmd.jspx") took 0.10s to run [Wed Feb 12 09:36:39 2020 - debug] Starting the phishtank CSV parsing. [Wed Feb 12 09:36:39 2020 - debug] redos.audit(did="V3vthuAS", uri="http://localhost:9090/cmd.jspx") [Wed Feb 12 09:36:40 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=538,from_cache=0,grep=1,rtt=0.07,did=QVLGzKv1) [Wed Feb 12 09:36:40 2020 - debug] [id: 140100622156944] HTTP response delay was 0.07. (lower, expected, upper): 8.00, 8.00, 16.28. [Wed Feb 12 09:36:40 2020 - debug] [did: QVLGzKv1] [id: 140100622156944] Failed to control HTTP response delay for URL http://localhost:9090/learn - parameter "User-Agent" for 8 seconds using , response wait time was: 0.0688080787659 seconds and response ID: 538. [Wed Feb 12 09:36:40 2020 - debug] GET http://localhost:9090/cmd.jspx returned HTTP code "404" (id=541,from_cache=0,grep=1,rtt=0.20,did=angK7cDm) [Wed Feb 12 09:36:40 2020 - debug] shell_shock.audit(did="QVLGzKv1",uri="http://localhost:9090/learn") took 4.64s to run (1.09s 23% sending HTTP requests) [Wed Feb 12 09:36:40 2020 - debug] buffer_overflow.audit(did="zGIc4erQ",uri="http://localhost:9090/cmd.jspx") took 0.08s to run [Wed Feb 12 09:36:40 2020 - debug] oracle_discovery found the URL: "http://localhost:9090/reports/rwservlet/showenv" but failed to parse it as an Oracle page. The first 50 bytes of the response body is: "\n\n\n, response wait time was: 0.0679519176483 seconds and response ID: 555. [Wed Feb 12 09:36:41 2020 - debug] GET http://localhost:9090/cmd.jspx returned HTTP code "404" (id=556,from_cache=0,grep=1,rtt=0.07,did=angK7cDm) [Wed Feb 12 09:36:41 2020 - debug] [id: 140100635561680] HTTP response delay was 0.07. (lower, expected, upper): 8.00, 8.00, 16.19. [Wed Feb 12 09:36:41 2020 - debug] [did: angK7cDm] [id: 140100635561680] Failed to control HTTP response delay for URL http://localhost:9090/cmd.jspx - parameter "User-Agent" for 8 seconds using , response wait time was: 0.0658228397369 seconds and response ID: 556. [Wed Feb 12 09:36:41 2020 - debug] shell_shock.audit(did="angK7cDm",uri="http://localhost:9090/cmd.jspx") took 1.59s to run (0.80s 49% sending HTTP requests) [Wed Feb 12 09:36:41 2020 - debug] rfi.audit(did="WVfrQ5Su",uri="http://localhost:9090/cmd.jspx") took 0.32s to run [Wed Feb 12 09:36:41 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=557,from_cache=0,grep=0,rtt=0.11,did=CSheJxFr) [Wed Feb 12 09:36:41 2020 - debug] file_upload.audit(did="QQoctTFn", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:41 2020 - debug] file_upload.audit(did="QQoctTFn",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:41 2020 - debug] finger_pks.discover(http://localhost:9090/learn, did=4NU0ecSk) [Wed Feb 12 09:36:41 2020 - debug] The infrastructure plugin: "finger_pks" wont be run anymore. [Wed Feb 12 09:36:41 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:41 2020 - debug] Calling finger_pks.end() [Wed Feb 12 09:36:41 2020 - debug] Spent 0.00 seconds running finger_pks.end() [Wed Feb 12 09:36:41 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:41 2020 - debug] finger_pks.discover(did="4NU0ecSk",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:41 2020 - debug] The infrastructure plugin: "finger_bing" wont be run anymore. [Wed Feb 12 09:36:41 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:41 2020 - debug] Calling finger_bing.end() [Wed Feb 12 09:36:41 2020 - debug] Spent 0.00 seconds running finger_bing.end() [Wed Feb 12 09:36:41 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:41 2020 - debug] finger_bing.discover(did="DuVoLm7N",uri="http://localhost:9090/learn") took 0.04s to run [Wed Feb 12 09:36:41 2020 - debug] genexus_xml.discover(http://localhost:9090/learn, did=2D4lyiYl) [Wed Feb 12 09:36:41 2020 - debug] [genexus_xml] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:41 2020 - debug] The crawl plugin: "genexus_xml" wont be run anymore. [Wed Feb 12 09:36:41 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:41 2020 - debug] Calling genexus_xml.end() [Wed Feb 12 09:36:41 2020 - debug] Spent 0.00 seconds running genexus_xml.end() [Wed Feb 12 09:36:41 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:41 2020 - debug] genexus_xml.discover(did="2D4lyiYl",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] UNSUBSCRIBE http://localhost:9090/ returned HTTP code "404" (id=558,from_cache=0,grep=1,rtt=0.15,did=aIGLWp8R) [Wed Feb 12 09:36:42 2020 - debug] wordpress_fingerprint.discover(http://localhost:9090/learn, did=WqNZdGWv) [Wed Feb 12 09:36:42 2020 - debug] [wordpress_fingerprint] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] csrf.audit(did="GsTbALrF", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] csrf.audit(did="GsTbALrF",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] deserialization.audit(did="uHzKHuOA", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] deserialization.audit(did="uHzKHuOA",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] os_commanding.audit(did="mDrkeGin", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:mDrkeGin) [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] os_commanding.audit(did="mDrkeGin",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] dot_listing.discover(http://localhost:9090/learn, did=A45v3S1j) [Wed Feb 12 09:36:42 2020 - debug] [dot_listing] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] lfi.audit(did="krRQ36yc", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:krRQ36yc) [Wed Feb 12 09:36:42 2020 - debug] lfi.audit(did="krRQ36yc",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] Will increase timeout to 3.99 seconds after HTTP socket error (did:W04MBuJP) [Wed Feb 12 09:36:42 2020 - debug] Updating socket timeout for localhost from 3.63 to 3.99 seconds [Wed Feb 12 09:36:42 2020 - debug] Raising HTTP error "TEXTSEARCH" "http://localhost:9090/" failed reason: "No status line received - the server has closed the connection". Error handling was disabled for this request (did:W04MBuJP). [Wed Feb 12 09:36:42 2020 - debug] sqli.audit(did="rlyUlsYL", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:rlyUlsYL) [Wed Feb 12 09:36:42 2020 - debug] sqli.audit(did="rlyUlsYL",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] dot_listing.discover(did="A45v3S1j",uri="http://localhost:9090/learn") took 0.04s to run [Wed Feb 12 09:36:42 2020 - debug] content_negotiation.discover(http://localhost:9090/learn, did=dTu1ShAb) [Wed Feb 12 09:36:42 2020 - debug] [content_negotiation] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] blind_sqli.audit(did="qsWshM0n", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] blind_sqli.audit(did="qsWshM0n",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] phishing_vector.audit(did="LkB6rnPC", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:LkB6rnPC) [Wed Feb 12 09:36:42 2020 - debug] Finished audit.phishing_vector (did=LkB6rnPC) [Wed Feb 12 09:36:42 2020 - debug] phishing_vector.audit(did="LkB6rnPC",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] generic.audit(did="foWf3wWD", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] generic.audit(did="foWf3wWD",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] MKACTIVITY http://localhost:9090/ returned HTTP code "404" (id=559,from_cache=0,grep=1,rtt=0.09,did=EPAFw629) [Wed Feb 12 09:36:42 2020 - debug] allowed_methods.discover(did="a6QYZFNE",uri="http://localhost:9090/") took 24.26s to run [Wed Feb 12 09:36:42 2020 - debug] GET http://localhost:9090/wp-login.php returned HTTP code "404" (id=560,from_cache=1,grep=1,rtt=0.18,did=s7X3mNqs) [Wed Feb 12 09:36:42 2020 - debug] wordpress_fingerprint.discover(did="WqNZdGWv",uri="http://localhost:9090/learn") took 0.16s to run [Wed Feb 12 09:36:42 2020 - debug] format_string.audit(did="nvaWTkRU", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:nvaWTkRU) [Wed Feb 12 09:36:42 2020 - debug] websocket_hijacking.audit(did="Ee0kOT0F", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] websocket_hijacking.audit(did="Ee0kOT0F",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] format_string.audit(did="nvaWTkRU",uri="http://localhost:9090/cmd.jsp") took 0.02s to run [Wed Feb 12 09:36:42 2020 - debug] shell_shock.audit(did="RaLPsX4B", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] memcachei.audit(did="JpmxUfJe", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:JpmxUfJe) [Wed Feb 12 09:36:42 2020 - debug] memcachei.audit(did="JpmxUfJe",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] robots_txt.discover(http://localhost:9090/learn, did=KzhJG0kX) [Wed Feb 12 09:36:42 2020 - debug] [robots_txt] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] archive_dot_org.discover(http://localhost:9090/learn, did=GYfYkGIL) [Wed Feb 12 09:36:42 2020 - debug] [archive_dot_org] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] The crawl plugin: "robots_txt" wont be run anymore. [Wed Feb 12 09:36:42 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:42 2020 - debug] Calling robots_txt.end() [Wed Feb 12 09:36:42 2020 - debug] Spent 0.00 seconds running robots_txt.end() [Wed Feb 12 09:36:42 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:42 2020 - debug] robots_txt.discover(did="KzhJG0kX",uri="http://localhost:9090/learn") took 0.02s to run [Wed Feb 12 09:36:42 2020 - debug] ria_enumerator.discover(http://localhost:9090/learn, did=BzWWTPj5) [Wed Feb 12 09:36:42 2020 - debug] [ria_enumerator] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] The crawl plugin: "ria_enumerator" wont be run anymore. [Wed Feb 12 09:36:42 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:42 2020 - debug] Calling ria_enumerator.end() [Wed Feb 12 09:36:42 2020 - debug] Spent 0.00 seconds running ria_enumerator.end() [Wed Feb 12 09:36:42 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:42 2020 - debug] ria_enumerator.discover(did="BzWWTPj5",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] un_ssl.audit(did="9z6xqBMP", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] un_ssl.audit(did="9z6xqBMP",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] ldapi.audit(did="V7n37BjZ", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:V7n37BjZ) [Wed Feb 12 09:36:42 2020 - debug] ldapi.audit(did="V7n37BjZ",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] buffer_overflow.audit(did="rGoCrkJN", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] redos.audit(did="dWoUbfty", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] buffer_overflow.audit(did="rGoCrkJN",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=561,from_cache=0,grep=1,rtt=0.02,did=3ZCxBbL7) [Wed Feb 12 09:36:42 2020 - information] The remote Web server has Content Negotiation disabled [Wed Feb 12 09:36:42 2020 - debug] content_negotiation.discover(did="dTu1ShAb",uri="http://localhost:9090/learn") took 0.23s to run [Wed Feb 12 09:36:42 2020 - debug] redos.audit(did="dWoUbfty",uri="http://localhost:9090/cmd.jsp") took 0.01s to run [Wed Feb 12 09:36:42 2020 - debug] global_redirect.audit(did="4e2ZpQIS", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:4e2ZpQIS) [Wed Feb 12 09:36:42 2020 - debug] wordnet.discover(http://localhost:9090/learn, did=veFKcUAf) [Wed Feb 12 09:36:42 2020 - debug] [wordnet] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] user_dir.discover(http://localhost:9090/learn, did=JeK7xTzO) [Wed Feb 12 09:36:42 2020 - debug] [user_dir] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] The crawl plugin: "user_dir" wont be run anymore. [Wed Feb 12 09:36:42 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:42 2020 - debug] Calling user_dir.end() [Wed Feb 12 09:36:42 2020 - debug] Spent 0.00 seconds running user_dir.end() [Wed Feb 12 09:36:42 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:42 2020 - debug] user_dir.discover(did="JeK7xTzO",uri="http://localhost:9090/learn") took 0.06s to run [Wed Feb 12 09:36:42 2020 - debug] xpath.audit(did="krqkeCAc", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:krqkeCAc) [Wed Feb 12 09:36:42 2020 - debug] sitemap_xml.discover(http://localhost:9090/learn, did=vBL4WbmB) [Wed Feb 12 09:36:42 2020 - debug] [sitemap_xml] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] The crawl plugin: "sitemap_xml" wont be run anymore. [Wed Feb 12 09:36:42 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:42 2020 - debug] Calling sitemap_xml.end() [Wed Feb 12 09:36:42 2020 - debug] Spent 0.00 seconds running sitemap_xml.end() [Wed Feb 12 09:36:42 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:42 2020 - debug] sitemap_xml.discover(did="vBL4WbmB",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] cors_origin.audit(did="Ib68rQjp", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] xpath.audit(did="krqkeCAc",uri="http://localhost:9090/cmd.jsp") took 0.08s to run [Wed Feb 12 09:36:42 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=562,from_cache=0,grep=1,rtt=0.10,did=RaLPsX4B) [Wed Feb 12 09:36:42 2020 - debug] htaccess_methods.audit(did="4qiIeOmP", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] dir_file_bruter.discover(http://localhost:9090/learn, did=wwm2C286) [Wed Feb 12 09:36:42 2020 - debug] [dir_file_bruter] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] The crawl plugin: "dir_file_bruter" wont be run anymore. [Wed Feb 12 09:36:42 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:42 2020 - debug] Calling dir_file_bruter.end() [Wed Feb 12 09:36:42 2020 - debug] dav.audit(did="e4zTbRvs", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] dav.audit(did="e4zTbRvs",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] ssi.audit(did="Dkctc4JD", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=564,from_cache=1,grep=1,rtt=0.14,did=xC6ZlM2P) [Wed Feb 12 09:36:42 2020 - debug] xxe.audit(did="tx17N9hX", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] xxe.audit(did="tx17N9hX",uri="http://localhost:9090/cmd.jsp") took 0.02s to run [Wed Feb 12 09:36:42 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=91 returned HTTP code "200" (id=563,from_cache=0,grep=0,rtt=0.53,did=Ow5uHmN2) [Wed Feb 12 09:36:42 2020 - debug] wordnet.discover(did="veFKcUAf",uri="http://localhost:9090/learn") took 0.31s to run [Wed Feb 12 09:36:42 2020 - debug] Spent 0.14 seconds running dir_file_bruter.end() [Wed Feb 12 09:36:42 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:42 2020 - debug] dir_file_bruter.discover(did="wwm2C286",uri="http://localhost:9090/learn") took 0.14s to run [Wed Feb 12 09:36:42 2020 - debug] find_dvcs.discover(http://localhost:9090/learn, did=MtUTmaiP) [Wed Feb 12 09:36:42 2020 - debug] [find_dvcs] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] find_dvcs.discover(did="MtUTmaiP",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] import_results.discover(http://localhost:9090/learn, did=g4pFUFBu) [Wed Feb 12 09:36:42 2020 - debug] [import_results] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] The crawl plugin: "import_results" wont be run anymore. [Wed Feb 12 09:36:42 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:42 2020 - debug] Calling import_results.end() [Wed Feb 12 09:36:42 2020 - debug] Spent 0.00 seconds running import_results.end() [Wed Feb 12 09:36:42 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:42 2020 - debug] import_results.discover(did="g4pFUFBu",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] global_redirect.audit(did="4e2ZpQIS",uri="http://localhost:9090/cmd.jsp") took 0.37s to run [Wed Feb 12 09:36:42 2020 - debug] eval.audit(did="2m3lAx9G", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:2m3lAx9G) [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] rosetta_flash.audit(did="einxzueA", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] rosetta_flash.audit(did="einxzueA",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=565,from_cache=0,grep=1,rtt=0.11,did=Ib68rQjp) [Wed Feb 12 09:36:42 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 327, 'reject-seen-url': 71, 'reject-out-of-scope': 5, 'accept': 72} [Wed Feb 12 09:36:42 2020 - debug] phpinfo.discover(http://localhost:9090/learn, did=T0N2VEkL) [Wed Feb 12 09:36:42 2020 - debug] [phpinfo] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] phpinfo.discover(did="T0N2VEkL",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] url_fuzzer.discover(http://localhost:9090/learn, did=yrCsPE8F) [Wed Feb 12 09:36:42 2020 - debug] [url_fuzzer] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] xss.audit(did="FlEdi4dL", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] xss.audit(did="FlEdi4dL",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=566,from_cache=1,grep=1,rtt=0.17,did=Bp7fF9pB) [Wed Feb 12 09:36:42 2020 - debug] htaccess_methods.audit(did="4qiIeOmP",uri="http://localhost:9090/cmd.jsp") took 0.35s to run [Wed Feb 12 09:36:42 2020 - debug] payment_webhook_finder.discover(http://localhost:9090/learn, did=KN5VN6NG) [Wed Feb 12 09:36:42 2020 - debug] [payment_webhook_finder] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:42 2020 - debug] xst.audit(did="2jaiAToi", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:42 2020 - debug] xst.audit(did="2jaiAToi",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:42 2020 - debug] localhost:9090 connection pool stats (free:46 / in_use:4 / max:50 / total:50) [Wed Feb 12 09:36:42 2020 - debug] Connections with more in use time: (e5d18847cda1e1ee, 0.25 sec) (26cc3d3a49e28508, 0.23 sec) (955b76b517b2a7f0, 0.02 sec) (ee57bf4e9093aa89, 0.01 sec) [Wed Feb 12 09:36:42 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=567,from_cache=0,grep=0,rtt=0.03,did=RaLPsX4B) [Wed Feb 12 09:36:42 2020 - debug] eval.audit(did="2m3lAx9G",uri="http://localhost:9090/cmd.jsp") took 0.38s to run [Wed Feb 12 09:36:42 2020 - debug] GET http://localhost:9090/openapi.json returned HTTP code "404" (id=569,from_cache=0,grep=1,rtt=0.19,did=c0UiZ8h7) [Wed Feb 12 09:36:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:Dkctc4JD) [Wed Feb 12 09:36:43 2020 - debug] ssi.audit(did="Dkctc4JD",uri="http://localhost:9090/cmd.jsp") took 0.67s to run [Wed Feb 12 09:36:43 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=568,from_cache=0,grep=1,rtt=0.13,did=Ib68rQjp) [Wed Feb 12 09:36:43 2020 - debug] cors_origin.audit(did="Ib68rQjp",uri="http://localhost:9090/cmd.jsp") took 0.83s to run (0.24s 28% sending HTTP requests) [Wed Feb 12 09:36:43 2020 - debug] GET http://localhost:9090/api/v1/swagger.json returned HTTP code "404" (id=574,from_cache=0,grep=1,rtt=0.20,did=c0UiZ8h7) [Wed Feb 12 09:36:43 2020 - debug] ssl_certificate.audit(did="5R1OD6SV", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:43 2020 - debug] ssl_certificate.audit(did="5R1OD6SV",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:43 2020 - debug] GET http://localhost:9090/api/openapi.json returned HTTP code "404" (id=570,from_cache=0,grep=1,rtt=0.30,did=c0UiZ8h7) [Wed Feb 12 09:36:43 2020 - debug] GET http://localhost:9090/api/v1.0/openapi.yaml returned HTTP code "404" (id=577,from_cache=0,grep=1,rtt=0.12,did=c0UiZ8h7) [Wed Feb 12 09:36:43 2020 - debug] preg_replace.audit(did="NGllkMiq", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:43 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:43 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:NGllkMiq) [Wed Feb 12 09:36:43 2020 - debug] preg_replace.audit(did="NGllkMiq",uri="http://localhost:9090/cmd.jsp") took 0.01s to run [Wed Feb 12 09:36:43 2020 - debug] GET http://localhost:9090/api/v1/openapi.yaml returned HTTP code "404" (id=580,from_cache=0,grep=1,rtt=0.32,did=c0UiZ8h7) [Wed Feb 12 09:36:43 2020 - debug] GET http://localhost:9090/api/v2.0/openapi.yaml returned HTTP code "404" (id=573,from_cache=0,grep=1,rtt=0.16,did=c0UiZ8h7) [Wed Feb 12 09:36:43 2020 - debug] GET http://localhost:9090/openapi.yaml returned HTTP code "404" (id=572,from_cache=0,grep=1,rtt=0.07,did=c0UiZ8h7) [Wed Feb 12 09:36:43 2020 - debug] GET http://localhost:9090/api/v2.1/openapi.yaml returned HTTP code "404" (id=578,from_cache=0,grep=1,rtt=0.22,did=c0UiZ8h7) [Wed Feb 12 09:36:43 2020 - debug] GET http://localhost:9090/api/v2.1/swagger.json returned HTTP code "404" (id=586,from_cache=0,grep=1,rtt=0.18,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/v1/openapi.json returned HTTP code "404" (id=576,from_cache=0,grep=1,rtt=0.22,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/2.1/swagger.json returned HTTP code "404" (id=587,from_cache=0,grep=1,rtt=0.40,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/openapi.yaml returned HTTP code "404" (id=571,from_cache=0,grep=1,rtt=0.05,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/v2.1/openapi.json returned HTTP code "404" (id=581,from_cache=0,grep=1,rtt=0.14,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/swagger.json returned HTTP code "404" (id=585,from_cache=0,grep=1,rtt=0.18,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/swagger.json returned HTTP code "404" (id=582,from_cache=0,grep=1,rtt=0.63,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/v2.0/openapi.json returned HTTP code "404" (id=584,from_cache=0,grep=1,rtt=0.37,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/v2.0/swagger.json returned HTTP code "404" (id=575,from_cache=0,grep=1,rtt=0.20,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/v2/openapi.json returned HTTP code "404" (id=588,from_cache=0,grep=1,rtt=0.18,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/2.1/openapi.json returned HTTP code "404" (id=590,from_cache=0,grep=1,rtt=0.23,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] mx_injection.audit(did="u6EhIilW", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:44 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:44 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:u6EhIilW) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/v1.1/openapi.json returned HTTP code "404" (id=579,from_cache=0,grep=1,rtt=0.04,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/v2/openapi.yaml returned HTTP code "404" (id=589,from_cache=0,grep=1,rtt=0.20,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/v1.0/openapi.json returned HTTP code "404" (id=592,from_cache=0,grep=1,rtt=0.58,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/v1.1/openapi.yaml returned HTTP code "404" (id=593,from_cache=0,grep=1,rtt=0.16,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/v2/swagger.json returned HTTP code "404" (id=583,from_cache=0,grep=1,rtt=0.22,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] mx_injection.audit(did="u6EhIilW",uri="http://localhost:9090/cmd.jsp") took 0.13s to run [Wed Feb 12 09:36:44 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 41. [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/v1.0/swagger.json returned HTTP code "404" (id=594,from_cache=0,grep=1,rtt=0.28,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/2.0/openapi.json returned HTTP code "404" (id=595,from_cache=0,grep=1,rtt=0.27,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=596,from_cache=0,grep=0,rtt=0.32,did=RaLPsX4B) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/v1.1/swagger.json returned HTTP code "404" (id=591,from_cache=0,grep=1,rtt=0.39,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/2.0/swagger.json returned HTTP code "404" (id=597,from_cache=0,grep=1,rtt=0.35,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] response_splitting.audit(did="uscrxtD1", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:44 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:44 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:uscrxtD1) [Wed Feb 12 09:36:44 2020 - debug] localhost:9090 connection pool stats (free:48 / in_use:2 / max:50 / total:50) [Wed Feb 12 09:36:44 2020 - debug] Connections with more in use time: (f5adb0c09c70ca09, 0.28 sec) (7b389725bee04a75, 0.03 sec) [Wed Feb 12 09:36:44 2020 - debug] response_splitting.audit(did="uscrxtD1",uri="http://localhost:9090/cmd.jsp") took 0.10s to run [Wed Feb 12 09:36:44 2020 - debug] rfd.audit(did="WPEeAPs4", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:44 2020 - debug] URL "http://localhost:9090/cmd.jsp" is not vulnerable to RFD because response content-type is "text/html" and content-disposition header is missing, response id 557 [Wed Feb 12 09:36:44 2020 - debug] rfd.audit(did="WPEeAPs4",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:44 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 42. [Wed Feb 12 09:36:44 2020 - debug] rfi.audit(did="E1BOW4I3", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:44 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:44 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:E1BOW4I3) [Wed Feb 12 09:36:44 2020 - debug] frontpage.audit(did="mIA7Gud9", uri="http://localhost:9090/cmd.jsp") [Wed Feb 12 09:36:44 2020 - debug] RFI using local web server for URL: http://localhost:9090/cmd.jsp [Wed Feb 12 09:36:44 2020 - debug] frontpage.audit(did="mIA7Gud9",uri="http://localhost:9090/cmd.jsp") took 0.10s to run [Wed Feb 12 09:36:44 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 43. [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/2.1/openapi.yaml returned HTTP code "404" (id=598,from_cache=0,grep=1,rtt=0.16,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/1.0/openapi.json returned HTTP code "404" (id=599,from_cache=0,grep=1,rtt=0.14,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=602,from_cache=0,grep=1,rtt=0.18,did=iVy6luZ0) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/1.1/swagger.json returned HTTP code "404" (id=604,from_cache=0,grep=1,rtt=0.04,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/1.1/openapi.yaml returned HTTP code "404" (id=603,from_cache=0,grep=1,rtt=0.15,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 44. [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/2.0/openapi.yaml returned HTTP code "404" (id=600,from_cache=0,grep=1,rtt=0.39,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 45. [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/1.1/openapi.json returned HTTP code "404" (id=605,from_cache=0,grep=1,rtt=0.10,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/cmd.jsp" () [Wed Feb 12 09:36:44 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:E1BOW4I3) [Wed Feb 12 09:36:44 2020 - debug] Updating socket timeout for localhost from 3.99 to 3.00 seconds [Wed Feb 12 09:36:44 2020 - debug] rfi.audit(did="E1BOW4I3",uri="http://localhost:9090/cmd.jsp") took 0.39s to run [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=606,from_cache=0,grep=0,rtt=0.13,did=RaLPsX4B) [Wed Feb 12 09:36:44 2020 - debug] Returning cached average RTT of 0.16 seconds for mutant e6f3b5641a7c325c0e44e6e7e6ee2ac8 [Wed Feb 12 09:36:44 2020 - debug] GET http://localhost:9090/api/1.0/openapi.yaml returned HTTP code "404" (id=608,from_cache=0,grep=1,rtt=0.22,did=c0UiZ8h7) [Wed Feb 12 09:36:44 2020 - debug] GET http://web.archive.org/web/*/http:/localhost:9090/learn returned HTTP code "200" (id=609,from_cache=0,grep=1,rtt=1.95,did=L0OEkg4A) [Wed Feb 12 09:36:44 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 46. [Wed Feb 12 09:36:44 2020 - debug] Returning fresh average RTT of 0.16 seconds for mutant e6f3b5641a7c325c0e44e6e7e6ee2ac8 [Wed Feb 12 09:36:44 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=101 returned HTTP code "200" (id=607,from_cache=0,grep=0,rtt=0.85,did=AvYJePGW) [Wed Feb 12 09:36:44 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 47. [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.tgz returned HTTP code "404" (id=611,from_cache=0,grep=1,rtt=0.13,did=FWes7cbV) [Wed Feb 12 09:36:45 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 48. [Wed Feb 12 09:36:45 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 49. [Wed Feb 12 09:36:45 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 50. [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn~ returned HTTP code "404" (id=610,from_cache=0,grep=1,rtt=0.12,did=WWt6q4f8) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.inc returned HTTP code "404" (id=615,from_cache=0,grep=1,rtt=0.08,did=5OaC6pi1) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=619,from_cache=0,grep=1,rtt=0.29,did=RaLPsX4B) [Wed Feb 12 09:36:45 2020 - debug] [id: 140100612797392] HTTP response delay was 0.29. (lower, expected, upper): 8.00, 8.00, 16.20. [Wed Feb 12 09:36:45 2020 - debug] [did: RaLPsX4B] [id: 140100612797392] Failed to control HTTP response delay for URL http://localhost:9090/cmd.jsp - parameter "User-Agent" for 8 seconds using , response wait time was: 0.291565179825 seconds and response ID: 619. [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.gzip returned HTTP code "404" (id=613,from_cache=0,grep=1,rtt=0.09,did=6v5aLwOX) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.tar.gz returned HTTP code "404" (id=617,from_cache=0,grep=1,rtt=0.10,did=x26Zi9BA) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=620,from_cache=0,grep=1,rtt=0.25,did=RaLPsX4B) [Wed Feb 12 09:36:45 2020 - debug] [id: 140100612943120] HTTP response delay was 0.25. (lower, expected, upper): 8.00, 8.00, 16.20. [Wed Feb 12 09:36:45 2020 - debug] [did: RaLPsX4B] [id: 140100612943120] Failed to control HTTP response delay for URL http://localhost:9090/cmd.jsp - parameter "User-Agent" for 8 seconds using , response wait time was: 0.254592895508 seconds and response ID: 620. [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.java returned HTTP code "404" (id=621,from_cache=0,grep=1,rtt=0.07,did=kMlTlPno) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.cab returned HTTP code "404" (id=614,from_cache=0,grep=1,rtt=0.15,did=ELtPs5E9) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.gz returned HTTP code "404" (id=618,from_cache=0,grep=1,rtt=0.10,did=R4PV0HCc) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.bzip2 returned HTTP code "404" (id=616,from_cache=0,grep=1,rtt=0.10,did=itanjpPp) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.jar returned HTTP code "404" (id=622,from_cache=0,grep=1,rtt=0.11,did=ojqTgsDl) [Wed Feb 12 09:36:45 2020 - debug] shell_shock.audit(did="RaLPsX4B",uri="http://localhost:9090/cmd.jsp") took 3.34s to run (1.13s 33% sending HTTP requests) [Wed Feb 12 09:36:45 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 51. [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.7z returned HTTP code "404" (id=612,from_cache=0,grep=1,rtt=0.14,did=iIj43fxw) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.zip returned HTTP code "404" (id=623,from_cache=0,grep=1,rtt=0.11,did=TTQGvwFu) [Wed Feb 12 09:36:45 2020 - debug] localhost:9090 connection pool stats (free:50 / in_use:0 / max:50 / total:50) [Wed Feb 12 09:36:45 2020 - debug] There are no connections marked as in use in the connection pool at this time [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.class returned HTTP code "404" (id=624,from_cache=0,grep=1,rtt=0.12,did=dgWYhD5v) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.rar returned HTTP code "404" (id=626,from_cache=0,grep=1,rtt=0.20,did=IYF6BtPh) [Wed Feb 12 09:36:45 2020 - debug] detailed.has_active_session() and detailed.login() [Wed Feb 12 09:36:45 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: tBIIbTUm) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.bkp returned HTTP code "404" (id=627,from_cache=0,grep=1,rtt=0.03,did=svJQEBGj) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.bak returned HTTP code "404" (id=625,from_cache=0,grep=1,rtt=0.09,did=BIx9ggn4) [Wed Feb 12 09:36:45 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 52. [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.back returned HTTP code "404" (id=628,from_cache=0,grep=1,rtt=0.13,did=qLIvVeq5) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.backup1 returned HTTP code "404" (id=629,from_cache=0,grep=1,rtt=0.06,did=lkh8qzXw) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.bak1 returned HTTP code "404" (id=631,from_cache=0,grep=1,rtt=0.14,did=0LgAkVbM) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=632,from_cache=0,grep=0,rtt=0.18,did=tBIIbTUm) [Wed Feb 12 09:36:45 2020 - debug] [auth.detailed] User "admin" is currently logged into the application (did: tBIIbTUm) [Wed Feb 12 09:36:45 2020 - debug] detailed._login() took 0.40s to run [Wed Feb 12 09:36:45 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 53. [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.old returned HTTP code "404" (id=630,from_cache=0,grep=1,rtt=0.21,did=8ELCCXY2) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.properties returned HTTP code "404" (id=633,from_cache=0,grep=1,rtt=0.26,did=wDkVMFKd) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.$$$ returned HTTP code "404" (id=639,from_cache=0,grep=1,rtt=0.18,did=1964Ii3x) [Wed Feb 12 09:36:45 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 54. [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/localhost.tar.gz returned HTTP code "404" (id=634,from_cache=0,grep=1,rtt=0.09,did=dhnQpkXk) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.backup returned HTTP code "404" (id=640,from_cache=0,grep=1,rtt=0.53,did=hfTxbJKI) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/learn.old1 returned HTTP code "404" (id=636,from_cache=0,grep=1,rtt=0.09,did=GM4NAbnq) [Wed Feb 12 09:36:45 2020 - debug] GET http://localhost:9090/localhost.7z returned HTTP code "404" (id=637,from_cache=0,grep=1,rtt=0.21,did=SMQ7jKbI) [Wed Feb 12 09:36:45 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 55. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 56. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 57. [Wed Feb 12 09:36:46 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=111 returned HTTP code "200" (id=635,from_cache=0,grep=0,rtt=0.55,did=GcQVJ1cu) [Wed Feb 12 09:36:46 2020 - debug] GET http://localhost:9090/localhost.gz returned HTTP code "404" (id=638,from_cache=0,grep=1,rtt=0.07,did=RB9SQiDi) [Wed Feb 12 09:36:46 2020 - debug] GET http://localhost:9090/localhost.cab returned HTTP code "404" (id=641,from_cache=0,grep=1,rtt=0.07,did=O9OysXsa) [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 58. [Wed Feb 12 09:36:46 2020 - debug] GET http://localhost:9090/localhost.tgz returned HTTP code "404" (id=642,from_cache=0,grep=1,rtt=0.18,did=Rkg9Z7Hg) [Wed Feb 12 09:36:46 2020 - debug] vulners_db.grep(uri="http://localhost:9090/.listing") took 27.86s to run [Wed Feb 12 09:36:46 2020 - debug] strict_transport_security.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] keys.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] vulners_db.grep(uri="http://localhost:9090/wp-login.php") took 25.13s to run [Wed Feb 12 09:36:46 2020 - debug] clamav.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] vulners_db.grep(uri="http://localhost:9090/robots.txt") took 21.45s to run [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 59. [Wed Feb 12 09:36:46 2020 - debug] http_auth_detect.grep(uri="http://localhost:9090/robots.txt") took 0.02s to run [Wed Feb 12 09:36:46 2020 - debug] form_autocomplete.grep(uri="http://localhost:9090/robots.txt") took 0.04s to run [Wed Feb 12 09:36:46 2020 - debug] html_comments.grep(uri="http://localhost:9090/robots.txt") took 0.04s to run [Wed Feb 12 09:36:46 2020 - debug] dot_net_event_validation.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] objects.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] error_500.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] meta_tags.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] vulners_db.grep(uri="http://localhost:9090/") took 29.56s to run [Wed Feb 12 09:36:46 2020 - debug] strange_parameters.grep(uri="http://localhost:9090/robots.txt") took 0.02s to run [Wed Feb 12 09:36:46 2020 - debug] password_profiling.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] click_jacking.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] directory_indexing.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] lang.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 60. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 61. [Wed Feb 12 09:36:46 2020 - debug] vulners_db.grep(uri="http://localhost:9090/_vti_inf.html") took 28.63s to run [Wed Feb 12 09:36:46 2020 - debug] url_session.grep(uri="http://localhost:9090/robots.txt") took 0.04s to run [Wed Feb 12 09:36:46 2020 - debug] GET http://localhost:9090/localhost.rar returned HTTP code "404" (id=647,from_cache=0,grep=1,rtt=0.14,did=5nAv0zub) [Wed Feb 12 09:36:46 2020 - debug] hash_analysis.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] GET http://localhost:9090/localhost.zip returned HTTP code "404" (id=644,from_cache=0,grep=1,rtt=0.07,did=bzBPKk5b) [Wed Feb 12 09:36:46 2020 - debug] GET http://web.archive.org/web/*/http:/localhost:9090/learn returned HTTP code "200" (id=646,from_cache=1,grep=1,rtt=1.95,did=802pAiQu) [Wed Feb 12 09:36:46 2020 - debug] GET http://localhost:9090/localhost.gzip returned HTTP code "404" (id=645,from_cache=0,grep=1,rtt=0.12,did=3CATb93r) [Wed Feb 12 09:36:46 2020 - debug] strange_reason.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] content_sniffing.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] user_defined_regex.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] cache_control.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] strange_headers.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] ssn.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] oracle.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] feeds.grep(uri="http://localhost:9090/robots.txt") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] error_pages.grep(uri="http://localhost:9090/robots.txt") took 0.03s to run [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 62. [Wed Feb 12 09:36:46 2020 - debug] GET http://localhost:9090/localhost.bzip2 returned HTTP code "404" (id=643,from_cache=0,grep=1,rtt=0.08,did=a251q0yK) [Wed Feb 12 09:36:46 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 348, 'reject-seen-url': 85, 'reject-out-of-scope': 7, 'accept': 110} [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 63. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 64. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 65. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 66. [Wed Feb 12 09:36:46 2020 - debug] analyze_cookies.grep(uri="http://localhost:9090/robots.txt") took 0.02s to run [Wed Feb 12 09:36:46 2020 - debug] Archive.org did not find any pages. [Wed Feb 12 09:36:46 2020 - debug] archive_dot_org.discover(did="GYfYkGIL",uri="http://localhost:9090/learn") took 4.87s to run [Wed Feb 12 09:36:46 2020 - debug] urllist_txt.discover(http://localhost:9090/learn, did=0PbE2Bjo) [Wed Feb 12 09:36:46 2020 - debug] [urllist_txt] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:46 2020 - debug] The crawl plugin: "urllist_txt" wont be run anymore. [Wed Feb 12 09:36:46 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:46 2020 - debug] Calling urllist_txt.end() [Wed Feb 12 09:36:46 2020 - debug] Spent 0.00 seconds running urllist_txt.end() [Wed Feb 12 09:36:46 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:46 2020 - debug] urllist_txt.discover(did="0PbE2Bjo",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 67. [Wed Feb 12 09:36:46 2020 - debug] find_backdoors.discover(http://localhost:9090/learn, did=kpsSOH9Q) [Wed Feb 12 09:36:46 2020 - debug] [find_backdoors] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 68. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 69. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 70. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 71. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 72. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 73. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 74. [Wed Feb 12 09:36:46 2020 - debug] symfony.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] find_backdoors.discover(did="kpsSOH9Q",uri="http://localhost:9090/learn") took 0.02s to run [Wed Feb 12 09:36:46 2020 - debug] web_spider.discover(http://localhost:9090/learn, did=AnpPqF7F) [Wed Feb 12 09:36:46 2020 - debug] [web_spider] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 75. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 76. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 77. [Wed Feb 12 09:36:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 78. [Wed Feb 12 09:36:46 2020 - debug] url_fuzzer.discover(did="yrCsPE8F",uri="http://localhost:9090/learn") took 4.40s to run [Wed Feb 12 09:36:46 2020 - debug] find_captchas.discover(http://localhost:9090/learn, did=4HoQUTsr) [Wed Feb 12 09:36:46 2020 - debug] [find_captchas] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:46 2020 - debug] cross_domain_js.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] expect_ct.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] svn_users.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] xss_protection_header.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] private_ip.grep(uri="http://localhost:9090/execute.xml") took 0.07s to run [Wed Feb 12 09:36:46 2020 - debug] motw.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] meta_generator.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] wsdl_greper.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] code_disclosure.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] file_upload.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] Unknown post-data. Content-type: "None" and/or post-data "" [Wed Feb 12 09:36:46 2020 - debug] serialized_object.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] blank_body.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] path_disclosure.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] strange_http_codes.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] credit_cards.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] websockets_links.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] csp.grep(uri="http://localhost:9090/execute.xml") took 0.01s to run [Wed Feb 12 09:36:46 2020 - debug] dom_xss.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] vulners_db.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] strict_transport_security.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] keys.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=648,from_cache=0,grep=1,rtt=0.22,did=1dcNca4J) [Wed Feb 12 09:36:46 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=649,from_cache=1,grep=1,rtt=0.14,did=05y5ElBs) [Wed Feb 12 09:36:46 2020 - debug] "http://localhost:9090/learn" (id:649, code:200, len:10863, did:05y5ElBs) is NOT a 404 [URL 404 cache] [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/" [Wed Feb 12 09:36:46 2020 - debug] http_in_body.grep(uri="http://localhost:9090/execute.xml") took 0.33s to run [Wed Feb 12 09:36:46 2020 - debug] form_cleartext_password.grep(uri="http://localhost:9090/execute.xml") took 0.19s to run [Wed Feb 12 09:36:46 2020 - debug] clamav.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] html_comments.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] strange_parameters.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] url_session.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] dot_net_event_validation.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] objects.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] error_500.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] meta_tags.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] password_profiling.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] click_jacking.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] directory_indexing.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] "http://localhost:9090/learn" (id:649, code:200, len:10863, did:05y5ElBs) is NOT a 404 [URL 404 cache] [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a9_vuln_component" [Wed Feb 12 09:36:46 2020 - debug] http_auth_detect.grep(uri="http://localhost:9090/execute.xml") took 0.01s to run [Wed Feb 12 09:36:46 2020 - debug] lang.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] hash_analysis.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] error_pages.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] strange_reason.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] content_sniffing.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] user_defined_regex.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] cache_control.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] strange_headers.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] ssn.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] oracle.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] feeds.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] analyze_cookies.grep(uri="http://localhost:9090/execute.xml") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] get_emails.grep(uri="http://localhost:9090/robots.txt") took 0.55s to run [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/assets/showdown.min.js" [Wed Feb 12 09:36:46 2020 - debug] web_spider will ignore maxcdn.bootstrapcdn.com (different domain name) [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/logout" [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a7_xss" [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a3_sensitive_data" [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" [Wed Feb 12 09:36:46 2020 - debug] form_autocomplete.grep(uri="http://localhost:9090/execute.xml") took 0.19s to run [Wed Feb 12 09:36:46 2020 - debug] The framework has 115 active threads. [Wed Feb 12 09:36:46 2020 - debug] symfony.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] cross_domain_js.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" [Wed Feb 12 09:36:46 2020 - debug] wsdl_greper.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] expect_ct.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] svn_users.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] xss_protection_header.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] private_ip.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] motw.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] meta_generator.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a5_broken_access_control" [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" [Wed Feb 12 09:36:46 2020 - debug] file_upload.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] code_disclosure.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a4_xxe" [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" [Wed Feb 12 09:36:46 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" [Wed Feb 12 09:36:47 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=121 returned HTTP code "200" (id=650,from_cache=0,grep=0,rtt=0.60,did=DHo2BgDS) [Wed Feb 12 09:36:47 2020 - debug] http_in_body.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.14s to run [Wed Feb 12 09:36:47 2020 - debug] web_spider will ignore cdnjs.cloudflare.com (different domain name) [Wed Feb 12 09:36:47 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/ax_redirect" [Wed Feb 12 09:36:47 2020 - debug] form_cleartext_password.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.10s to run [Wed Feb 12 09:36:47 2020 - debug] Unknown post-data. Content-type: "None" and/or post-data "" [Wed Feb 12 09:36:47 2020 - debug] serialized_object.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] blank_body.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] path_disclosure.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] strange_http_codes.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] credit_cards.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] websockets_links.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] csp.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] dom_xss.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a2_broken_auth" [Wed Feb 12 09:36:47 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" [Wed Feb 12 09:36:47 2020 - debug] strict_transport_security.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] keys.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] form_autocomplete.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.01s to run [Wed Feb 12 09:36:47 2020 - debug] clamav.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] html_comments.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.01s to run [Wed Feb 12 09:36:47 2020 - debug] http_auth_detect.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] strange_parameters.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] url_session.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] web_spider will ignore maxcdn.bootstrapcdn.com (different domain name) [Wed Feb 12 09:36:47 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.00 seconds [Wed Feb 12 09:36:47 2020 - debug] dot_net_event_validation.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] objects.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] error_500.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] meta_tags.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] password_profiling.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] click_jacking.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] directory_indexing.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] lang.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] vulners_db.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.09s to run [Wed Feb 12 09:36:47 2020 - debug] hash_analysis.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] localhost:9090 connection pool stats (free:46 / in_use:4 / max:50 / total:50) [Wed Feb 12 09:36:47 2020 - debug] Connections with more in use time: (7b389725bee04a75, 0.06 sec) (f5adb0c09c70ca09, 0.03 sec) (450aace75c9d8a42, 0.00 sec) (955b76b517b2a7f0, 0.00 sec) [Wed Feb 12 09:36:47 2020 - debug] error_pages.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.09s to run [Wed Feb 12 09:36:47 2020 - debug] strange_reason.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] content_sniffing.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] user_defined_regex.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] cache_control.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] strange_headers.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] ssn.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] oracle.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] feeds.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] analyze_cookies.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 0.12s to run [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/ax_csrf returned HTTP code "200" (id=656,from_cache=0,grep=0,rtt=0.19,did=c6eOd1QS) [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/logout returned HTTP code "302" (id=652,from_cache=0,grep=0,rtt=0.18,did=4lQv6SI2) [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/a6_sec_misconf returned HTTP code "200" (id=660,from_cache=0,grep=0,rtt=0.51,did=x4kN16FS) [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/assets/fa/css/font-awesome.min.css returned HTTP code "200" (id=659,from_cache=0,grep=0,rtt=0.48,did=xjKuwIMb) [Wed Feb 12 09:36:47 2020 - debug] symfony.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/a2_broken_auth returned HTTP code "200" (id=654,from_cache=0,grep=0,rtt=0.22,did=8jRSCZB8) [Wed Feb 12 09:36:47 2020 - debug] file_upload.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] wsdl_greper.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] cross_domain_js.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=653,from_cache=0,grep=0,rtt=0.18,did=9FcxdkON) [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/assets/jquery-3.2.1.min.js returned HTTP code "200" (id=661,from_cache=0,grep=0,rtt=0.51,did=4RM8zRUE) [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/a9_vuln_component returned HTTP code "200" (id=651,from_cache=0,grep=0,rtt=0.17,did=h29ArWWf) [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=664,from_cache=1,grep=0,rtt=0.33,did=Yec3p6Ss) [Wed Feb 12 09:36:47 2020 - debug] "http://localhost:9090/" (id:664, code:302, len:28, did:Yec3p6Ss) is NOT a 404 [URL 404 cache] [Wed Feb 12 09:36:47 2020 - debug] [web_spider] Found new link "http://localhost:9090/" at "http://localhost:9090/learn" [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/assets/showdown.min.js returned HTTP code "200" (id=657,from_cache=0,grep=0,rtt=0.35,did=Gg81hhye) [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/a3_sensitive_data returned HTTP code "200" (id=658,from_cache=0,grep=0,rtt=0.35,did=DyXZ1s5f) [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/a10_logging returned HTTP code "200" (id=662,from_cache=0,grep=0,rtt=0.49,did=Ld2pW7G8) [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/a8_ides returned HTTP code "200" (id=665,from_cache=0,grep=0,rtt=0.61,did=ljCizzbr) [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/a4_xxe returned HTTP code "200" (id=663,from_cache=0,grep=0,rtt=0.59,did=YebHoXmn) [Wed Feb 12 09:36:47 2020 - debug] get_emails.grep(uri="http://localhost:9090/execute.xml") took 1.16s to run [Wed Feb 12 09:36:47 2020 - debug] expect_ct.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] svn_users.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] xss_protection_header.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] Finished CSV parsing. [Wed Feb 12 09:36:47 2020 - debug] phishtank.discover(did="oGBZG4EY",uri="http://localhost:9090/") took 9.65s to run [Wed Feb 12 09:36:47 2020 - debug] private_ip.grep(uri="http://localhost:9090/gears_config") took 0.04s to run [Wed Feb 12 09:36:47 2020 - debug] motw.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] meta_generator.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] "http://localhost:9090/logout" (id:652, code:302, len:23, did:4lQv6SI2) is NOT a 404 [known 404 with ID 359 uses 404 code] [Wed Feb 12 09:36:47 2020 - debug] [web_spider] Found new link "http://localhost:9090/logout" at "http://localhost:9090/learn" [Wed Feb 12 09:36:47 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/" [Wed Feb 12 09:36:47 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/" [Wed Feb 12 09:36:47 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/" [Wed Feb 12 09:36:47 2020 - debug] oracle_discovery.discover(http://localhost:9090/learn, did=DaSPQE8G) [Wed Feb 12 09:36:47 2020 - debug] [oracle_discovery] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:47 2020 - debug] The crawl plugin: "oracle_discovery" wont be run anymore. [Wed Feb 12 09:36:47 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:47 2020 - debug] Calling oracle_discovery.end() [Wed Feb 12 09:36:47 2020 - debug] Spent 0.00 seconds running oracle_discovery.end() [Wed Feb 12 09:36:47 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:47 2020 - debug] oracle_discovery.discover(did="DaSPQE8G",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/a5_broken_access_control returned HTTP code "200" (id=667,from_cache=0,grep=0,rtt=0.68,did=Frjg2cpp) [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/ax_redirect returned HTTP code "200" (id=655,from_cache=0,grep=0,rtt=0.19,did=BVoRaRJQ) [Wed Feb 12 09:36:47 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/logout" [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/a7_xss returned HTTP code "200" (id=666,from_cache=0,grep=0,rtt=0.42,did=LsySxjqV) [Wed Feb 12 09:36:47 2020 - debug] wsdl_finder.discover(http://localhost:9090/learn, did=GeQ6rgaX) [Wed Feb 12 09:36:47 2020 - debug] [wsdl_finder] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:47 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/logout" [Wed Feb 12 09:36:47 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/logout" [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=668,from_cache=0,grep=1,rtt=0.14,did=8EiGmNHP) [Wed Feb 12 09:36:47 2020 - debug] http_in_body.grep(uri="http://localhost:9090/gears_config") took 0.49s to run [Wed Feb 12 09:36:47 2020 - debug] code_disclosure.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=669,from_cache=0,grep=0,rtt=0.06,did=iTVaZDJb) [Wed Feb 12 09:36:47 2020 - debug] file_upload.audit(did="dLX02iYh", uri="http://localhost:9090/") [Wed Feb 12 09:36:47 2020 - debug] file_upload.audit(did="dLX02iYh",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] form_cleartext_password.grep(uri="http://localhost:9090/gears_config") took 0.09s to run [Wed Feb 12 09:36:47 2020 - debug] Unknown post-data. Content-type: "None" and/or post-data "" [Wed Feb 12 09:36:47 2020 - debug] serialized_object.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] blank_body.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] path_disclosure.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] strange_http_codes.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] credit_cards.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] websockets_links.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] csp.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] dom_xss.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] vulners_db.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] strict_transport_security.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] keys.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn?wsdl= returned HTTP code "200" (id=670,from_cache=0,grep=1,rtt=0.12,did=Y9PbGOxu) [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn?WSDL= returned HTTP code "200" (id=671,from_cache=0,grep=1,rtt=0.09,did=0vGvIbRj) [Wed Feb 12 09:36:47 2020 - debug] wsdl_finder.discover(did="GeQ6rgaX",uri="http://localhost:9090/learn") took 0.34s to run [Wed Feb 12 09:36:47 2020 - debug] wordpress_enumerate_users.discover(http://localhost:9090/learn, did=oVtR6jzI) [Wed Feb 12 09:36:47 2020 - debug] [wordpress_enumerate_users] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:47 2020 - debug] GET http://localhost:9090/learn/vulnerability/xa_crsf returned HTTP code "404" (id=672,from_cache=0,grep=0,rtt=0.10,did=c6eOd1QS) [Wed Feb 12 09:36:47 2020 - debug] Received response for 404 URL http://localhost:9090/learn/vulnerability/xa_crsf (id:672, did:c6eOd1QS, len:3) [Wed Feb 12 09:36:47 2020 - debug] form_autocomplete.grep(uri="http://localhost:9090/gears_config") took 0.15s to run [Wed Feb 12 09:36:47 2020 - debug] clamav.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] csrf.audit(did="NWeojpu9", uri="http://localhost:9090/") [Wed Feb 12 09:36:47 2020 - debug] deserialization.audit(did="7ztA14Kv", uri="http://localhost:9090/") [Wed Feb 12 09:36:47 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:47 2020 - debug] html_comments.grep(uri="http://localhost:9090/gears_config") took 0.04s to run [Wed Feb 12 09:36:47 2020 - debug] csrf.audit(did="NWeojpu9",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] deserialization.audit(did="7ztA14Kv",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:47 2020 - debug] os_commanding.audit(did="Qt8Ly2EY", uri="http://localhost:9090/") [Wed Feb 12 09:36:47 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:48 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:Qt8Ly2EY) [Wed Feb 12 09:36:48 2020 - debug] lfi.audit(did="P4IA1pnS", uri="http://localhost:9090/") [Wed Feb 12 09:36:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:48 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:P4IA1pnS) [Wed Feb 12 09:36:48 2020 - debug] GET http://localhost:9090/assets/qjueyr-3.2.1.min.js returned HTTP code "404" (id=675,from_cache=0,grep=0,rtt=0.06,did=4RM8zRUE) [Wed Feb 12 09:36:48 2020 - debug] Received response for 404 URL http://localhost:9090/assets/qjueyr-3.2.1.min.js (id:675, did:4RM8zRUE, len:165) [Wed Feb 12 09:36:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:48 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=131 returned HTTP code "200" (id=673,from_cache=0,grep=0,rtt=0.90,did=GKredvSk) [Wed Feb 12 09:36:48 2020 - debug] GET http://localhost:9090/assets/fa/css/ofnt-awesome.min.css returned HTTP code "404" (id=674,from_cache=0,grep=0,rtt=0.14,did=xjKuwIMb) [Wed Feb 12 09:36:48 2020 - debug] Received response for 404 URL http://localhost:9090/assets/fa/css/ofnt-awesome.min.css (id:674, did:xjKuwIMb, len:173) [Wed Feb 12 09:36:48 2020 - debug] lfi.audit(did="P4IA1pnS",uri="http://localhost:9090/") took 0.05s to run [Wed Feb 12 09:36:48 2020 - debug] http_auth_detect.grep(uri="http://localhost:9090/gears_config") took 0.17s to run [Wed Feb 12 09:36:48 2020 - debug] sqli.audit(did="4ggxbRQy", uri="http://localhost:9090/") [Wed Feb 12 09:36:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:48 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:4ggxbRQy) [Wed Feb 12 09:36:48 2020 - debug] os_commanding.audit(did="Qt8Ly2EY",uri="http://localhost:9090/") took 0.17s to run [Wed Feb 12 09:36:48 2020 - debug] strange_parameters.grep(uri="http://localhost:9090/gears_config") took 0.03s to run [Wed Feb 12 09:36:48 2020 - debug] "http://localhost:9090/learn/vulnerability/ax_csrf" (id:656, code:200, len:7712, did:c6eOd1QS) is NOT a 404 [known 404 with ID 672 uses 404 code] [Wed Feb 12 09:36:48 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn/vulnerability/ax_csrf" at "http://localhost:9090/learn" [Wed Feb 12 09:36:48 2020 - debug] url_session.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] dot_net_event_validation.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] objects.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] error_500.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] meta_tags.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" [Wed Feb 12 09:36:48 2020 - debug] blind_sqli.audit(did="qm4FiaGc", uri="http://localhost:9090/") [Wed Feb 12 09:36:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:48 2020 - debug] blind_sqli.audit(did="qm4FiaGc",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] sqli.audit(did="4ggxbRQy",uri="http://localhost:9090/") took 0.03s to run [Wed Feb 12 09:36:48 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" [Wed Feb 12 09:36:48 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn/vulnerability/ax_csrf" [Wed Feb 12 09:36:48 2020 - debug] get_emails.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 1.75s to run [Wed Feb 12 09:36:48 2020 - debug] click_jacking.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] directory_indexing.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] lang.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] password_profiling.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] hash_analysis.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] phishing_vector.audit(did="JZoPrIjy", uri="http://localhost:9090/") [Wed Feb 12 09:36:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:48 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:JZoPrIjy) [Wed Feb 12 09:36:48 2020 - debug] Waited 0.99 seconds in PreventMultipleThreads for event 140100600451792 and normalized path http://localhost:9090/learn/vulnerability/filename (did:ljCizzbr) [Wed Feb 12 09:36:48 2020 - debug] Waited 0.92 seconds in PreventMultipleThreads for event 140100600451792 and normalized path http://localhost:9090/learn/vulnerability/filename (did:Ld2pW7G8) [Wed Feb 12 09:36:48 2020 - debug] Waited 0.99 seconds in PreventMultipleThreads for event 140100600451792 and normalized path http://localhost:9090/learn/vulnerability/filename (did:YebHoXmn) [Wed Feb 12 09:36:48 2020 - debug] Waited 0.89 seconds in PreventMultipleThreads for event 140100600451792 and normalized path http://localhost:9090/learn/vulnerability/filename (did:Frjg2cpp) [Wed Feb 12 09:36:48 2020 - debug] Waited 1.07 seconds in PreventMultipleThreads for event 140100600451792 and normalized path http://localhost:9090/learn/vulnerability/filename (did:9FcxdkON) [Wed Feb 12 09:36:48 2020 - debug] Waited 1.03 seconds in PreventMultipleThreads for event 140100600451792 and normalized path http://localhost:9090/learn/vulnerability/filename (did:DyXZ1s5f) [Wed Feb 12 09:36:48 2020 - debug] Waited 0.82 seconds in PreventMultipleThreads for event 140100600451792 and normalized path http://localhost:9090/learn/vulnerability/filename (did:LsySxjqV) [Wed Feb 12 09:36:48 2020 - debug] Waited 1.03 seconds in PreventMultipleThreads for event 140100600451792 and normalized path http://localhost:9090/learn/vulnerability/filename (did:x4kN16FS) [Wed Feb 12 09:36:48 2020 - debug] Waited 0.81 seconds in PreventMultipleThreads for event 140100600451792 and normalized path http://localhost:9090/learn/vulnerability/filename (did:BVoRaRJQ) [Wed Feb 12 09:36:48 2020 - debug] Waited 1.05 seconds in PreventMultipleThreads for event 140100600451792 and normalized path http://localhost:9090/learn/vulnerability/filename (did:h29ArWWf) [Wed Feb 12 09:36:48 2020 - debug] Waited 1.13 seconds in PreventMultipleThreads for event 140100600451792 and normalized path http://localhost:9090/learn/vulnerability/filename (did:8jRSCZB8) [Wed Feb 12 09:36:48 2020 - debug] "http://localhost:9090/assets/jquery-3.2.1.min.js" (id:661, code:200, len:86659, did:4RM8zRUE) is NOT a 404 [known 404 with ID 675 uses 404 code] [Wed Feb 12 09:36:48 2020 - debug] [web_spider] Found new link "http://localhost:9090/assets/jquery-3.2.1.min.js" at "http://localhost:9090/learn" [Wed Feb 12 09:36:48 2020 - debug] error_pages.grep(uri="http://localhost:9090/gears_config") took 0.03s to run [Wed Feb 12 09:36:48 2020 - debug] strange_reason.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] content_sniffing.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] user_defined_regex.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] cache_control.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] strange_headers.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] ssn.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] oracle.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] feeds.grep(uri="http://localhost:9090/gears_config") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" [Wed Feb 12 09:36:48 2020 - debug] generic.audit(did="iQTkWxZ2", uri="http://localhost:9090/") [Wed Feb 12 09:36:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:48 2020 - debug] generic.audit(did="iQTkWxZ2",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:48 2020 - debug] format_string.audit(did="HpetVAIl", uri="http://localhost:9090/") [Wed Feb 12 09:36:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:48 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:HpetVAIl) [Wed Feb 12 09:36:48 2020 - debug] Finished audit.phishing_vector (did=JZoPrIjy) [Wed Feb 12 09:36:48 2020 - debug] phishing_vector.audit(did="JZoPrIjy",uri="http://localhost:9090/") took 0.06s to run [Wed Feb 12 09:36:48 2020 - debug] analyze_cookies.grep(uri="http://localhost:9090/gears_config") took 0.02s to run [Wed Feb 12 09:36:48 2020 - debug] Waited 1.08 seconds in PreventMultipleThreads for event 140100600454544 and normalized path http://localhost:9090/assets/filename.js (did:Gg81hhye) [Wed Feb 12 09:36:48 2020 - debug] "http://localhost:9090/assets/showdown.min.js" (id:657, code:200, len:37529, did:Gg81hhye) is NOT a 404 [known 404 with ID 675 uses 404 code] [Wed Feb 12 09:36:48 2020 - debug] [web_spider] Found new link "http://localhost:9090/assets/showdown.min.js" at "http://localhost:9090/learn" [Wed Feb 12 09:36:48 2020 - debug] Worker with ID GrepWorker(XRNlNlu5) has been running job 11 for 32.45 seconds. The job is: _run_one_plugin('retirejs', 25, kwargs={}) [Wed Feb 12 09:36:49 2020 - debug] Worker with ID GrepWorker(SyXCPA2t) has been running job 326 for 25.27 seconds. The job is: _run_one_plugin('retirejs', 35, kwargs={}) [Wed Feb 12 09:36:49 2020 - debug] Worker with ID GrepWorker(2XKnj13Q) has been running job 251 for 29.13 seconds. The job is: _run_one_plugin('retirejs', 33, kwargs={}) [Wed Feb 12 09:36:49 2020 - debug] Worker with ID GrepWorker(qExgSbEO) has been running job 81 for 31.54 seconds. The job is: _run_one_plugin('retirejs', 31, kwargs={}) [Wed Feb 12 09:36:49 2020 - debug] Worker with ID GrepWorker(MDWE44QH) has been running job 161 for 30.88 seconds. The job is: _run_one_plugin('retirejs', 32, kwargs={}) [Wed Feb 12 09:36:49 2020 - debug] 0% of GrepWorker workers are idle. [Wed Feb 12 09:36:49 2020 - debug] GrepWorker worker pool internal thread state: (worker: True, task: True, result: True) [Wed Feb 12 09:36:49 2020 - debug] GrepWorker worker pool has 29 tasks in inqueue and 0 tasks in outqueue [Wed Feb 12 09:36:49 2020 - debug] "http://localhost:9090/learn/vulnerability/a1_injection" (id:653, code:200, len:9025, did:9FcxdkON) is NOT a 404 [known 404 with ID 672 uses 404 code] [Wed Feb 12 09:36:49 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn/vulnerability/a1_injection" at "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] "http://localhost:9090/assets/fa/css/font-awesome.min.css" (id:659, code:200, len:31000, did:xjKuwIMb) is NOT a 404 [known 404 with ID 674 uses 404 code] [Wed Feb 12 09:36:49 2020 - debug] [web_spider] Found new link "http://localhost:9090/assets/fa/css/font-awesome.min.css" at "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" [Wed Feb 12 09:36:49 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/assets/jquery-3.2.1.min.js" [Wed Feb 12 09:36:49 2020 - debug] format_string.audit(did="HpetVAIl",uri="http://localhost:9090/") took 0.18s to run [Wed Feb 12 09:36:49 2020 - debug] symfony.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] websocket_hijacking.audit(did="AeSLAQDy", uri="http://localhost:9090/") [Wed Feb 12 09:36:49 2020 - debug] "http://localhost:9090/learn/vulnerability/a8_ides" (id:665, code:200, len:7751, did:ljCizzbr) is NOT a 404 [known 404 with ID 672 uses 404 code] [Wed Feb 12 09:36:49 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn/vulnerability/a8_ides" at "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] "http://localhost:9090/learn/vulnerability/a6_sec_misconf" (id:660, code:200, len:7894, did:x4kN16FS) is NOT a 404 [known 404 with ID 672 uses 404 code] [Wed Feb 12 09:36:49 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn/vulnerability/a6_sec_misconf" at "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] GET http://localhost:9090/wp-login.php returned HTTP code "404" (id=676,from_cache=1,grep=1,rtt=0.18,did=EHfB6vGq) [Wed Feb 12 09:36:49 2020 - debug] wordpress_enumerate_users.discover(did="oVtR6jzI",uri="http://localhost:9090/learn") took 0.63s to run [Wed Feb 12 09:36:49 2020 - debug] file_upload.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] wsdl_greper.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] cross_domain_js.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] shell_shock.audit(did="9t6TKqxp", uri="http://localhost:9090/") [Wed Feb 12 09:36:49 2020 - debug] shell_shock.audit(did="9t6TKqxp",uri="http://localhost:9090/") took 0.07s to run [Wed Feb 12 09:36:49 2020 - debug] web_diff.discover(http://localhost:9090/learn, did=ZsheXhMa) [Wed Feb 12 09:36:49 2020 - debug] [web_diff] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] The crawl plugin: "web_diff" wont be run anymore. [Wed Feb 12 09:36:49 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:49 2020 - debug] Calling web_diff.end() [Wed Feb 12 09:36:49 2020 - debug] Spent 0.00 seconds running web_diff.end() [Wed Feb 12 09:36:49 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:49 2020 - debug] web_diff.discover(did="ZsheXhMa",uri="http://localhost:9090/learn") took 0.05s to run [Wed Feb 12 09:36:49 2020 - debug] dwsync_xml.discover(http://localhost:9090/learn, did=4scT6djx) [Wed Feb 12 09:36:49 2020 - debug] "http://localhost:9090/learn/vulnerability/a10_logging" (id:662, code:200, len:7708, did:Ld2pW7G8) is NOT a 404 [known 404 with ID 672 uses 404 code] [Wed Feb 12 09:36:49 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn/vulnerability/a10_logging" at "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] Worker with ID CrawlInfraWorker(ZoPbaL8U) has been running job 155 for 28.17 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:36:49 2020 - debug] Worker with ID CrawlInfraWorker(SVfxFVXP) has been running job 54 for 32.19 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:36:49 2020 - debug] Worker with ID CrawlInfraWorker(N5yqeDHB) has been running job 247 for 16.59 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:36:49 2020 - debug] Worker with ID CrawlInfraWorker(1i39mCZz) has been running job 127 for 31.20 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:36:49 2020 - debug] 0% of CrawlInfraWorker workers are idle. [Wed Feb 12 09:36:49 2020 - debug] CrawlInfraWorker worker pool internal thread state: (worker: True, task: True, result: True) [Wed Feb 12 09:36:49 2020 - debug] CrawlInfraWorker worker pool has 87 tasks in inqueue and 0 tasks in outqueue [Wed Feb 12 09:36:49 2020 - debug] memcachei.audit(did="Oqka5UlV", uri="http://localhost:9090/") [Wed Feb 12 09:36:49 2020 - debug] "http://localhost:9090/learn/vulnerability/a7_xss" (id:666, code:200, len:8405, did:LsySxjqV) is NOT a 404 [known 404 with ID 672 uses 404 code] [Wed Feb 12 09:36:49 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn/vulnerability/a7_xss" at "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] websocket_hijacking.audit(did="AeSLAQDy",uri="http://localhost:9090/") took 0.18s to run [Wed Feb 12 09:36:49 2020 - debug] "http://localhost:9090/learn/vulnerability/a9_vuln_component" (id:651, code:200, len:7680, did:h29ArWWf) is NOT a 404 [known 404 with ID 672 uses 404 code] [Wed Feb 12 09:36:49 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn/vulnerability/a9_vuln_component" at "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] "http://localhost:9090/learn/vulnerability/ax_redirect" (id:655, code:200, len:8006, did:BVoRaRJQ) is NOT a 404 [known 404 with ID 672 uses 404 code] [Wed Feb 12 09:36:49 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn/vulnerability/ax_redirect" at "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] "http://localhost:9090/learn/vulnerability/a4_xxe" (id:663, code:200, len:7753, did:YebHoXmn) is NOT a 404 [known 404 with ID 672 uses 404 code] [Wed Feb 12 09:36:49 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn/vulnerability/a4_xxe" at "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] "http://localhost:9090/learn/vulnerability/a2_broken_auth" (id:654, code:200, len:8073, did:8jRSCZB8) is NOT a 404 [known 404 with ID 672 uses 404 code] [Wed Feb 12 09:36:49 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn/vulnerability/a2_broken_auth" at "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] "http://localhost:9090/learn/vulnerability/a3_sensitive_data" (id:658, code:200, len:7596, did:DyXZ1s5f) is NOT a 404 [known 404 with ID 672 uses 404 code] [Wed Feb 12 09:36:49 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn/vulnerability/a3_sensitive_data" at "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] un_ssl.audit(did="MdsoJB4Q", uri="http://localhost:9090/") [Wed Feb 12 09:36:49 2020 - debug] un_ssl.audit(did="MdsoJB4Q",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] ldapi.audit(did="5uFSWhBr", uri="http://localhost:9090/") [Wed Feb 12 09:36:49 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:49 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:5uFSWhBr) [Wed Feb 12 09:36:49 2020 - debug] ldapi.audit(did="5uFSWhBr",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] [dwsync_xml] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:49 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:Oqka5UlV) [Wed Feb 12 09:36:49 2020 - debug] memcachei.audit(did="Oqka5UlV",uri="http://localhost:9090/") took 0.03s to run [Wed Feb 12 09:36:49 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/assets/showdown.min.js" [Wed Feb 12 09:36:49 2020 - debug] buffer_overflow.audit(did="4UcNDTIS", uri="http://localhost:9090/") [Wed Feb 12 09:36:49 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:49 2020 - debug] buffer_overflow.audit(did="4UcNDTIS",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] dwsync_xml.discover(did="4scT6djx",uri="http://localhost:9090/learn") took 0.03s to run [Wed Feb 12 09:36:49 2020 - debug] pykto.discover(http://localhost:9090/learn, did=VJ73KdNn) [Wed Feb 12 09:36:49 2020 - debug] [pykto] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/assets/showdown.min.js" [Wed Feb 12 09:36:49 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/assets/showdown.min.js" [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(eMhX1dy3) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(3HgRKqCq) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(RS6zy0nZ) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(whAWjF5Q) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(p3bZx5th) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(mwQseZLi) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(u4CMgyf5) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(lqDVDrY6) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(YRnW4V5x) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(9LzJerur) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(Yp99VOAc) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(73gUt3um) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(aMdmLsMM) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(bFvnueBw) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(V38wAU0X) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(vNYdoIKY) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(utuu6VyV) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(qKs3BqVS) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(sa3y32hF) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(96tThiDl) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(HSlHQom7) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(j9e6gcyy) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(7QcPqyOP) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(xqAjnjWF) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(VTA88WOg) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(ZBIlH6v6) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(zGkah99j) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(kzsDlYwX) is idle. [Wed Feb 12 09:36:49 2020 - debug] Worker with ID WorkerThread(hGEbXfwZ) is idle. [Wed Feb 12 09:36:49 2020 - debug] 93% of WorkerThread workers are idle. [Wed Feb 12 09:36:49 2020 - debug] Worker worker pool internal thread state: (worker: True, task: True, result: True) [Wed Feb 12 09:36:49 2020 - debug] Worker worker pool has 0 tasks in inqueue and 0 tasks in outqueue [Wed Feb 12 09:36:49 2020 - debug] redos.audit(did="3JZzf27w", uri="http://localhost:9090/") [Wed Feb 12 09:36:49 2020 - debug] pykto.discover(did="VJ73KdNn",uri="http://localhost:9090/learn") took 0.14s to run [Wed Feb 12 09:36:49 2020 - debug] "http://localhost:9090/learn/vulnerability/a5_broken_access_control" (id:667, code:200, len:7638, did:Frjg2cpp) is NOT a 404 [known 404 with ID 672 uses 404 code] [Wed Feb 12 09:36:49 2020 - debug] [web_spider] Found new link "http://localhost:9090/learn/vulnerability/a5_broken_access_control" at "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] web_spider.discover(did="AnpPqF7F",uri="http://localhost:9090/learn") took 3.13s to run [Wed Feb 12 09:36:49 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" [Wed Feb 12 09:36:49 2020 - debug] http_in_body.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.36s to run [Wed Feb 12 09:36:49 2020 - debug] global_redirect.audit(did="k6XzK66x", uri="http://localhost:9090/") [Wed Feb 12 09:36:49 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:49 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:k6XzK66x) [Wed Feb 12 09:36:49 2020 - debug] wordpress_fullpathdisclosure.discover(http://localhost:9090/learn, did=zIn3MQ02) [Wed Feb 12 09:36:49 2020 - debug] [wordpress_fullpathdisclosure] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] expect_ct.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] svn_users.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] xss_protection_header.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] private_ip.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] motw.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] meta_generator.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:49 2020 - debug] xpath.audit(did="qSP55Kgj", uri="http://localhost:9090/") [Wed Feb 12 09:36:49 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:49 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:qSP55Kgj) [Wed Feb 12 09:36:49 2020 - debug] phishtank.discover(http://localhost:9090/learn, did=wY45gyJ3) [Wed Feb 12 09:36:49 2020 - debug] [phishtank] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:49 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:49 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:49 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:k6XzK66x) [Wed Feb 12 09:36:49 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" [Wed Feb 12 09:36:49 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn/vulnerability/a1_injection" [Wed Feb 12 09:36:49 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" [Wed Feb 12 09:36:49 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=141 returned HTTP code "200" (id=677,from_cache=0,grep=0,rtt=0.40,did=as5IyxuJ) [Wed Feb 12 09:36:49 2020 - debug] xpath.audit(did="qSP55Kgj",uri="http://localhost:9090/") took 0.04s to run [Wed Feb 12 09:36:49 2020 - debug] Using a supported retirejs version [Wed Feb 12 09:36:49 2020 - debug] cors_origin.audit(did="xjWOnc8B", uri="http://localhost:9090/") [Wed Feb 12 09:36:49 2020 - debug] GET http://localhost:9090/api/1.0/swagger.json returned HTTP code "404" (id=601,from_cache=0,grep=1,rtt=0.19,did=c0UiZ8h7) [Wed Feb 12 09:36:49 2020 - debug] The crawl plugin: "phishtank" wont be run anymore. [Wed Feb 12 09:36:49 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:49 2020 - debug] Calling phishtank.end() [Wed Feb 12 09:36:49 2020 - debug] Spent 0.00 seconds running phishtank.end() [Wed Feb 12 09:36:49 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:49 2020 - debug] global_redirect.audit(did="k6XzK66x",uri="http://localhost:9090/") took 0.08s to run [Wed Feb 12 09:36:49 2020 - debug] redos.audit(did="3JZzf27w",uri="http://localhost:9090/") took 0.26s to run [Wed Feb 12 09:36:49 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" [Wed Feb 12 09:36:49 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/assets/fa/css/font-awesome.min.css" [Wed Feb 12 09:36:50 2020 - debug] htaccess_methods.audit(did="Swy1l0PR", uri="http://localhost:9090/") [Wed Feb 12 09:36:50 2020 - debug] phishtank.discover(did="wY45gyJ3",uri="http://localhost:9090/learn") took 0.13s to run [Wed Feb 12 09:36:50 2020 - debug] digit_sum.discover(http://localhost:9090/learn, did=BxlEKrE6) [Wed Feb 12 09:36:50 2020 - debug] [digit_sum] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:50 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" [Wed Feb 12 09:36:50 2020 - debug] get_emails.grep(uri="http://localhost:9090/gears_config") took 0.92s to run [Wed Feb 12 09:36:50 2020 - debug] code_disclosure.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] dav.audit(did="L72raXXO", uri="http://localhost:9090/") [Wed Feb 12 09:36:50 2020 - debug] find_captchas.discover(did="4HoQUTsr",uri="http://localhost:9090/learn") took 3.43s to run [Wed Feb 12 09:36:50 2020 - debug] htaccess_methods.audit(did="Swy1l0PR",uri="http://localhost:9090/") took 0.09s to run [Wed Feb 12 09:36:50 2020 - debug] xxe.audit(did="byvMHnzt", uri="http://localhost:9090/") [Wed Feb 12 09:36:50 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:50 2020 - debug] ssi.audit(did="N63N36kN", uri="http://localhost:9090/") [Wed Feb 12 09:36:50 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=678,from_cache=0,grep=1,rtt=0.05,did=xjWOnc8B) [Wed Feb 12 09:36:50 2020 - debug] open_api.discover(http://localhost:9090/learn, did=QkhjpaUC) [Wed Feb 12 09:36:50 2020 - debug] [open_api] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:50 2020 - debug] GET http://localhost:9090/wp-login.php returned HTTP code "404" (id=679,from_cache=1,grep=1,rtt=0.18,did=nvimOpcW) [Wed Feb 12 09:36:50 2020 - debug] wordpress_fullpathdisclosure.discover(did="zIn3MQ02",uri="http://localhost:9090/learn") took 0.38s to run [Wed Feb 12 09:36:50 2020 - debug] dot_ds_store.discover(http://localhost:9090/learn, did=4eFYxGuO) [Wed Feb 12 09:36:50 2020 - debug] [dot_ds_store] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:50 2020 - debug] dav.audit(did="L72raXXO",uri="http://localhost:9090/") took 0.05s to run [Wed Feb 12 09:36:50 2020 - debug] form_cleartext_password.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.08s to run [Wed Feb 12 09:36:50 2020 - debug] Unknown post-data. Content-type: "None" and/or post-data "" [Wed Feb 12 09:36:50 2020 - debug] serialized_object.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] blank_body.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] path_disclosure.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] strange_http_codes.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] credit_cards.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] websockets_links.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] csp.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] dom_xss.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] vulners_db.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] strict_transport_security.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] keys.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] Worker with ID AuditorWorker(Nl4i0Dmr) is idle. [Wed Feb 12 09:36:50 2020 - debug] Worker with ID AuditorWorker(3lIHqMdP) is idle. [Wed Feb 12 09:36:50 2020 - debug] Worker with ID AuditorWorker(VHimOIct) is idle. [Wed Feb 12 09:36:50 2020 - debug] Worker with ID AuditorWorker(AAwzqj5O) is idle. [Wed Feb 12 09:36:50 2020 - debug] Worker with ID AuditorWorker(OFMDNz5i) is idle. [Wed Feb 12 09:36:50 2020 - debug] Worker with ID AuditorWorker(Rim1zDwH) is idle. [Wed Feb 12 09:36:50 2020 - debug] Worker with ID AuditorWorker(E71iJb08) is idle. [Wed Feb 12 09:36:50 2020 - debug] 70% of AuditorWorker workers are idle. [Wed Feb 12 09:36:50 2020 - debug] AuditorWorker worker pool internal thread state: (worker: True, task: True, result: True) [Wed Feb 12 09:36:50 2020 - debug] AuditorWorker worker pool has 0 tasks in inqueue and 2 tasks in outqueue [Wed Feb 12 09:36:50 2020 - debug] eval.audit(did="T5lp5tZk", uri="http://localhost:9090/") [Wed Feb 12 09:36:50 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:50 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:T5lp5tZk) [Wed Feb 12 09:36:50 2020 - debug] xxe.audit(did="byvMHnzt",uri="http://localhost:9090/") took 0.05s to run [Wed Feb 12 09:36:50 2020 - debug] rosetta_flash.audit(did="wtsyG9G4", uri="http://localhost:9090/") [Wed Feb 12 09:36:50 2020 - debug] rosetta_flash.audit(did="wtsyG9G4",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" [Wed Feb 12 09:36:50 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn/vulnerability/a8_ides" [Wed Feb 12 09:36:50 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" [Wed Feb 12 09:36:50 2020 - debug] xss.audit(did="80jdUz7d", uri="http://localhost:9090/") [Wed Feb 12 09:36:50 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:50 2020 - debug] xss.audit(did="80jdUz7d",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=680,from_cache=0,grep=1,rtt=0.07,did=HzT1L92x) [Wed Feb 12 09:36:50 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" [Wed Feb 12 09:36:50 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn/vulnerability/a6_sec_misconf" [Wed Feb 12 09:36:50 2020 - debug] form_autocomplete.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.10s to run [Wed Feb 12 09:36:50 2020 - debug] clamav.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] html_comments.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.08s to run [Wed Feb 12 09:36:50 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" [Wed Feb 12 09:36:50 2020 - debug] xst.audit(did="ipDKd6og", uri="http://localhost:9090/") [Wed Feb 12 09:36:50 2020 - debug] xst.audit(did="ipDKd6og",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=681,from_cache=0,grep=1,rtt=0.03,did=xjWOnc8B) [Wed Feb 12 09:36:50 2020 - debug] cors_origin.audit(did="xjWOnc8B",uri="http://localhost:9090/") took 0.50s to run (0.09s 17% sending HTTP requests) [Wed Feb 12 09:36:50 2020 - debug] digit_sum.discover(did="BxlEKrE6",uri="http://localhost:9090/learn") took 0.38s to run [Wed Feb 12 09:36:50 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:50 2020 - debug] localhost:9090 connection pool stats (free:50 / in_use:0 / max:50 / total:50) [Wed Feb 12 09:36:50 2020 - debug] There are no connections marked as in use in the connection pool at this time [Wed Feb 12 09:36:50 2020 - debug] eval.audit(did="T5lp5tZk",uri="http://localhost:9090/") took 0.19s to run [Wed Feb 12 09:36:50 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:50 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:N63N36kN) [Wed Feb 12 09:36:50 2020 - debug] http_auth_detect.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.04s to run [Wed Feb 12 09:36:50 2020 - debug] ghdb.discover(http://localhost:9090/learn, did=aimnvCGc) [Wed Feb 12 09:36:50 2020 - debug] [ghdb] Crawling "http://localhost:9090/learn" [Wed Feb 12 09:36:50 2020 - debug] The crawl plugin: "ghdb" wont be run anymore. [Wed Feb 12 09:36:50 2020 - debug] Starting CrawlInfra consumer _teardown() with 1 plugins [Wed Feb 12 09:36:50 2020 - debug] Calling ghdb.end() [Wed Feb 12 09:36:50 2020 - debug] Spent 0.00 seconds running ghdb.end() [Wed Feb 12 09:36:50 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:50 2020 - debug] ghdb.discover(did="aimnvCGc",uri="http://localhost:9090/learn") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] ssl_certificate.audit(did="El0T5tLJ", uri="http://localhost:9090/") [Wed Feb 12 09:36:50 2020 - debug] ssl_certificate.audit(did="El0T5tLJ",uri="http://localhost:9090/") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] preg_replace.audit(did="OhvBbZAn", uri="http://localhost:9090/") [Wed Feb 12 09:36:50 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:50 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:OhvBbZAn) [Wed Feb 12 09:36:50 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" [Wed Feb 12 09:36:50 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn/vulnerability/a10_logging" [Wed Feb 12 09:36:50 2020 - debug] strange_parameters.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.02s to run [Wed Feb 12 09:36:50 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a7_xss" [Wed Feb 12 09:36:50 2020 - debug] dot_ds_store.discover(did="4eFYxGuO",uri="http://localhost:9090/learn") took 0.27s to run [Wed Feb 12 09:36:50 2020 - debug] allowed_methods.discover(http://localhost:9090/cmd.jsp, did=WIbMOF3F) [Wed Feb 12 09:36:50 2020 - debug] The infrastructure plugin: "allowed_methods" wont be run anymore. [Wed Feb 12 09:36:50 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:50 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:50 2020 - debug] allowed_methods.discover(did="WIbMOF3F",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] frontpage_version.discover(http://localhost:9090/cmd.jsp, did=GrZFUJCr) [Wed Feb 12 09:36:50 2020 - debug] preg_replace.audit(did="OhvBbZAn",uri="http://localhost:9090/") took 0.04s to run [Wed Feb 12 09:36:50 2020 - debug] url_session.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.03s to run [Wed Feb 12 09:36:50 2020 - debug] dot_net_event_validation.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] objects.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] error_500.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:50 2020 - debug] meta_tags.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:51 2020 - debug] password_profiling.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:51 2020 - debug] click_jacking.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:51 2020 - debug] directory_indexing.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:51 2020 - debug] lang.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:51 2020 - debug] ssi.audit(did="N63N36kN",uri="http://localhost:9090/") took 0.35s to run [Wed Feb 12 09:36:51 2020 - debug] The infrastructure plugin: "frontpage_version" wont be run anymore. [Wed Feb 12 09:36:51 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:51 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:51 2020 - debug] frontpage_version.discover(did="GrZFUJCr",uri="http://localhost:9090/cmd.jsp") took 0.08s to run [Wed Feb 12 09:36:51 2020 - debug] server_header.discover(http://localhost:9090/cmd.jsp, did=0Kso9Q5T) [Wed Feb 12 09:36:51 2020 - debug] mx_injection.audit(did="X3XdX1kp", uri="http://localhost:9090/") [Wed Feb 12 09:36:51 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:51 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:X3XdX1kp) [Wed Feb 12 09:36:51 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn/vulnerability/a7_xss" [Wed Feb 12 09:36:51 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn/vulnerability/a7_xss" [Wed Feb 12 09:36:51 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a9_vuln_component" [Wed Feb 12 09:36:51 2020 - debug] finger_bing.discover(http://localhost:9090/cmd.jsp, did=nEqanZVO) [Wed Feb 12 09:36:51 2020 - debug] The infrastructure plugin: "finger_bing" wont be run anymore. [Wed Feb 12 09:36:51 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:51 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:51 2020 - debug] finger_bing.discover(did="nEqanZVO",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:51 2020 - debug] GET http://localhost:9090/ returned HTTP code "302" (id=682,from_cache=0,grep=1,rtt=0.08,did=c0UiZ8h7) [Wed Feb 12 09:36:51 2020 - debug] "http://localhost:9090/" (id:682, code:302, len:28, did:c0UiZ8h7) is NOT a 404 [URL 404 cache] [Wed Feb 12 09:36:51 2020 - debug] open_api.discover(did="c0UiZ8h7",uri="http://localhost:9090/") took 10.37s to run (8.32s 80% sending HTTP requests) [Wed Feb 12 09:36:51 2020 - debug] response_splitting.audit(did="EtLpg8qo", uri="http://localhost:9090/") [Wed Feb 12 09:36:51 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:51 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.00 seconds [Wed Feb 12 09:36:51 2020 - debug] mx_injection.audit(did="X3XdX1kp",uri="http://localhost:9090/") took 0.10s to run [Wed Feb 12 09:36:51 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn/vulnerability/a9_vuln_component" [Wed Feb 12 09:36:51 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn/vulnerability/a9_vuln_component" [Wed Feb 12 09:36:51 2020 - debug] GET http://localhost:9090/learn returned HTTP code "200" (id=683,from_cache=0,grep=1,rtt=0.04,did=QkhjpaUC) [Wed Feb 12 09:36:51 2020 - debug] "http://localhost:9090/learn" (id:683, code:200, len:10863, did:QkhjpaUC) is NOT a 404 [URL 404 cache] [Wed Feb 12 09:36:51 2020 - debug] finger_pks.discover(http://localhost:9090/cmd.jsp, did=wod4T4sR) [Wed Feb 12 09:36:51 2020 - debug] The infrastructure plugin: "finger_pks" wont be run anymore. [Wed Feb 12 09:36:51 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:51 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:51 2020 - debug] finger_pks.discover(did="wod4T4sR",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:51 2020 - debug] genexus_xml.discover(http://localhost:9090/cmd.jsp, did=yGLo44Iu) [Wed Feb 12 09:36:51 2020 - debug] [genexus_xml] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:51 2020 - debug] The crawl plugin: "genexus_xml" wont be run anymore. [Wed Feb 12 09:36:51 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:51 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:51 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:EtLpg8qo) [Wed Feb 12 09:36:51 2020 - debug] open_api.discover(did="QkhjpaUC",uri="http://localhost:9090/learn") took 0.48s to run (0.04s 9% sending HTTP requests) [Wed Feb 12 09:36:51 2020 - debug] rfd.audit(did="ce7Yzlea", uri="http://localhost:9090/") [Wed Feb 12 09:36:51 2020 - debug] finger_google.discover(http://localhost:9090/cmd.jsp, did=e70HkbJZ) [Wed Feb 12 09:36:51 2020 - debug] The infrastructure plugin: "finger_google" wont be run anymore. [Wed Feb 12 09:36:51 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:51 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:51 2020 - debug] finger_google.discover(did="e70HkbJZ",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:51 2020 - debug] response_splitting.audit(did="EtLpg8qo",uri="http://localhost:9090/") took 0.04s to run [Wed Feb 12 09:36:51 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/ax_redirect" [Wed Feb 12 09:36:51 2020 - debug] rfi.audit(did="LkYgJtjC", uri="http://localhost:9090/") [Wed Feb 12 09:36:51 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/%3B/w3af.cmd%3B/w3af.cmd" () [Wed Feb 12 09:36:51 2020 - debug] dot_listing.discover(http://localhost:9090/cmd.jsp, did=n8rva0Zx) [Wed Feb 12 09:36:51 2020 - debug] [dot_listing] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:51 2020 - debug] genexus_xml.discover(did="yGLo44Iu",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:51 2020 - debug] rfd.audit(did="ce7Yzlea",uri="http://localhost:9090/") took 0.05s to run [Wed Feb 12 09:36:51 2020 - debug] detailed.has_active_session() and detailed.login() [Wed Feb 12 09:36:51 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: un0re8mf) [Wed Feb 12 09:36:51 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn/vulnerability/ax_redirect" [Wed Feb 12 09:36:51 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn/vulnerability/ax_redirect" [Wed Feb 12 09:36:51 2020 - debug] frontpage.audit(did="z8UQKGpk", uri="http://localhost:9090/") [Wed Feb 12 09:36:51 2020 - debug] wordpress_fingerprint.discover(http://localhost:9090/cmd.jsp, did=ttU8ji2h) [Wed Feb 12 09:36:51 2020 - debug] [wordpress_fingerprint] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:51 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a4_xxe" [Wed Feb 12 09:36:51 2020 - debug] content_negotiation.discover(http://localhost:9090/cmd.jsp, did=uvlkqo7q) [Wed Feb 12 09:36:51 2020 - debug] [content_negotiation] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:51 2020 - debug] dot_listing.discover(did="n8rva0Zx",uri="http://localhost:9090/cmd.jsp") took 0.03s to run [Wed Feb 12 09:36:51 2020 - debug] robots_txt.discover(http://localhost:9090/cmd.jsp, did=BIh5qfWP) [Wed Feb 12 09:36:51 2020 - debug] [robots_txt] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:51 2020 - debug] The crawl plugin: "robots_txt" wont be run anymore. [Wed Feb 12 09:36:51 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:51 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:51 2020 - debug] robots_txt.discover(did="BIh5qfWP",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:51 2020 - debug] frontpage.audit(did="z8UQKGpk",uri="http://localhost:9090/") took 0.03s to run [Wed Feb 12 09:36:51 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:51 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:LkYgJtjC) [Wed Feb 12 09:36:51 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn/vulnerability/a4_xxe" [Wed Feb 12 09:36:51 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn/vulnerability/a4_xxe" [Wed Feb 12 09:36:51 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a2_broken_auth" [Wed Feb 12 09:36:51 2020 - debug] RFI using local web server for URL: http://localhost:9090/ [Wed Feb 12 09:36:51 2020 - debug] archive_dot_org.discover(http://localhost:9090/cmd.jsp, did=WAttDmMv) [Wed Feb 12 09:36:51 2020 - debug] [archive_dot_org] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:52 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=684,from_cache=1,grep=1,rtt=0.17,did=3meC1IMl) [Wed Feb 12 09:36:52 2020 - debug] server_header.discover(did="0Kso9Q5T",uri="http://localhost:9090/cmd.jsp") took 0.31s to run [Wed Feb 12 09:36:52 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn/vulnerability/a2_broken_auth" [Wed Feb 12 09:36:52 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn/vulnerability/a2_broken_auth" [Wed Feb 12 09:36:52 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a3_sensitive_data" [Wed Feb 12 09:36:52 2020 - debug] GET http://localhost:9090/cmd returned HTTP code "404" (id=686,from_cache=0,grep=1,rtt=0.08,did=PYosAaw5) [Wed Feb 12 09:36:52 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=688,from_cache=0,grep=0,rtt=0.17,did=un0re8mf) [Wed Feb 12 09:36:52 2020 - debug] [auth.detailed] User "admin" is currently logged into the application (did: un0re8mf) [Wed Feb 12 09:36:52 2020 - debug] detailed._login() took 0.29s to run [Wed Feb 12 09:36:52 2020 - debug] ria_enumerator.discover(http://localhost:9090/cmd.jsp, did=zhAQw2dz) [Wed Feb 12 09:36:52 2020 - debug] [ria_enumerator] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:52 2020 - debug] The crawl plugin: "ria_enumerator" wont be run anymore. [Wed Feb 12 09:36:52 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:52 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:52 2020 - debug] ria_enumerator.discover(did="zhAQw2dz",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:52 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=151 returned HTTP code "200" (id=685,from_cache=0,grep=0,rtt=0.71,did=3Sbo6R4Z) [Wed Feb 12 09:36:52 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/" () [Wed Feb 12 09:36:52 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:LkYgJtjC) [Wed Feb 12 09:36:52 2020 - debug] GET http://localhost:9090/logout returned HTTP code "302" (id=687,from_cache=0,grep=0,rtt=0.15,did=tv0rDE9u) [Wed Feb 12 09:36:52 2020 - debug] file_upload.audit(did="oMJqIFMt", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:52 2020 - debug] file_upload.audit(did="oMJqIFMt",uri="http://localhost:9090/logout") took 0.00s to run [Wed Feb 12 09:36:52 2020 - debug] rfi.audit(did="LkYgJtjC",uri="http://localhost:9090/") took 0.34s to run [Wed Feb 12 09:36:52 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn/vulnerability/a3_sensitive_data" [Wed Feb 12 09:36:52 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn/vulnerability/a3_sensitive_data" [Wed Feb 12 09:36:53 2020 - debug] wordnet.discover(http://localhost:9090/cmd.jsp, did=LVAPaZfI) [Wed Feb 12 09:36:53 2020 - debug] [wordnet] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:53 2020 - debug] csrf.audit(did="rBZ3WY3i", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] csrf.audit(did="rBZ3WY3i",uri="http://localhost:9090/logout") took 0.00s to run [Wed Feb 12 09:36:53 2020 - information] The remote Web server has Content Negotiation disabled [Wed Feb 12 09:36:53 2020 - debug] content_negotiation.discover(did="uvlkqo7q",uri="http://localhost:9090/cmd.jsp") took 0.44s to run [Wed Feb 12 09:36:53 2020 - debug] deserialization.audit(did="Eb62WTQI", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] VariantDB is returning False because of "seen_exactly_the_same" for "Method: GET | http://localhost:9090/learn/vulnerability/a5_broken_access_control" [Wed Feb 12 09:36:53 2020 - debug] GET http://localhost:9090/wp-login.php returned HTTP code "404" (id=689,from_cache=1,grep=1,rtt=0.18,did=n1zjXyQl) [Wed Feb 12 09:36:53 2020 - debug] deserialization.audit(did="Eb62WTQI",uri="http://localhost:9090/logout") took 0.03s to run [Wed Feb 12 09:36:53 2020 - debug] os_commanding.audit(did="LjRIdfP4", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:LjRIdfP4) [Wed Feb 12 09:36:53 2020 - debug] wordpress_fingerprint.discover(did="ttU8ji2h",uri="http://localhost:9090/cmd.jsp") took 0.50s to run [Wed Feb 12 09:36:53 2020 - debug] sitemap_xml.discover(http://localhost:9090/cmd.jsp, did=bBfS3Z2V) [Wed Feb 12 09:36:53 2020 - debug] [sitemap_xml] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:53 2020 - debug] The crawl plugin: "sitemap_xml" wont be run anymore. [Wed Feb 12 09:36:53 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:53 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:53 2020 - debug] sitemap_xml.discover(did="bBfS3Z2V",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] lfi.audit(did="bSzXnoxu", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:bSzXnoxu) [Wed Feb 12 09:36:53 2020 - debug] lfi.audit(did="bSzXnoxu",uri="http://localhost:9090/logout") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] os_commanding.audit(did="LjRIdfP4",uri="http://localhost:9090/logout") took 0.04s to run [Wed Feb 12 09:36:53 2020 - debug] New fuzzable request identified: "Method: GET | http://localhost:9090/learn/vulnerability/a5_broken_access_control" [Wed Feb 12 09:36:53 2020 - information] New URL found by web_spider plugin: "http://localhost:9090/learn/vulnerability/a5_broken_access_control" [Wed Feb 12 09:36:53 2020 - debug] user_dir.discover(http://localhost:9090/cmd.jsp, did=jxysLhin) [Wed Feb 12 09:36:53 2020 - debug] [user_dir] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:53 2020 - debug] The crawl plugin: "user_dir" wont be run anymore. [Wed Feb 12 09:36:53 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:53 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:53 2020 - debug] user_dir.discover(did="jxysLhin",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] sqli.audit(did="vtuRW9LM", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:vtuRW9LM) [Wed Feb 12 09:36:53 2020 - debug] OrderedCachedQueue.put() will write a 'FuzzableRequest' item to the CrawlInfraIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current CrawlInfraIn DiskDict size is 0. [Wed Feb 12 09:36:53 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=690,from_cache=1,grep=1,rtt=0.11,did=CaZWKuhw) [Wed Feb 12 09:36:53 2020 - debug] dir_file_bruter.discover(http://localhost:9090/cmd.jsp, did=BzWsbSsW) [Wed Feb 12 09:36:53 2020 - debug] [dir_file_bruter] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:53 2020 - debug] The crawl plugin: "dir_file_bruter" wont be run anymore. [Wed Feb 12 09:36:53 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:53 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:53 2020 - debug] dir_file_bruter.discover(did="BzWsbSsW",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] blind_sqli.audit(did="wpsWZjlf", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] blind_sqli.audit(did="wpsWZjlf",uri="http://localhost:9090/logout") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] phpinfo.discover(http://localhost:9090/cmd.jsp, did=bOXx8W9f) [Wed Feb 12 09:36:53 2020 - debug] sqli.audit(did="vtuRW9LM",uri="http://localhost:9090/logout") took 0.03s to run [Wed Feb 12 09:36:53 2020 - debug] get_emails.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.84s to run [Wed Feb 12 09:36:53 2020 - debug] hash_analysis.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] phishing_vector.audit(did="r1tqlTGm", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:r1tqlTGm) [Wed Feb 12 09:36:53 2020 - debug] find_dvcs.discover(http://localhost:9090/cmd.jsp, did=1TSzliad) [Wed Feb 12 09:36:53 2020 - debug] [phpinfo] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:53 2020 - debug] error_pages.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.06s to run [Wed Feb 12 09:36:53 2020 - debug] strange_reason.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] content_sniffing.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] user_defined_regex.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] cache_control.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] strange_headers.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] ssn.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] oracle.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] feeds.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] Finished audit.phishing_vector (did=r1tqlTGm) [Wed Feb 12 09:36:53 2020 - debug] phishing_vector.audit(did="r1tqlTGm",uri="http://localhost:9090/logout") took 0.03s to run [Wed Feb 12 09:36:53 2020 - debug] generic.audit(did="wcl42r8P", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] generic.audit(did="wcl42r8P",uri="http://localhost:9090/logout") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] [find_dvcs] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:53 2020 - debug] find_dvcs.discover(did="1TSzliad",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] import_results.discover(http://localhost:9090/cmd.jsp, did=mgIuX3ek) [Wed Feb 12 09:36:53 2020 - debug] [import_results] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:53 2020 - debug] The crawl plugin: "import_results" wont be run anymore. [Wed Feb 12 09:36:53 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:53 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:53 2020 - debug] import_results.discover(did="mgIuX3ek",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] phpinfo.discover(did="bOXx8W9f",uri="http://localhost:9090/cmd.jsp") took 0.05s to run [Wed Feb 12 09:36:53 2020 - debug] url_fuzzer.discover(http://localhost:9090/cmd.jsp, did=XsWRvHqM) [Wed Feb 12 09:36:53 2020 - debug] [url_fuzzer] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:53 2020 - debug] analyze_cookies.grep(uri="http://localhost:9090/sitemanifest.gears") took 0.04s to run [Wed Feb 12 09:36:53 2020 - debug] payment_webhook_finder.discover(http://localhost:9090/cmd.jsp, did=KXmpV1uX) [Wed Feb 12 09:36:53 2020 - debug] [payment_webhook_finder] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:53 2020 - debug] format_string.audit(did="btLLeEIp", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:btLLeEIp) [Wed Feb 12 09:36:53 2020 - debug] websocket_hijacking.audit(did="Rp0DkaKO", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] OrderedCachedQueue.put() will write a 'FuzzableRequest' item to the CrawlInfraIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current CrawlInfraIn DiskDict size is 1. [Wed Feb 12 09:36:53 2020 - debug] websocket_hijacking.audit(did="Rp0DkaKO",uri="http://localhost:9090/logout") took 0.01s to run [Wed Feb 12 09:36:53 2020 - debug] shell_shock.audit(did="wOOxq3c0", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] format_string.audit(did="btLLeEIp",uri="http://localhost:9090/logout") took 0.02s to run [Wed Feb 12 09:36:53 2020 - debug] memcachei.audit(did="rdke0baI", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:rdke0baI) [Wed Feb 12 09:36:53 2020 - debug] memcachei.audit(did="rdke0baI",uri="http://localhost:9090/logout") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] symfony.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] un_ssl.audit(did="BlcCk7q3", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] un_ssl.audit(did="BlcCk7q3",uri="http://localhost:9090/logout") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] ldapi.audit(did="yKfw1tQp", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:53 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:yKfw1tQp) [Wed Feb 12 09:36:53 2020 - debug] file_upload.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:36:53 2020 - debug] wsdl_greper.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:36:54 2020 - debug] cross_domain_js.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:36:54 2020 - debug] ldapi.audit(did="yKfw1tQp",uri="http://localhost:9090/logout") took 0.05s to run [Wed Feb 12 09:36:54 2020 - debug] OrderedCachedQueue.put() will write a 'FuzzableRequest' item to the CrawlInfraIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current CrawlInfraIn DiskDict size is 2. [Wed Feb 12 09:36:54 2020 - debug] buffer_overflow.audit(did="4F6H2Xbz", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:54 2020 - debug] redos.audit(did="z7IKtnbX", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:54 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:54 2020 - debug] buffer_overflow.audit(did="4F6H2Xbz",uri="http://localhost:9090/logout") took 0.05s to run [Wed Feb 12 09:36:54 2020 - debug] global_redirect.audit(did="Z3VuuJ1k", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:54 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:54 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:Z3VuuJ1k) [Wed Feb 12 09:36:54 2020 - debug] GET http://localhost:9090/logout returned HTTP code "302" (id=691,from_cache=0,grep=1,rtt=0.07,did=wOOxq3c0) [Wed Feb 12 09:36:54 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:54 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:54 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:Z3VuuJ1k) [Wed Feb 12 09:36:54 2020 - debug] xpath.audit(did="AAfpLQgW", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:54 2020 - debug] OrderedCachedQueue.put() will write a 'FuzzableRequest' item to the CrawlInfraIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current CrawlInfraIn DiskDict size is 3. [Wed Feb 12 09:36:54 2020 - debug] redos.audit(did="z7IKtnbX",uri="http://localhost:9090/logout") took 0.12s to run [Wed Feb 12 09:36:54 2020 - debug] global_redirect.audit(did="Z3VuuJ1k",uri="http://localhost:9090/logout") took 0.09s to run [Wed Feb 12 09:36:54 2020 - debug] cors_origin.audit(did="rdrGFmgO", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:54 2020 - debug] htaccess_methods.audit(did="8fZvqazX", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:54 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=692,from_cache=0,grep=1,rtt=0.06,did=jRzBntkJ) [Wed Feb 12 09:36:54 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:54 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:AAfpLQgW) [Wed Feb 12 09:36:54 2020 - debug] xpath.audit(did="AAfpLQgW",uri="http://localhost:9090/logout") took 0.17s to run [Wed Feb 12 09:36:54 2020 - debug] http_in_body.grep(uri="http://localhost:9090/filesInCache.json") took 0.41s to run [Wed Feb 12 09:36:54 2020 - debug] dav.audit(did="sf9wWbKz", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:54 2020 - debug] dav.audit(did="sf9wWbKz",uri="http://localhost:9090/logout") took 0.00s to run [Wed Feb 12 09:36:54 2020 - debug] OrderedCachedQueue.put() will write a 'FuzzableRequest' item to the CrawlInfraIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current CrawlInfraIn DiskDict size is 4. [Wed Feb 12 09:36:54 2020 - debug] expect_ct.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:36:54 2020 - debug] svn_users.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:36:54 2020 - debug] xss_protection_header.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:36:54 2020 - debug] private_ip.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:36:54 2020 - debug] motw.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:36:54 2020 - debug] meta_generator.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:36:54 2020 - debug] GET http://localhost:9090/logout returned HTTP code "302" (id=696,from_cache=0,grep=1,rtt=0.05,did=SSUbEjdm) [Wed Feb 12 09:36:54 2020 - debug] htaccess_methods.audit(did="8fZvqazX",uri="http://localhost:9090/logout") took 0.27s to run [Wed Feb 12 09:36:54 2020 - debug] GET http://localhost:9090/logout returned HTTP code "302" (id=693,from_cache=0,grep=1,rtt=0.09,did=rdrGFmgO) [Wed Feb 12 09:36:54 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=161 returned HTTP code "200" (id=694,from_cache=0,grep=0,rtt=0.66,did=BPMDXrj1) [Wed Feb 12 09:36:54 2020 - debug] GET http://web.archive.org/web/*/http:/localhost:9090/cmd.jsp returned HTTP code "200" (id=695,from_cache=0,grep=1,rtt=0.84,did=hpKUjhw1) [Wed Feb 12 09:36:55 2020 - debug] GET http://localhost:9090/logout returned HTTP code "302" (id=697,from_cache=0,grep=0,rtt=0.09,did=wOOxq3c0) [Wed Feb 12 09:36:55 2020 - debug] ssi.audit(did="ra0pBnAz", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:55 2020 - debug] xxe.audit(did="1yvgvENX", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:55 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:55 2020 - debug] GET http://localhost:9090/logout returned HTTP code "302" (id=698,from_cache=0,grep=1,rtt=0.05,did=rdrGFmgO) [Wed Feb 12 09:36:55 2020 - debug] cors_origin.audit(did="rdrGFmgO",uri="http://localhost:9090/logout") took 0.55s to run (0.15s 26% sending HTTP requests) [Wed Feb 12 09:36:55 2020 - debug] GET http://web.archive.org/web/*/http:/localhost:9090/cmd.jsp returned HTTP code "200" (id=699,from_cache=1,grep=1,rtt=0.84,did=Y5DKYA1M) [Wed Feb 12 09:36:55 2020 - debug] Archive.org did not find any pages. [Wed Feb 12 09:36:55 2020 - debug] archive_dot_org.discover(did="WAttDmMv",uri="http://localhost:9090/cmd.jsp") took 1.49s to run [Wed Feb 12 09:36:55 2020 - debug] urllist_txt.discover(http://localhost:9090/cmd.jsp, did=hybQf0FJ) [Wed Feb 12 09:36:55 2020 - debug] [urllist_txt] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:55 2020 - debug] The crawl plugin: "urllist_txt" wont be run anymore. [Wed Feb 12 09:36:55 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:36:55 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:36:55 2020 - debug] urllist_txt.discover(did="hybQf0FJ",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:55 2020 - debug] find_backdoors.discover(http://localhost:9090/cmd.jsp, did=JO03Jhvv) [Wed Feb 12 09:36:55 2020 - debug] [find_backdoors] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:55 2020 - debug] find_backdoors.discover(did="JO03Jhvv",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:36:55 2020 - debug] web_spider.discover(http://localhost:9090/cmd.jsp, did=Nj3vP0pA) [Wed Feb 12 09:36:55 2020 - debug] [web_spider] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:55 2020 - debug] xxe.audit(did="1yvgvENX",uri="http://localhost:9090/logout") took 0.10s to run [Wed Feb 12 09:36:55 2020 - debug] eval.audit(did="A7cugLQn", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:55 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:55 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:A7cugLQn) [Wed Feb 12 09:36:55 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:55 2020 - debug] localhost:9090 connection pool stats (free:42 / in_use:8 / max:50 / total:50) [Wed Feb 12 09:36:55 2020 - debug] Connections with more in use time: (450aace75c9d8a42, 0.09 sec) (955b76b517b2a7f0, 0.09 sec) (63447e5418977032, 0.08 sec) (6b6a9da9c938112c, 0.03 sec) (f5adb0c09c70ca09, 0.03 sec) [Wed Feb 12 09:36:55 2020 - debug] rosetta_flash.audit(did="PoS7t80R", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:55 2020 - debug] eval.audit(did="A7cugLQn",uri="http://localhost:9090/logout") took 0.27s to run [Wed Feb 12 09:36:55 2020 - debug] xss.audit(did="RFizPSPo", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:55 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:55 2020 - debug] xss.audit(did="RFizPSPo",uri="http://localhost:9090/logout") took 0.00s to run [Wed Feb 12 09:36:55 2020 - debug] GET http://localhost:9090/cmd.jsp.gzip returned HTTP code "404" (id=701,from_cache=0,grep=1,rtt=0.11,did=DmG4dKK5) [Wed Feb 12 09:36:55 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 351, 'reject-seen-url': 103, 'reject-out-of-scope': 9, 'accept': 112} [Wed Feb 12 09:36:55 2020 - debug] rosetta_flash.audit(did="PoS7t80R",uri="http://localhost:9090/logout") took 0.14s to run [Wed Feb 12 09:36:55 2020 - debug] GET http://localhost:9090/cmd.jsp.rar returned HTTP code "404" (id=702,from_cache=0,grep=1,rtt=0.13,did=1TwZgSOi) [Wed Feb 12 09:36:55 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 351, 'reject-seen-url': 103, 'reject-out-of-scope': 9, 'accept': 112} [Wed Feb 12 09:36:55 2020 - debug] xst.audit(did="B4z3BrAJ", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:55 2020 - debug] xst.audit(did="B4z3BrAJ",uri="http://localhost:9090/logout") took 0.00s to run [Wed Feb 12 09:36:55 2020 - debug] ssl_certificate.audit(did="NVGfGodp", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:55 2020 - debug] ssl_certificate.audit(did="NVGfGodp",uri="http://localhost:9090/logout") took 0.00s to run [Wed Feb 12 09:36:55 2020 - debug] preg_replace.audit(did="nm62kAxc", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:55 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:55 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:nm62kAxc) [Wed Feb 12 09:36:55 2020 - debug] preg_replace.audit(did="nm62kAxc",uri="http://localhost:9090/logout") took 0.08s to run [Wed Feb 12 09:36:55 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:55 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:ra0pBnAz) [Wed Feb 12 09:36:55 2020 - debug] GET http://localhost:9090/cmd.jsp.old returned HTTP code "404" (id=708,from_cache=0,grep=1,rtt=0.18,did=SAk4PLFh) [Wed Feb 12 09:36:55 2020 - debug] mx_injection.audit(did="RNqA5QOz", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:55 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:55 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:RNqA5QOz) [Wed Feb 12 09:36:55 2020 - debug] GET http://localhost:9090/cmd.jsp.cab returned HTTP code "404" (id=704,from_cache=0,grep=1,rtt=0.14,did=pTzqeRH5) [Wed Feb 12 09:36:55 2020 - debug] GET http://localhost:9090/cmd.jsp.gz returned HTTP code "404" (id=703,from_cache=0,grep=1,rtt=0.10,did=w6HoHJUM) [Wed Feb 12 09:36:56 2020 - debug] GET http://localhost:9090/cmd.jsp.inc returned HTTP code "404" (id=706,from_cache=0,grep=1,rtt=0.12,did=QuWpOJDn) [Wed Feb 12 09:36:56 2020 - debug] ssi.audit(did="ra0pBnAz",uri="http://localhost:9090/logout") took 0.89s to run [Wed Feb 12 09:36:56 2020 - debug] response_splitting.audit(did="iZMe3jgp", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:56 2020 - debug] GET http://localhost:9090/cmd.jsp.backup returned HTTP code "404" (id=707,from_cache=0,grep=1,rtt=0.21,did=MaWZLpRa) [Wed Feb 12 09:36:56 2020 - debug] mx_injection.audit(did="RNqA5QOz",uri="http://localhost:9090/logout") took 0.07s to run [Wed Feb 12 09:36:56 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:56 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:iZMe3jgp) [Wed Feb 12 09:36:56 2020 - debug] GET http://localhost:9090/cmd.jsp.java returned HTTP code "404" (id=705,from_cache=0,grep=1,rtt=0.06,did=dyTXfrX6) [Wed Feb 12 09:36:56 2020 - debug] rfd.audit(did="mkW2BEi0", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:56 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout%3B/w3af.cmd%3B/w3af.cmd" () [Wed Feb 12 09:36:56 2020 - debug] rfd.audit(did="mkW2BEi0",uri="http://localhost:9090/logout") took 0.00s to run [Wed Feb 12 09:36:56 2020 - debug] GET http://localhost:9090/cmd.tar.gz returned HTTP code "404" (id=711,from_cache=0,grep=1,rtt=0.14,did=t0WKRFZZ) [Wed Feb 12 09:36:56 2020 - debug] GET http://localhost:9090/cmd.jsp.jar returned HTTP code "404" (id=712,from_cache=0,grep=1,rtt=0.15,did=kRpVBXSC) [Wed Feb 12 09:36:56 2020 - debug] GET http://localhost:9090/cmd.jsp.tar.gz returned HTTP code "404" (id=715,from_cache=0,grep=1,rtt=0.34,did=Y1nu2dET) [Wed Feb 12 09:36:56 2020 - debug] GET http://localhost:9090/cmd.7z returned HTTP code "404" (id=716,from_cache=0,grep=1,rtt=0.14,did=95X6Uoo7) [Wed Feb 12 09:36:57 2020 - debug] GET http://localhost:9090/cmd.tgz returned HTTP code "404" (id=718,from_cache=0,grep=1,rtt=0.12,did=ulP1oEPn) [Wed Feb 12 09:36:57 2020 - debug] GET http://localhost:9090/cmd.jsp.old1 returned HTTP code "404" (id=721,from_cache=0,grep=1,rtt=0.30,did=DIJcjTgs) [Wed Feb 12 09:36:57 2020 - debug] GET http://localhost:9090/cmd.jsp.$$$ returned HTTP code "404" (id=723,from_cache=0,grep=1,rtt=0.10,did=W3YfY1ao) [Wed Feb 12 09:36:57 2020 - debug] GET http://localhost:9090/cmd.jsp.bak1 returned HTTP code "404" (id=725,from_cache=0,grep=1,rtt=0.21,did=K9ZHq9Ij) [Wed Feb 12 09:36:57 2020 - debug] GET http://localhost:9090/cmd.jsp.bzip2 returned HTTP code "404" (id=727,from_cache=0,grep=1,rtt=0.24,did=tn1iyoxi) [Wed Feb 12 09:36:57 2020 - debug] GET http://localhost:9090/cmd.jsp.7z returned HTTP code "404" (id=729,from_cache=0,grep=1,rtt=0.15,did=bMsKdNH1) [Wed Feb 12 09:36:57 2020 - debug] GET http://localhost:9090/cmd.jsp.bak returned HTTP code "404" (id=709,from_cache=0,grep=1,rtt=0.20,did=JzN8wCEW) [Wed Feb 12 09:36:57 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=171 returned HTTP code "200" (id=720,from_cache=0,grep=0,rtt=0.66,did=bO2QPfix) [Wed Feb 12 09:36:57 2020 - debug] rfi.audit(did="tBAmetPI", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:57 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:57 2020 - debug] response_splitting.audit(did="iZMe3jgp",uri="http://localhost:9090/logout") took 0.19s to run [Wed Feb 12 09:36:57 2020 - debug] GET http://localhost:9090/cmd.jsp.backup1 returned HTTP code "404" (id=722,from_cache=0,grep=1,rtt=0.12,did=8ltq8Zzf) [Wed Feb 12 09:36:58 2020 - debug] GET http://localhost:9090/cmd.jsp.back returned HTTP code "404" (id=728,from_cache=0,grep=1,rtt=0.23,did=EYcdsboh) [Wed Feb 12 09:36:58 2020 - debug] GET http://localhost:9090/cmd.jsp.class returned HTTP code "404" (id=713,from_cache=0,grep=1,rtt=0.26,did=ARx7nIGj) [Wed Feb 12 09:36:58 2020 - debug] GET http://localhost:9090/cmd.jsp~ returned HTTP code "404" (id=717,from_cache=0,grep=1,rtt=0.36,did=5BBnZ5Ne) [Wed Feb 12 09:36:58 2020 - debug] frontpage.audit(did="EIhKNkj1", uri="http://localhost:9090/logout") [Wed Feb 12 09:36:58 2020 - debug] GET http://localhost:9090/cmd.cab returned HTTP code "404" (id=724,from_cache=0,grep=1,rtt=0.15,did=WTu5VyRa) [Wed Feb 12 09:36:58 2020 - debug] GET http://localhost:9090/cmd.jsp.properties returned HTTP code "404" (id=710,from_cache=0,grep=1,rtt=0.22,did=3yZYaHcC) [Wed Feb 12 09:36:58 2020 - debug] GET http://localhost:9090/cmd.jsp.zip returned HTTP code "404" (id=714,from_cache=0,grep=1,rtt=0.40,did=aWZKzMbJ) [Wed Feb 12 09:36:58 2020 - debug] GET http://localhost:9090/cmd.jsp.tgz returned HTTP code "404" (id=719,from_cache=0,grep=1,rtt=0.30,did=grGQZdUN) [Wed Feb 12 09:36:58 2020 - debug] GET http://localhost:9090/cmd.gz returned HTTP code "404" (id=730,from_cache=0,grep=1,rtt=0.30,did=6Ek9DOjY) [Wed Feb 12 09:36:58 2020 - debug] GET http://localhost:9090/cmd.jsp.bkp returned HTTP code "404" (id=726,from_cache=0,grep=1,rtt=0.28,did=PLIhwk2A) [Wed Feb 12 09:36:58 2020 - debug] GET http://localhost:9090/cmd.bzip2 returned HTTP code "404" (id=732,from_cache=0,grep=1,rtt=0.08,did=HYwS4MS3) [Wed Feb 12 09:36:58 2020 - debug] localhost:9090 connection pool stats (free:49 / in_use:3 / max:50 / total:52) [Wed Feb 12 09:36:58 2020 - debug] Connections with more in use time: (a5419411797e137e, 0.44 sec) (450aace75c9d8a42, 0.44 sec) (955b76b517b2a7f0, 0.42 sec) [Wed Feb 12 09:36:58 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=731,from_cache=1,grep=1,rtt=0.11,did=LIdG72Yx) [Wed Feb 12 09:36:58 2020 - debug] web_spider.discover(did="Nj3vP0pA",uri="http://localhost:9090/cmd.jsp") took 1.49s to run [Wed Feb 12 09:36:58 2020 - debug] frontpage.audit(did="EIhKNkj1",uri="http://localhost:9090/logout") took 0.49s to run [Wed Feb 12 09:36:58 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:tBAmetPI) [Wed Feb 12 09:36:58 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.00 seconds [Wed Feb 12 09:36:58 2020 - debug] RFI using local web server for URL: http://localhost:9090/logout [Wed Feb 12 09:36:58 2020 - debug] GET http://localhost:9090/learn/vulnerability/ax_csrf returned HTTP code "302" (id=734,from_cache=0,grep=0,rtt=0.46,did=D12ul1Ud) [Wed Feb 12 09:36:58 2020 - debug] file_upload.audit(did="vvpFsNrw", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:36:58 2020 - debug] file_upload.audit(did="vvpFsNrw",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.00s to run [Wed Feb 12 09:36:59 2020 - debug] GET http://localhost:9090/cmd.rar returned HTTP code "404" (id=735,from_cache=0,grep=1,rtt=0.47,did=cXVMdomw) [Wed Feb 12 09:36:59 2020 - debug] find_captchas.discover(http://localhost:9090/cmd.jsp, did=aI2rv3vj) [Wed Feb 12 09:36:59 2020 - debug] [find_captchas] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:36:59 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/logout" () [Wed Feb 12 09:36:59 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:tBAmetPI) [Wed Feb 12 09:36:59 2020 - debug] GET http://localhost:9090/cmd.fla returned HTTP code "404" (id=736,from_cache=0,grep=1,rtt=0.09,did=iVKhowvL) [Wed Feb 12 09:36:59 2020 - debug] rfi.audit(did="tBAmetPI",uri="http://localhost:9090/logout") took 0.79s to run [Wed Feb 12 09:36:59 2020 - debug] GET http://localhost:9090/cmd.gzip returned HTTP code "404" (id=740,from_cache=0,grep=1,rtt=0.43,did=5Vcqj2TM) [Wed Feb 12 09:36:59 2020 - debug] csrf.audit(did="8gOiPbMU", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:36:59 2020 - debug] csrf.audit(did="8gOiPbMU",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.00s to run [Wed Feb 12 09:36:59 2020 - debug] GET http://localhost:9090/cmd.java returned HTTP code "404" (id=738,from_cache=0,grep=1,rtt=0.05,did=vrAZ4nRG) [Wed Feb 12 09:36:59 2020 - debug] GET http://localhost:9090/cmd.class returned HTTP code "404" (id=741,from_cache=0,grep=1,rtt=0.05,did=4KY7cjJL) [Wed Feb 12 09:36:59 2020 - debug] GET http://localhost:9090/cmd.zip returned HTTP code "404" (id=733,from_cache=0,grep=1,rtt=0.44,did=vRcmkUwM) [Wed Feb 12 09:36:59 2020 - debug] localhost:9090 connection pool stats (free:41 / in_use:11 / max:50 / total:52) [Wed Feb 12 09:36:59 2020 - debug] Connections with more in use time: (f5adb0c09c70ca09, 0.28 sec) (450aace75c9d8a42, 0.26 sec) (955b76b517b2a7f0, 0.17 sec) (a5419411797e137e, 0.07 sec) (63447e5418977032, 0.07 sec) [Wed Feb 12 09:36:59 2020 - debug] deserialization.audit(did="KWhtDTDg", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:36:59 2020 - debug] GET http://localhost:9090/cmd.c returned HTTP code "404" (id=743,from_cache=0,grep=1,rtt=0.05,did=ZIcoRc7U) [Wed Feb 12 09:36:59 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:00 2020 - debug] GET http://localhost:9090/cmd.inc returned HTTP code "404" (id=739,from_cache=0,grep=1,rtt=0.16,did=2rnzVgyk) [Wed Feb 12 09:37:00 2020 - debug] GET http://localhost:9090/cmd.backup1 returned HTTP code "404" (id=742,from_cache=0,grep=1,rtt=0.11,did=DvvCi47N) [Wed Feb 12 09:37:00 2020 - debug] GET http://localhost:9090/cmd.jar returned HTTP code "404" (id=737,from_cache=0,grep=1,rtt=0.12,did=9OBv5xqU) [Wed Feb 12 09:37:00 2020 - debug] GET http://localhost:9090/cmd.old1 returned HTTP code "404" (id=749,from_cache=0,grep=1,rtt=0.41,did=3Lk4WFke) [Wed Feb 12 09:37:00 2020 - debug] GET http://localhost:9090/cmd.orig returned HTTP code "404" (id=753,from_cache=0,grep=1,rtt=0.29,did=huKAHysU) [Wed Feb 12 09:37:00 2020 - debug] deserialization.audit(did="KWhtDTDg",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.30s to run [Wed Feb 12 09:37:00 2020 - debug] GET http://localhost:9090/localhost.gz returned HTTP code "404" (id=748,from_cache=0,grep=1,rtt=0.16,did=ImigIYBM) [Wed Feb 12 09:37:00 2020 - debug] os_commanding.audit(did="RzNG6Fv5", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:00 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:00 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:00 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:RzNG6Fv5) [Wed Feb 12 09:37:01 2020 - debug] GET http://localhost:9090/cmd.war returned HTTP code "404" (id=758,from_cache=0,grep=1,rtt=0.40,did=pSOy0SY0) [Wed Feb 12 09:37:01 2020 - debug] GET http://localhost:9090/localhost.cab returned HTTP code "404" (id=746,from_cache=0,grep=1,rtt=0.05,did=ie9as32s) [Wed Feb 12 09:37:01 2020 - debug] GET http://localhost:9090/cmd.phps returned HTTP code "404" (id=745,from_cache=0,grep=1,rtt=0.10,did=LZ5jYSg0) [Wed Feb 12 09:37:01 2020 - debug] GET http://localhost:9090/cmd.ori returned HTTP code "404" (id=747,from_cache=0,grep=1,rtt=0.06,did=gQE4CLox) [Wed Feb 12 09:37:01 2020 - debug] GET http://localhost:9090/cmd.vb returned HTTP code "404" (id=744,from_cache=0,grep=1,rtt=0.10,did=3jBenzab) [Wed Feb 12 09:37:01 2020 - debug] GET http://localhost:9090/localhost.7z returned HTTP code "404" (id=750,from_cache=0,grep=1,rtt=0.04,did=y37Qfa8t) [Wed Feb 12 09:37:01 2020 - debug] GET http://localhost:9090/cmd.old returned HTTP code "404" (id=755,from_cache=0,grep=1,rtt=0.55,did=FF2t33aj) [Wed Feb 12 09:37:01 2020 - debug] GET http://localhost:9090/cmd.disco returned HTTP code "404" (id=756,from_cache=0,grep=1,rtt=0.31,did=6Imy2jYd) [Wed Feb 12 09:37:01 2020 - debug] GET http://localhost:9090/cmd.backup returned HTTP code "404" (id=759,from_cache=0,grep=1,rtt=0.05,did=kNNUPIsK) [Wed Feb 12 09:37:01 2020 - debug] GET http://localhost:9090/cmd.bak1 returned HTTP code "404" (id=754,from_cache=0,grep=1,rtt=0.16,did=utNjXath) [Wed Feb 12 09:37:01 2020 - debug] GET http://localhost:9090/cmd.properties returned HTTP code "404" (id=752,from_cache=0,grep=1,rtt=0.25,did=GsV7CI3B) [Wed Feb 12 09:37:02 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 79. [Wed Feb 12 09:37:02 2020 - debug] GET http://localhost:9090/cmd.cpp returned HTTP code "404" (id=757,from_cache=0,grep=1,rtt=0.40,did=okQBdGOM) [Wed Feb 12 09:37:02 2020 - debug] GET http://localhost:9090/localhost.tgz returned HTTP code "404" (id=760,from_cache=0,grep=1,rtt=0.08,did=sBPUUyXg) [Wed Feb 12 09:37:02 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=751,from_cache=0,grep=1,rtt=0.35,did=2Ibpsb8Q) [Wed Feb 12 09:37:02 2020 - debug] lfi.audit(did="U2hIItLa", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:U2hIItLa) [Wed Feb 12 09:37:02 2020 - debug] GET http://localhost:9090/cmd.cs returned HTTP code "404" (id=761,from_cache=0,grep=1,rtt=0.21,did=73ldAeK1) [Wed Feb 12 09:37:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:02 2020 - debug] lfi.audit(did="U2hIItLa",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.11s to run [Wed Feb 12 09:37:02 2020 - debug] sqli.audit(did="zjJYeszK", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:zjJYeszK) [Wed Feb 12 09:37:02 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 80. [Wed Feb 12 09:37:02 2020 - debug] blind_sqli.audit(did="0XWAVibD", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:02 2020 - debug] os_commanding.audit(did="RzNG6Fv5",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.51s to run [Wed Feb 12 09:37:02 2020 - debug] phishing_vector.audit(did="bnV9jLaF", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:bnV9jLaF) [Wed Feb 12 09:37:02 2020 - debug] Finished audit.phishing_vector (did=bnV9jLaF) [Wed Feb 12 09:37:02 2020 - debug] phishing_vector.audit(did="bnV9jLaF",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.00s to run [Wed Feb 12 09:37:02 2020 - debug] GET http://localhost:9090/localhost.tar.gz returned HTTP code "404" (id=763,from_cache=0,grep=1,rtt=0.35,did=2s5v1HUA) [Wed Feb 12 09:37:02 2020 - debug] GET http://localhost:9090/cmd.bak returned HTTP code "404" (id=762,from_cache=0,grep=1,rtt=0.44,did=kS2xJLVe) [Wed Feb 12 09:37:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:02 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 81. [Wed Feb 12 09:37:02 2020 - debug] GET http://localhost:9090/localhost.gzip returned HTTP code "404" (id=764,from_cache=0,grep=1,rtt=0.08,did=3Y3WM5GO) [Wed Feb 12 09:37:02 2020 - debug] GET http://localhost:9090/cmd.original returned HTTP code "404" (id=765,from_cache=0,grep=1,rtt=0.30,did=4srvywby) [Wed Feb 12 09:37:02 2020 - debug] generic.audit(did="GwmXphqg", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:02 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 82. [Wed Feb 12 09:37:02 2020 - debug] sqli.audit(did="zjJYeszK",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.02s to run [Wed Feb 12 09:37:02 2020 - debug] generic.audit(did="GwmXphqg",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.00s to run [Wed Feb 12 09:37:02 2020 - debug] blind_sqli.audit(did="0XWAVibD",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.11s to run [Wed Feb 12 09:37:02 2020 - debug] format_string.audit(did="CWV6c6Mj", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:CWV6c6Mj) [Wed Feb 12 09:37:03 2020 - debug] format_string.audit(did="CWV6c6Mj",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.00s to run [Wed Feb 12 09:37:03 2020 - debug] GET http://localhost:9090/localhost.zip returned HTTP code "404" (id=767,from_cache=0,grep=1,rtt=0.15,did=2de3vtJo) [Wed Feb 12 09:37:03 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 83. [Wed Feb 12 09:37:03 2020 - debug] GET http://localhost:9090/localhost.bzip2 returned HTTP code "404" (id=766,from_cache=0,grep=1,rtt=0.02,did=wkwk2R4J) [Wed Feb 12 09:37:03 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=181 returned HTTP code "200" (id=768,from_cache=0,grep=0,rtt=1.12,did=TEoNj1YF) [Wed Feb 12 09:37:03 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 84. [Wed Feb 12 09:37:03 2020 - debug] websocket_hijacking.audit(did="5oWZocM5", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:03 2020 - debug] shell_shock.audit(did="a5xU0q8J", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:03 2020 - debug] websocket_hijacking.audit(did="5oWZocM5",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.01s to run [Wed Feb 12 09:37:03 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 85. [Wed Feb 12 09:37:03 2020 - debug] memcachei.audit(did="BAcplORZ", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:03 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:BAcplORZ) [Wed Feb 12 09:37:03 2020 - debug] memcachei.audit(did="BAcplORZ",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.00s to run [Wed Feb 12 09:37:03 2020 - debug] GET http://localhost:9090/localhost.rar returned HTTP code "404" (id=769,from_cache=0,grep=1,rtt=0.11,did=JNAkfJVT) [Wed Feb 12 09:37:03 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 86. [Wed Feb 12 09:37:03 2020 - debug] un_ssl.audit(did="cMcFpfBr", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:03 2020 - debug] un_ssl.audit(did="cMcFpfBr",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.00s to run [Wed Feb 12 09:37:03 2020 - debug] ldapi.audit(did="vH2unDri", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:03 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:vH2unDri) [Wed Feb 12 09:37:03 2020 - debug] buffer_overflow.audit(did="WSSkaKpv", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:03 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 87. [Wed Feb 12 09:37:03 2020 - debug] redos.audit(did="olzpUM8h", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:03 2020 - debug] buffer_overflow.audit(did="WSSkaKpv",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.01s to run [Wed Feb 12 09:37:03 2020 - debug] url_fuzzer.discover(did="XsWRvHqM",uri="http://localhost:9090/cmd.jsp") took 4.15s to run [Wed Feb 12 09:37:03 2020 - debug] oracle_discovery.discover(http://localhost:9090/cmd.jsp, did=0tuOUomU) [Wed Feb 12 09:37:03 2020 - debug] [oracle_discovery] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:37:03 2020 - debug] The crawl plugin: "oracle_discovery" wont be run anymore. [Wed Feb 12 09:37:03 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:37:03 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:37:03 2020 - debug] oracle_discovery.discover(did="0tuOUomU",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:37:03 2020 - debug] wsdl_finder.discover(http://localhost:9090/cmd.jsp, did=TTlhJByM) [Wed Feb 12 09:37:03 2020 - debug] ldapi.audit(did="vH2unDri",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.02s to run [Wed Feb 12 09:37:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:03 2020 - debug] redos.audit(did="olzpUM8h",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.04s to run [Wed Feb 12 09:37:03 2020 - debug] global_redirect.audit(did="eMsfVoNj", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:03 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:eMsfVoNj) [Wed Feb 12 09:37:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:03 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:eMsfVoNj) [Wed Feb 12 09:37:03 2020 - debug] xpath.audit(did="dA6pVTKj", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:03 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:dA6pVTKj) [Wed Feb 12 09:37:03 2020 - debug] xpath.audit(did="dA6pVTKj",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.01s to run [Wed Feb 12 09:37:03 2020 - debug] cors_origin.audit(did="m0lZrv4E", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:03 2020 - debug] htaccess_methods.audit(did="JdAvFtLz", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:03 2020 - debug] global_redirect.audit(did="eMsfVoNj",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.06s to run [Wed Feb 12 09:37:03 2020 - debug] [wsdl_finder] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:37:04 2020 - debug] GET http://localhost:9090/learn/vulnerability/ax_csrf returned HTTP code "302" (id=770,from_cache=0,grep=1,rtt=0.13,did=a5xU0q8J) [Wed Feb 12 09:37:04 2020 - debug] dav.audit(did="V7GYbFY8", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:04 2020 - debug] ssi.audit(did="ExodA3e4", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:04 2020 - debug] GET http://localhost:9090/learn/vulnerability/ax_csrf returned HTTP code "302" (id=771,from_cache=0,grep=1,rtt=0.37,did=m0lZrv4E) [Wed Feb 12 09:37:04 2020 - debug] detailed.has_active_session() and detailed.login() [Wed Feb 12 09:37:04 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: IID8ieWF) [Wed Feb 12 09:37:04 2020 - debug] xxe.audit(did="se6h7khT", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:04 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:04 2020 - debug] eval.audit(did="ra1QHMQx", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:04 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:04 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:ra1QHMQx) [Wed Feb 12 09:37:04 2020 - debug] rosetta_flash.audit(did="PiJpI697", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:04 2020 - debug] rosetta_flash.audit(did="PiJpI697",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.00s to run [Wed Feb 12 09:37:04 2020 - debug] xxe.audit(did="se6h7khT",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.18s to run [Wed Feb 12 09:37:04 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=773,from_cache=0,grep=1,rtt=0.06,did=u3gCnSm2) [Wed Feb 12 09:37:04 2020 - debug] xss.audit(did="1Oag7DFz", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:04 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:04 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:04 2020 - debug] Using RLIMIT_AS memory usage limit 2347 MB for new pool process [Wed Feb 12 09:37:04 2020 - debug] eval.audit(did="ra1QHMQx",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.12s to run [Wed Feb 12 09:37:04 2020 - debug] xst.audit(did="J91Xcxs9", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:04 2020 - debug] xss.audit(did="1Oag7DFz",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.07s to run [Wed Feb 12 09:37:04 2020 - debug] GET http://localhost:9090/learn/vulnerability/ax_csrf returned HTTP code "302" (id=772,from_cache=0,grep=1,rtt=0.15,did=ElJkVGud) [Wed Feb 12 09:37:04 2020 - debug] htaccess_methods.audit(did="JdAvFtLz",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.76s to run [Wed Feb 12 09:37:04 2020 - debug] GET http://localhost:9090/learn/vulnerability/ax_csrf returned HTTP code "302" (id=775,from_cache=0,grep=1,rtt=0.07,did=m0lZrv4E) [Wed Feb 12 09:37:04 2020 - debug] cors_origin.audit(did="m0lZrv4E",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.79s to run (0.44s 55% sending HTTP requests) [Wed Feb 12 09:37:04 2020 - debug] GET http://localhost:9090/cmd.jsp?WSDL= returned HTTP code "404" (id=774,from_cache=0,grep=1,rtt=0.15,did=Nn4oxX2r) [Wed Feb 12 09:37:04 2020 - debug] GET http://localhost:9090/cmd.jsp?wsdl= returned HTTP code "404" (id=776,from_cache=0,grep=1,rtt=0.26,did=jRhH8sFB) [Wed Feb 12 09:37:04 2020 - debug] wsdl_finder.discover(did="TTlhJByM",uri="http://localhost:9090/cmd.jsp") took 0.84s to run [Wed Feb 12 09:37:04 2020 - debug] wordpress_enumerate_users.discover(http://localhost:9090/cmd.jsp, did=hkhQuqOu) [Wed Feb 12 09:37:04 2020 - debug] [wordpress_enumerate_users] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:37:04 2020 - debug] ssl_certificate.audit(did="ZUOD0US9", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:04 2020 - debug] ssl_certificate.audit(did="ZUOD0US9",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.00s to run [Wed Feb 12 09:37:04 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:04 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:ExodA3e4) [Wed Feb 12 09:37:04 2020 - debug] xst.audit(did="J91Xcxs9",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.00s to run [Wed Feb 12 09:37:04 2020 - debug] text_file.flush() took 0.00s to run [Wed Feb 12 09:37:05 2020 - debug] PROPFIND http://localhost:9090/learn/vulnerability/ with data: " Select \'D..." returned HTTP code "404" (id=782,from_cache=0,grep=1,rtt=0.24,did=tjiCATaX) [Wed Feb 12 09:37:05 2020 - debug] rfi.audit(did="YRDH0Rk8", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:05 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:05 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:YRDH0Rk8) [Wed Feb 12 09:37:05 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=783,from_cache=0,grep=0,rtt=0.12,did=IID8ieWF) [Wed Feb 12 09:37:06 2020 - debug] [auth.detailed] User "admin" is NOT logged into the application, the `check_string` was not found in the HTTP response with ID 783. (did: IID8ieWF) [Wed Feb 12 09:37:06 2020 - debug] [auth.detailed] Logging into the application with user: admin (did: U8jTKgiW) [Wed Feb 12 09:37:06 2020 - debug] frontpage.audit(did="M4jdZP7M", uri="http://localhost:9090/learn/vulnerability/ax_csrf") [Wed Feb 12 09:37:06 2020 - debug] RFI using local web server for URL: http://localhost:9090/learn/vulnerability/ax_csrf [Wed Feb 12 09:37:06 2020 - debug] frontpage.audit(did="M4jdZP7M",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.06s to run [Wed Feb 12 09:37:06 2020 - debug] GET http://localhost:9090/learn/vulnerability/ax_csrf returned HTTP code "302" (id=784,from_cache=0,grep=0,rtt=0.10,did=a5xU0q8J) [Wed Feb 12 09:37:06 2020 - debug] localhost:9090 connection pool stats (free:52 / in_use:1 / max:50 / total:53) [Wed Feb 12 09:37:06 2020 - debug] Connections with more in use time: (f5adb0c09c70ca09, 0.02 sec) [Wed Feb 12 09:37:06 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 88. [Wed Feb 12 09:37:06 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/ax_csrf" () [Wed Feb 12 09:37:06 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:YRDH0Rk8) [Wed Feb 12 09:37:06 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 89. [Wed Feb 12 09:37:06 2020 - debug] rfi.audit(did="YRDH0Rk8",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 0.21s to run [Wed Feb 12 09:37:06 2020 - debug] GET http://localhost:9090/wp-login.php returned HTTP code "404" (id=786,from_cache=1,grep=1,rtt=0.18,did=By1qTf3l) [Wed Feb 12 09:37:06 2020 - debug] wordpress_enumerate_users.discover(did="hkhQuqOu",uri="http://localhost:9090/cmd.jsp") took 0.58s to run [Wed Feb 12 09:37:06 2020 - debug] GET http://localhost:9090/assets/jquery-3.2.1.min.js returned HTTP code "200" (id=785,from_cache=0,grep=0,rtt=0.02,did=JQnYVYiA) [Wed Feb 12 09:37:06 2020 - debug] file_upload.audit(did="uJcItiWA", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:06 2020 - debug] file_upload.audit(did="uJcItiWA",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.00s to run [Wed Feb 12 09:37:06 2020 - debug] web_diff.discover(http://localhost:9090/cmd.jsp, did=X73IVVeT) [Wed Feb 12 09:37:06 2020 - debug] [web_diff] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:37:06 2020 - debug] The crawl plugin: "web_diff" wont be run anymore. [Wed Feb 12 09:37:06 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:37:06 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:37:06 2020 - debug] web_diff.discover(did="X73IVVeT",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:37:07 2020 - debug] GET http://localhost:9090/learn/vulnerability/ax_csrf returned HTTP code "302" (id=787,from_cache=0,grep=0,rtt=0.30,did=a5xU0q8J) [Wed Feb 12 09:37:07 2020 - debug] Returning fresh average RTT of 0.17 seconds for mutant 4ba0ef4e6ab5fb98ca66ec8d9eb5eaac [Wed Feb 12 09:37:07 2020 - debug] csrf.audit(did="Xtqkxhmu", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:07 2020 - debug] csrf.audit(did="Xtqkxhmu",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.00s to run [Wed Feb 12 09:37:07 2020 - debug] dwsync_xml.discover(http://localhost:9090/cmd.jsp, did=HEzuZVhz) [Wed Feb 12 09:37:07 2020 - debug] [dwsync_xml] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:37:07 2020 - debug] Returning cached average RTT of 0.17 seconds for mutant 4ba0ef4e6ab5fb98ca66ec8d9eb5eaac [Wed Feb 12 09:37:07 2020 - debug] deserialization.audit(did="5bybRsjh", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:07 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:07 2020 - debug] deserialization.audit(did="5bybRsjh",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.00s to run [Wed Feb 12 09:37:07 2020 - debug] dwsync_xml.discover(did="HEzuZVhz",uri="http://localhost:9090/cmd.jsp") took 0.05s to run [Wed Feb 12 09:37:07 2020 - debug] pykto.discover(http://localhost:9090/cmd.jsp, did=GUUfeXO7) [Wed Feb 12 09:37:07 2020 - debug] [pykto] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:37:08 2020 - debug] POST http://localhost:9090/login with data: "username=admin&password=admin" returned HTTP code "302" (id=789,from_cache=0,grep=0,rtt=0.53,did=U8jTKgiW) [Wed Feb 12 09:37:08 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=201 returned HTTP code "200" (id=790,from_cache=0,grep=0,rtt=0.46,did=P8nzPH8O) [Wed Feb 12 09:37:08 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.00 seconds [Wed Feb 12 09:37:08 2020 - debug] os_commanding.audit(did="2VuImwyB", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:08 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:2VuImwyB) [Wed Feb 12 09:37:08 2020 - debug] GET http://localhost:9090/learn/vulnerability/sDLTI returned HTTP code "404" (id=788,from_cache=0,grep=1,rtt=0.22,did=OoBr2Suw) [Wed Feb 12 09:37:08 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: 3wdzzNZx) [Wed Feb 12 09:37:08 2020 - debug] find_captchas.discover(did="aI2rv3vj",uri="http://localhost:9090/cmd.jsp") took 3.44s to run [Wed Feb 12 09:37:08 2020 - debug] wordpress_fullpathdisclosure.discover(http://localhost:9090/cmd.jsp, did=hK6G5i9j) [Wed Feb 12 09:37:08 2020 - debug] [wordpress_fullpathdisclosure] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:37:08 2020 - debug] lfi.audit(did="3L8egRYm", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:08 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:3L8egRYm) [Wed Feb 12 09:37:08 2020 - debug] dav.audit(did="V7GYbFY8",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 1.59s to run [Wed Feb 12 09:37:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:08 2020 - debug] os_commanding.audit(did="2VuImwyB",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.10s to run [Wed Feb 12 09:37:08 2020 - debug] sqli.audit(did="CdyV8Fgj", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:08 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:CdyV8Fgj) [Wed Feb 12 09:37:08 2020 - debug] blind_sqli.audit(did="Ed4leIsU", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:08 2020 - debug] pykto.discover(did="GUUfeXO7",uri="http://localhost:9090/cmd.jsp") took 0.24s to run [Wed Feb 12 09:37:08 2020 - debug] phishtank.discover(http://localhost:9090/cmd.jsp, did=4cD9ayDq) [Wed Feb 12 09:37:08 2020 - debug] [phishtank] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:37:08 2020 - debug] The crawl plugin: "phishtank" wont be run anymore. [Wed Feb 12 09:37:08 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:37:08 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:37:08 2020 - debug] phishtank.discover(did="4cD9ayDq",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:37:08 2020 - debug] lfi.audit(did="3L8egRYm",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.14s to run [Wed Feb 12 09:37:08 2020 - debug] sqli.audit(did="CdyV8Fgj",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.09s to run [Wed Feb 12 09:37:08 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=793,from_cache=0,grep=0,rtt=0.14,did=3wdzzNZx) [Wed Feb 12 09:37:08 2020 - debug] GET http://localhost:9090/learn/vulnerability/ax_csrf returned HTTP code "200" (id=791,from_cache=0,grep=1,rtt=0.12,did=a5xU0q8J) [Wed Feb 12 09:37:08 2020 - debug] [id: 140100582497040] HTTP response delay was 0.12. (lower, expected, upper): 8.00, 8.00, 16.22. [Wed Feb 12 09:37:08 2020 - debug] [did: a5xU0q8J] [id: 140100582497040] Failed to control HTTP response delay for URL http://localhost:9090/learn/vulnerability/ax_csrf - parameter "User-Agent" for 8 seconds using , response wait time was: 0.119121074677 seconds and response ID: 791. [Wed Feb 12 09:37:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:08 2020 - debug] generic.audit(did="vx4xaJ7Y", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:08 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:08 2020 - debug] digit_sum.discover(http://localhost:9090/cmd.jsp, did=8xW5RLLq) [Wed Feb 12 09:37:08 2020 - debug] [digit_sum] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:37:08 2020 - debug] phishing_vector.audit(did="DHbGP62T", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:08 2020 - debug] blind_sqli.audit(did="Ed4leIsU",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.13s to run [Wed Feb 12 09:37:08 2020 - debug] [auth.detailed] User "admin" is currently logged into the application (did: 3wdzzNZx) [Wed Feb 12 09:37:08 2020 - debug] Login success for admin [Wed Feb 12 09:37:08 2020 - debug] detailed._login() took 1.76s to run [Wed Feb 12 09:37:09 2020 - debug] GET http://localhost:9090/learn/vulnerability/ax_csrf returned HTTP code "200" (id=792,from_cache=0,grep=1,rtt=0.15,did=a5xU0q8J) [Wed Feb 12 09:37:09 2020 - debug] [id: 140100583785936] HTTP response delay was 0.15. (lower, expected, upper): 8.00, 8.00, 16.22. [Wed Feb 12 09:37:09 2020 - debug] [did: a5xU0q8J] [id: 140100583785936] Failed to control HTTP response delay for URL http://localhost:9090/learn/vulnerability/ax_csrf - parameter "User-Agent" for 8 seconds using , response wait time was: 0.146822929382 seconds and response ID: 792. [Wed Feb 12 09:37:09 2020 - debug] shell_shock.audit(did="a5xU0q8J",uri="http://localhost:9090/learn/vulnerability/ax_csrf") took 2.42s to run (0.92s 37% sending HTTP requests) [Wed Feb 12 09:37:09 2020 - debug] format_string.audit(did="WynhByBF", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:09 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:09 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:WynhByBF) [Wed Feb 12 09:37:09 2020 - debug] format_string.audit(did="WynhByBF",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.00s to run [Wed Feb 12 09:37:09 2020 - debug] generic.audit(did="vx4xaJ7Y",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.02s to run [Wed Feb 12 09:37:09 2020 - debug] websocket_hijacking.audit(did="YwDNsgbY", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:09 2020 - debug] websocket_hijacking.audit(did="YwDNsgbY",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.00s to run [Wed Feb 12 09:37:09 2020 - debug] shell_shock.audit(did="Nxo90dQW", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:09 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:09 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:DHbGP62T) [Wed Feb 12 09:37:09 2020 - debug] Finished audit.phishing_vector (did=DHbGP62T) [Wed Feb 12 09:37:09 2020 - debug] phishing_vector.audit(did="DHbGP62T",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.03s to run [Wed Feb 12 09:37:09 2020 - debug] memcachei.audit(did="zbEZQKdo", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:09 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:09 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:zbEZQKdo) [Wed Feb 12 09:37:09 2020 - debug] memcachei.audit(did="zbEZQKdo",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.00s to run [Wed Feb 12 09:37:09 2020 - debug] GET http://localhost:9090/wp-login.php returned HTTP code "404" (id=794,from_cache=1,grep=1,rtt=0.18,did=WEveI3wV) [Wed Feb 12 09:37:09 2020 - debug] wordpress_fullpathdisclosure.discover(did="hK6G5i9j",uri="http://localhost:9090/cmd.jsp") took 0.52s to run [Wed Feb 12 09:37:09 2020 - debug] open_api.discover(http://localhost:9090/cmd.jsp, did=4fYp28eE) [Wed Feb 12 09:37:09 2020 - debug] [open_api] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:37:09 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=796,from_cache=0,grep=1,rtt=0.07,did=so2ezsjl) [Wed Feb 12 09:37:09 2020 - debug] un_ssl.audit(did="joj9nBn6", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:09 2020 - debug] un_ssl.audit(did="joj9nBn6",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.00s to run [Wed Feb 12 09:37:09 2020 - debug] ldapi.audit(did="Iu9UhgNr", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:09 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:09 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:Iu9UhgNr) [Wed Feb 12 09:37:09 2020 - debug] ldapi.audit(did="Iu9UhgNr",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.00s to run [Wed Feb 12 09:37:10 2020 - debug] GET http://localhost:9090/assets/jquery-3.2.1.min.js returned HTTP code "200" (id=795,from_cache=0,grep=1,rtt=0.06,did=Nxo90dQW) [Wed Feb 12 09:37:10 2020 - debug] buffer_overflow.audit(did="GI1CjbT3", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:10 2020 - debug] digit_sum.discover(did="8xW5RLLq",uri="http://localhost:9090/cmd.jsp") took 0.28s to run [Wed Feb 12 09:37:10 2020 - debug] dot_ds_store.discover(http://localhost:9090/cmd.jsp, did=V76YGPhm) [Wed Feb 12 09:37:10 2020 - debug] [dot_ds_store] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:37:10 2020 - debug] dot_ds_store.discover(did="V76YGPhm",uri="http://localhost:9090/cmd.jsp") took 0.03s to run [Wed Feb 12 09:37:10 2020 - debug] ghdb.discover(http://localhost:9090/cmd.jsp, did=SG4VJthO) [Wed Feb 12 09:37:10 2020 - debug] [ghdb] Crawling "http://localhost:9090/cmd.jsp" [Wed Feb 12 09:37:10 2020 - debug] The crawl plugin: "ghdb" wont be run anymore. [Wed Feb 12 09:37:10 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:37:10 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:37:10 2020 - debug] ghdb.discover(did="SG4VJthO",uri="http://localhost:9090/cmd.jsp") took 0.00s to run [Wed Feb 12 09:37:10 2020 - debug] server_header.discover(http://localhost:9090/cmd.jspx, did=gqyjyzYM) [Wed Feb 12 09:37:10 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:10 2020 - debug] redos.audit(did="O8aK9tVz", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:10 2020 - debug] global_redirect.audit(did="ZXhE4ob3", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:10 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:10 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:ZXhE4ob3) [Wed Feb 12 09:37:10 2020 - debug] buffer_overflow.audit(did="GI1CjbT3",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.08s to run [Wed Feb 12 09:37:10 2020 - debug] xpath.audit(did="RmA1BUve", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:10 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:10 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:RmA1BUve) [Wed Feb 12 09:37:10 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 90. [Wed Feb 12 09:37:10 2020 - debug] cors_origin.audit(did="atzzIWXv", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:10 2020 - debug] xpath.audit(did="RmA1BUve",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.14s to run [Wed Feb 12 09:37:10 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:10 2020 - debug] redos.audit(did="O8aK9tVz",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.19s to run [Wed Feb 12 09:37:10 2020 - debug] htaccess_methods.audit(did="G79FGirz", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:10 2020 - debug] dav.audit(did="isB0wzxn", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:10 2020 - debug] ssi.audit(did="NZNj74lh", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:10 2020 - debug] xxe.audit(did="vHuRLcWQ", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:10 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:10 2020 - debug] GET http://localhost:9090/cmd.jsp returned HTTP code "404" (id=797,from_cache=0,grep=1,rtt=0.06,did=4fYp28eE) [Wed Feb 12 09:37:10 2020 - debug] open_api.discover(did="4fYp28eE",uri="http://localhost:9090/cmd.jsp") took 0.48s to run (0.06s 12% sending HTTP requests) [Wed Feb 12 09:37:10 2020 - debug] wordpress_fingerprint.discover(http://localhost:9090/cmd.jspx, did=HbwWiHlT) [Wed Feb 12 09:37:10 2020 - debug] [wordpress_fingerprint] Crawling "http://localhost:9090/cmd.jspx" [Wed Feb 12 09:37:10 2020 - debug] eval.audit(did="1iqRULLr", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:10 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:10 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:1iqRULLr) [Wed Feb 12 09:37:10 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:10 2020 - debug] eval.audit(did="1iqRULLr",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.01s to run [Wed Feb 12 09:37:10 2020 - debug] xxe.audit(did="vHuRLcWQ",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.09s to run [Wed Feb 12 09:37:10 2020 - debug] rosetta_flash.audit(did="abGwR1tN", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:10 2020 - debug] rosetta_flash.audit(did="abGwR1tN",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.00s to run [Wed Feb 12 09:37:10 2020 - debug] xss.audit(did="PfpgRz6E", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:10 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:10 2020 - debug] xss.audit(did="PfpgRz6E",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.00s to run [Wed Feb 12 09:37:11 2020 - debug] xst.audit(did="mdlWdrRR", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:11 2020 - debug] xst.audit(did="mdlWdrRR",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.00s to run [Wed Feb 12 09:37:11 2020 - debug] GET http://localhost:9090/assets/jquery-3.2.1.min.js returned HTTP code "200" (id=798,from_cache=0,grep=1,rtt=0.04,did=atzzIWXv) [Wed Feb 12 09:37:11 2020 - debug] GET http://localhost:9090/assets/jquery-3.2.1.min.js returned HTTP code "200" (id=803,from_cache=0,grep=1,rtt=0.31,did=rTzwDTRC) [Wed Feb 12 09:37:11 2020 - debug] htaccess_methods.audit(did="G79FGirz",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.58s to run [Wed Feb 12 09:37:11 2020 - debug] ssl_certificate.audit(did="9u317LVi", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:11 2020 - debug] GET http://localhost:9090/assets/jquery-3.2.1.min.js returned HTTP code "200" (id=799,from_cache=0,grep=0,rtt=0.14,did=Nxo90dQW) [Wed Feb 12 09:37:11 2020 - debug] GET http://localhost:9090/cmd.jspx returned HTTP code "404" (id=801,from_cache=1,grep=1,rtt=0.46,did=sUMGlPDO) [Wed Feb 12 09:37:11 2020 - debug] SEARCH http://localhost:9090/assets/ with data: " Select \'D..." returned HTTP code "404" (id=800,from_cache=0,grep=1,rtt=0.11,did=EBRJWgG7) [Wed Feb 12 09:37:11 2020 - debug] preg_replace.audit(did="HbcFqYuU", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:11 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:12 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:HbcFqYuU) [Wed Feb 12 09:37:12 2020 - debug] mx_injection.audit(did="E2R50nCh", uri="http://localhost:9090/assets/jquery-3.2.1.min.js") [Wed Feb 12 09:37:12 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/jquery-3.2.1.min.js" () [Wed Feb 12 09:37:12 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:E2R50nCh) [Wed Feb 12 09:37:12 2020 - debug] ssl_certificate.audit(did="9u317LVi",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 0.00s to run [Wed Feb 12 09:37:12 2020 - debug] server_header.discover(did="gqyjyzYM",uri="http://localhost:9090/cmd.jspx") took 0.95s to run [Wed Feb 12 09:37:12 2020 - debug] PUT http://localhost:9090/assets/OKeAh with data: "pqKooK" returned HTTP code "404" (id=804,from_cache=0,grep=1,rtt=0.29,did=TecGVCGv) [Wed Feb 12 09:37:12 2020 - debug] PROPFIND http://localhost:9090/assets/ with data: " , response wait time was: 0.0327348709106 seconds and response ID: 814. [Wed Feb 12 09:37:15 2020 - debug] sqli.audit(did="iweMWM06", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:15 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:iweMWM06) [Wed Feb 12 09:37:15 2020 - debug] blind_sqli.audit(did="OWKG6v1q", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:15 2020 - debug] GET http://localhost:9090/assets/jquery-3.2.1.min.js returned HTTP code "200" (id=815,from_cache=0,grep=1,rtt=0.09,did=Nxo90dQW) [Wed Feb 12 09:37:15 2020 - debug] [id: 140100577100240] HTTP response delay was 0.09. (lower, expected, upper): 8.00, 8.00, 16.14. [Wed Feb 12 09:37:15 2020 - debug] [did: Nxo90dQW] [id: 140100577100240] Failed to control HTTP response delay for URL http://localhost:9090/assets/jquery-3.2.1.min.js - parameter "User-Agent" for 8 seconds using , response wait time was: 0.0862109661102 seconds and response ID: 815. [Wed Feb 12 09:37:15 2020 - debug] shell_shock.audit(did="Nxo90dQW",uri="http://localhost:9090/assets/jquery-3.2.1.min.js") took 2.10s to run (0.51s 24% sending HTTP requests) [Wed Feb 12 09:37:15 2020 - debug] sqli.audit(did="iweMWM06",uri="http://localhost:9090/assets/showdown.min.js") took 0.02s to run [Wed Feb 12 09:37:15 2020 - debug] phishing_vector.audit(did="hBXyN0ee", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:15 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:hBXyN0ee) [Wed Feb 12 09:37:15 2020 - debug] Finished audit.phishing_vector (did=hBXyN0ee) [Wed Feb 12 09:37:15 2020 - debug] phishing_vector.audit(did="hBXyN0ee",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:15 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:15 2020 - debug] blind_sqli.audit(did="OWKG6v1q",uri="http://localhost:9090/assets/showdown.min.js") took 0.02s to run [Wed Feb 12 09:37:15 2020 - debug] generic.audit(did="uruDq12g", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:15 2020 - debug] generic.audit(did="uruDq12g",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:15 2020 - debug] format_string.audit(did="khkxUTgb", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:15 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:khkxUTgb) [Wed Feb 12 09:37:15 2020 - debug] format_string.audit(did="khkxUTgb",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:15 2020 - debug] websocket_hijacking.audit(did="95UDJQS2", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] websocket_hijacking.audit(did="95UDJQS2",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:15 2020 - debug] shell_shock.audit(did="APluGi22", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] memcachei.audit(did="CXXMN8rK", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:15 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:CXXMN8rK) [Wed Feb 12 09:37:15 2020 - debug] memcachei.audit(did="CXXMN8rK",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:15 2020 - debug] localhost:9090 connection pool stats (free:53 / in_use:0 / max:50 / total:53) [Wed Feb 12 09:37:15 2020 - debug] There are no connections marked as in use in the connection pool at this time [Wed Feb 12 09:37:15 2020 - debug] un_ssl.audit(did="Zldyzc3B", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] un_ssl.audit(did="Zldyzc3B",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:15 2020 - debug] ldapi.audit(did="8J8rAR0T", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:15 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:8J8rAR0T) [Wed Feb 12 09:37:15 2020 - debug] ldapi.audit(did="8J8rAR0T",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:15 2020 - debug] buffer_overflow.audit(did="UuSwQHeU", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:15 2020 - debug] buffer_overflow.audit(did="UuSwQHeU",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:15 2020 - debug] redos.audit(did="5VDcaRVZ", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:15 2020 - debug] redos.audit(did="5VDcaRVZ",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:15 2020 - debug] global_redirect.audit(did="ZBDOsbBy", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:15 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:15 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:ZBDOsbBy) [Wed Feb 12 09:37:16 2020 - debug] GET http://localhost:9090/assets/showdown.min.js returned HTTP code "200" (id=817,from_cache=0,grep=1,rtt=0.00,did=APluGi22) [Wed Feb 12 09:37:16 2020 - debug] xpath.audit(did="DDOuqWOZ", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:16 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:DDOuqWOZ) [Wed Feb 12 09:37:16 2020 - debug] cors_origin.audit(did="PQ5i1y80", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] htaccess_methods.audit(did="UZ091tKC", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] dav.audit(did="MA6bwHB4", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] ssi.audit(did="B8n7nI3n", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 93. [Wed Feb 12 09:37:16 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=221 returned HTTP code "200" (id=816,from_cache=0,grep=0,rtt=0.64,did=hDpq8sw2) [Wed Feb 12 09:37:16 2020 - debug] dav.audit(did="MA6bwHB4",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:16 2020 - debug] xxe.audit(did="Ktk0E8ho", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:16 2020 - debug] xpath.audit(did="DDOuqWOZ",uri="http://localhost:9090/assets/showdown.min.js") took 0.04s to run [Wed Feb 12 09:37:16 2020 - debug] GET http://localhost:9090/assets/showdown.min.js returned HTTP code "200" (id=818,from_cache=0,grep=1,rtt=0.04,did=PQ5i1y80) [Wed Feb 12 09:37:16 2020 - debug] xxe.audit(did="Ktk0E8ho",uri="http://localhost:9090/assets/showdown.min.js") took 0.05s to run [Wed Feb 12 09:37:16 2020 - debug] eval.audit(did="qWIkPfvn", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:16 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:qWIkPfvn) [Wed Feb 12 09:37:16 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:16 2020 - debug] rosetta_flash.audit(did="DUgmJfqJ", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] rosetta_flash.audit(did="DUgmJfqJ",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:16 2020 - debug] GET http://localhost:9090/assets/showdown.min.js returned HTTP code "200" (id=820,from_cache=0,grep=1,rtt=0.04,did=uJgaBFqD) [Wed Feb 12 09:37:16 2020 - debug] xss.audit(did="3RkSSuwi", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:16 2020 - debug] xss.audit(did="3RkSSuwi",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:16 2020 - debug] eval.audit(did="qWIkPfvn",uri="http://localhost:9090/assets/showdown.min.js") took 0.01s to run [Wed Feb 12 09:37:16 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:16 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:B8n7nI3n) [Wed Feb 12 09:37:16 2020 - debug] htaccess_methods.audit(did="UZ091tKC",uri="http://localhost:9090/assets/showdown.min.js") took 0.18s to run [Wed Feb 12 09:37:16 2020 - debug] GET http://localhost:9090/assets/showdown.min.js returned HTTP code "200" (id=819,from_cache=0,grep=0,rtt=0.04,did=APluGi22) [Wed Feb 12 09:37:16 2020 - debug] ssi.audit(did="B8n7nI3n",uri="http://localhost:9090/assets/showdown.min.js") took 0.17s to run [Wed Feb 12 09:37:16 2020 - debug] xst.audit(did="fag3ecXQ", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] xst.audit(did="fag3ecXQ",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:16 2020 - debug] ssl_certificate.audit(did="wcxVCN36", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] ssl_certificate.audit(did="wcxVCN36",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:16 2020 - debug] preg_replace.audit(did="XphTGZj7", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:16 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:XphTGZj7) [Wed Feb 12 09:37:16 2020 - debug] mx_injection.audit(did="gvFI85bC", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:16 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:16 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:gvFI85bC) [Wed Feb 12 09:37:16 2020 - debug] mx_injection.audit(did="gvFI85bC",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:16 2020 - debug] preg_replace.audit(did="XphTGZj7",uri="http://localhost:9090/assets/showdown.min.js") took 0.00s to run [Wed Feb 12 09:37:17 2020 - debug] GET http://localhost:9090/assets/showdown.min.js returned HTTP code "200" (id=821,from_cache=0,grep=1,rtt=0.04,did=PQ5i1y80) [Wed Feb 12 09:37:17 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 397, 'reject-seen-url': 140, 'reject-out-of-scope': 9, 'accept': 129} [Wed Feb 12 09:37:17 2020 - debug] cors_origin.audit(did="PQ5i1y80",uri="http://localhost:9090/assets/showdown.min.js") took 0.28s to run (0.08s 30% sending HTTP requests) [Wed Feb 12 09:37:17 2020 - debug] response_splitting.audit(did="p7Y72JDx", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:17 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:17 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:p7Y72JDx) [Wed Feb 12 09:37:17 2020 - debug] response_splitting.audit(did="p7Y72JDx",uri="http://localhost:9090/assets/showdown.min.js") took 0.03s to run [Wed Feb 12 09:37:17 2020 - debug] global_redirect.audit(did="ZBDOsbBy",uri="http://localhost:9090/assets/showdown.min.js") took 0.40s to run [Wed Feb 12 09:37:17 2020 - debug] rfd.audit(did="phQLOuCM", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:17 2020 - debug] rfi.audit(did="M55wo6Th", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:17 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:17 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:M55wo6Th) [Wed Feb 12 09:37:17 2020 - debug] GET http://localhost:9090/assets/showdown.min.js returned HTTP code "200" (id=822,from_cache=0,grep=0,rtt=0.04,did=APluGi22) [Wed Feb 12 09:37:17 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js%3B/w3af.cmd%3B/w3af.cmd" () [Wed Feb 12 09:37:17 2020 - debug] rfd.audit(did="phQLOuCM",uri="http://localhost:9090/assets/showdown.min.js") took 0.04s to run [Wed Feb 12 09:37:17 2020 - debug] RFI using local web server for URL: http://localhost:9090/assets/showdown.min.js [Wed Feb 12 09:37:17 2020 - debug] frontpage.audit(did="HY1I447j", uri="http://localhost:9090/assets/showdown.min.js") [Wed Feb 12 09:37:17 2020 - debug] frontpage.audit(did="HY1I447j",uri="http://localhost:9090/assets/showdown.min.js") took 0.01s to run [Wed Feb 12 09:37:17 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/showdown.min.js" () [Wed Feb 12 09:37:17 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:M55wo6Th) [Wed Feb 12 09:37:17 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=823,from_cache=0,grep=0,rtt=0.03,did=hQie6hnm) [Wed Feb 12 09:37:17 2020 - debug] rfi.audit(did="M55wo6Th",uri="http://localhost:9090/assets/showdown.min.js") took 0.21s to run [Wed Feb 12 09:37:17 2020 - debug] GET http://localhost:9090/assets/showdown.min.js returned HTTP code "200" (id=824,from_cache=0,grep=0,rtt=0.05,did=APluGi22) [Wed Feb 12 09:37:17 2020 - debug] Returning cached average RTT of 0.04 seconds for mutant 2462d839018f4e3bb4d09404533da62e [Wed Feb 12 09:37:17 2020 - debug] Increased the worker pool size to 32 (error rate: 0%) [Wed Feb 12 09:37:17 2020 - debug] file_upload.audit(did="0ZV1ZCKO", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:17 2020 - debug] file_upload.audit(did="0ZV1ZCKO",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.00s to run [Wed Feb 12 09:37:17 2020 - debug] Returning fresh average RTT of 0.04 seconds for mutant 2462d839018f4e3bb4d09404533da62e [Wed Feb 12 09:37:17 2020 - debug] csrf.audit(did="DkJxomcp", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:17 2020 - debug] csrf.audit(did="DkJxomcp",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.02s to run [Wed Feb 12 09:37:17 2020 - debug] deserialization.audit(did="Yl6YPEus", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:17 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:17 2020 - debug] deserialization.audit(did="Yl6YPEus",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.00s to run [Wed Feb 12 09:37:17 2020 - debug] os_commanding.audit(did="tfpQbu3l", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:17 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:17 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:17 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:tfpQbu3l) [Wed Feb 12 09:37:17 2020 - debug] lfi.audit(did="vfa57BT2", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:17 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:17 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:vfa57BT2) [Wed Feb 12 09:37:17 2020 - debug] lfi.audit(did="vfa57BT2",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.00s to run [Wed Feb 12 09:37:17 2020 - debug] GET http://localhost:9090/assets/showdown.min.js returned HTTP code "200" (id=826,from_cache=0,grep=1,rtt=0.05,did=APluGi22) [Wed Feb 12 09:37:17 2020 - debug] [id: 140100568858576] HTTP response delay was 0.05. (lower, expected, upper): 8.00, 8.00, 16.06. [Wed Feb 12 09:37:17 2020 - debug] [did: APluGi22] [id: 140100568858576] Failed to control HTTP response delay for URL http://localhost:9090/assets/showdown.min.js - parameter "User-Agent" for 8 seconds using , response wait time was: 0.0539979934692 seconds and response ID: 826. [Wed Feb 12 09:37:17 2020 - debug] GET http://localhost:9090/assets/showdown.min.js returned HTTP code "200" (id=825,from_cache=0,grep=1,rtt=0.04,did=APluGi22) [Wed Feb 12 09:37:17 2020 - debug] [id: 140100570332688] HTTP response delay was 0.04. (lower, expected, upper): 8.00, 8.00, 16.06. [Wed Feb 12 09:37:17 2020 - debug] [did: APluGi22] [id: 140100570332688] Failed to control HTTP response delay for URL http://localhost:9090/assets/showdown.min.js - parameter "User-Agent" for 8 seconds using , response wait time was: 0.0365121364594 seconds and response ID: 825. [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] shell_shock.audit(did="APluGi22",uri="http://localhost:9090/assets/showdown.min.js") took 0.95s to run (0.23s 23% sending HTTP requests) [Wed Feb 12 09:37:18 2020 - debug] sqli.audit(did="sRwherUq", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:sRwherUq) [Wed Feb 12 09:37:18 2020 - debug] os_commanding.audit(did="tfpQbu3l",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.06s to run [Wed Feb 12 09:37:18 2020 - debug] sqli.audit(did="sRwherUq",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.02s to run [Wed Feb 12 09:37:18 2020 - debug] blind_sqli.audit(did="EGL5gOV6", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] phishing_vector.audit(did="xCnCG3XH", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:xCnCG3XH) [Wed Feb 12 09:37:18 2020 - debug] generic.audit(did="mjtnkcbT", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] generic.audit(did="mjtnkcbT",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.00s to run [Wed Feb 12 09:37:18 2020 - debug] blind_sqli.audit(did="EGL5gOV6",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.03s to run [Wed Feb 12 09:37:18 2020 - debug] Finished audit.phishing_vector (did=xCnCG3XH) [Wed Feb 12 09:37:18 2020 - debug] phishing_vector.audit(did="xCnCG3XH",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.01s to run [Wed Feb 12 09:37:18 2020 - debug] format_string.audit(did="CZAC1EQ0", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:CZAC1EQ0) [Wed Feb 12 09:37:18 2020 - debug] websocket_hijacking.audit(did="pIKV1pKA", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] format_string.audit(did="CZAC1EQ0",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.02s to run [Wed Feb 12 09:37:18 2020 - debug] shell_shock.audit(did="y8xtzSWj", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] websocket_hijacking.audit(did="pIKV1pKA",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.02s to run [Wed Feb 12 09:37:18 2020 - debug] memcachei.audit(did="IUnxYnzC", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:IUnxYnzC) [Wed Feb 12 09:37:18 2020 - debug] un_ssl.audit(did="QKis5oEA", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] un_ssl.audit(did="QKis5oEA",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.00s to run [Wed Feb 12 09:37:18 2020 - debug] memcachei.audit(did="IUnxYnzC",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.01s to run [Wed Feb 12 09:37:18 2020 - debug] ldapi.audit(did="ZccGTv8T", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:ZccGTv8T) [Wed Feb 12 09:37:18 2020 - debug] ldapi.audit(did="ZccGTv8T",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.01s to run [Wed Feb 12 09:37:18 2020 - debug] buffer_overflow.audit(did="033AIVB7", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] buffer_overflow.audit(did="033AIVB7",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.01s to run [Wed Feb 12 09:37:18 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=231 returned HTTP code "200" (id=827,from_cache=0,grep=0,rtt=0.64,did=Fzmkfu0N) [Wed Feb 12 09:37:18 2020 - debug] redos.audit(did="luZLmuU1", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] global_redirect.audit(did="pHrK41GF", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:pHrK41GF) [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] GET http://localhost:9090/logout returned HTTP code "302" (id=700,from_cache=0,grep=0,rtt=0.05,did=wOOxq3c0) [Wed Feb 12 09:37:18 2020 - debug] xpath.audit(did="sNQRVJsK", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:18 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:sNQRVJsK) [Wed Feb 12 09:37:18 2020 - debug] redos.audit(did="luZLmuU1",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.39s to run [Wed Feb 12 09:37:18 2020 - debug] cors_origin.audit(did="bWKbvTtG", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:18 2020 - debug] xpath.audit(did="sNQRVJsK",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.05s to run [Wed Feb 12 09:37:18 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=828,from_cache=0,grep=1,rtt=0.07,did=y8xtzSWj) [Wed Feb 12 09:37:18 2020 - debug] GET http://localhost:9090/logout returned HTTP code "302" (id=829,from_cache=0,grep=0,rtt=0.10,did=wOOxq3c0) [Wed Feb 12 09:37:19 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "302" (id=831,from_cache=0,grep=1,rtt=0.09,did=bWKbvTtG) [Wed Feb 12 09:37:19 2020 - debug] Returning fresh average RTT of 0.08 seconds for mutant 35432e4cda8529cafa0aa4cd31e6d165 [Wed Feb 12 09:37:19 2020 - debug] Returning cached average RTT of 0.08 seconds for mutant 35432e4cda8529cafa0aa4cd31e6d165 [Wed Feb 12 09:37:19 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 94. [Wed Feb 12 09:37:19 2020 - debug] htaccess_methods.audit(did="MgsM0pzb", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] dav.audit(did="d4k66Xqe", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] GET http://web.archive.org/web/*/http:/localhost:9090/cmd.jspx returned HTTP code "200" (id=830,from_cache=0,grep=1,rtt=2.03,did=Ah5ueCyf) [Wed Feb 12 09:37:19 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.00 seconds [Wed Feb 12 09:37:19 2020 - debug] ssi.audit(did="6u4fol6f", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] dav.audit(did="d4k66Xqe",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.00s to run [Wed Feb 12 09:37:19 2020 - debug] xxe.audit(did="9ihPOql2", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:19 2020 - debug] GET http://localhost:9090/logout returned HTTP code "302" (id=833,from_cache=0,grep=1,rtt=0.24,did=wOOxq3c0) [Wed Feb 12 09:37:19 2020 - debug] [id: 140100619783248] HTTP response delay was 0.24. (lower, expected, upper): 8.00, 8.00, 16.10. [Wed Feb 12 09:37:19 2020 - debug] [did: wOOxq3c0] [id: 140100619783248] Failed to control HTTP response delay for URL http://localhost:9090/logout - parameter "User-Agent" for 8 seconds using , response wait time was: 0.235062122345 seconds and response ID: 833. [Wed Feb 12 09:37:19 2020 - debug] eval.audit(did="BtkaVw03", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] global_redirect.audit(did="pHrK41GF",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.84s to run [Wed Feb 12 09:37:19 2020 - debug] GET http://localhost:9090/logout returned HTTP code "302" (id=832,from_cache=0,grep=1,rtt=0.18,did=wOOxq3c0) [Wed Feb 12 09:37:19 2020 - debug] [id: 140100595801104] HTTP response delay was 0.18. (lower, expected, upper): 8.00, 8.00, 16.10. [Wed Feb 12 09:37:19 2020 - debug] [did: wOOxq3c0] [id: 140100595801104] Failed to control HTTP response delay for URL http://localhost:9090/logout - parameter "User-Agent" for 8 seconds using , response wait time was: 0.181262016296 seconds and response ID: 832. [Wed Feb 12 09:37:19 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:19 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:BtkaVw03) [Wed Feb 12 09:37:19 2020 - debug] rosetta_flash.audit(did="fAnfPt9F", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] rosetta_flash.audit(did="fAnfPt9F",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.00s to run [Wed Feb 12 09:37:19 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:19 2020 - debug] xss.audit(did="mmpY2qsV", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:19 2020 - debug] xss.audit(did="mmpY2qsV",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.00s to run [Wed Feb 12 09:37:19 2020 - debug] xxe.audit(did="9ihPOql2",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.11s to run [Wed Feb 12 09:37:19 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "302" (id=834,from_cache=0,grep=1,rtt=0.25,did=bWKbvTtG) [Wed Feb 12 09:37:19 2020 - debug] cors_origin.audit(did="bWKbvTtG",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.53s to run (0.34s 64% sending HTTP requests) [Wed Feb 12 09:37:19 2020 - debug] shell_shock.audit(did="wOOxq3c0",uri="http://localhost:9090/logout") took 10.67s to run (0.73s 6% sending HTTP requests) [Wed Feb 12 09:37:19 2020 - debug] eval.audit(did="BtkaVw03",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.12s to run [Wed Feb 12 09:37:19 2020 - debug] xst.audit(did="L0VcRp0I", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] ssl_certificate.audit(did="dXQ3gp26", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] ssl_certificate.audit(did="dXQ3gp26",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.00s to run [Wed Feb 12 09:37:19 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:19 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:6u4fol6f) [Wed Feb 12 09:37:19 2020 - debug] xst.audit(did="L0VcRp0I",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.00s to run [Wed Feb 12 09:37:19 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "302" (id=835,from_cache=0,grep=0,rtt=0.08,did=y8xtzSWj) [Wed Feb 12 09:37:19 2020 - debug] ssi.audit(did="6u4fol6f",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.38s to run [Wed Feb 12 09:37:19 2020 - debug] preg_replace.audit(did="dIS2xU2Z", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:19 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:dIS2xU2Z) [Wed Feb 12 09:37:19 2020 - debug] mx_injection.audit(did="g1DRlFXX", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:19 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:g1DRlFXX) [Wed Feb 12 09:37:19 2020 - debug] GET http://web.archive.org/web/*/http:/localhost:9090/cmd.jspx returned HTTP code "200" (id=836,from_cache=1,grep=1,rtt=2.03,did=D5VhQwtx) [Wed Feb 12 09:37:19 2020 - debug] Archive.org did not find any pages. [Wed Feb 12 09:37:19 2020 - debug] archive_dot_org.discover(did="3zrJDM78",uri="http://localhost:9090/cmd.jspx") took 2.67s to run [Wed Feb 12 09:37:19 2020 - debug] user_dir.discover(http://localhost:9090/cmd.jspx, did=yQyiULHR) [Wed Feb 12 09:37:19 2020 - debug] [user_dir] Crawling "http://localhost:9090/cmd.jspx" [Wed Feb 12 09:37:19 2020 - debug] The crawl plugin: "user_dir" wont be run anymore. [Wed Feb 12 09:37:19 2020 - debug] response_splitting.audit(did="7CDwCVKQ", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:19 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:7CDwCVKQ) [Wed Feb 12 09:37:19 2020 - debug] preg_replace.audit(did="dIS2xU2Z",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.04s to run [Wed Feb 12 09:37:19 2020 - debug] mx_injection.audit(did="g1DRlFXX",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.03s to run [Wed Feb 12 09:37:19 2020 - debug] response_splitting.audit(did="7CDwCVKQ",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.01s to run [Wed Feb 12 09:37:19 2020 - debug] rfd.audit(did="5Va1g6So", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] URL "http://localhost:9090/learn/vulnerability/a1_injection" is not vulnerable to RFD because response content-type is "text/html" and content-disposition header is missing, response id 823 [Wed Feb 12 09:37:19 2020 - debug] rfd.audit(did="5Va1g6So",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.00s to run [Wed Feb 12 09:37:19 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "302" (id=838,from_cache=0,grep=0,rtt=0.09,did=y8xtzSWj) [Wed Feb 12 09:37:19 2020 - debug] rfi.audit(did="bBjvZGyB", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:19 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:19 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:bBjvZGyB) [Wed Feb 12 09:37:19 2020 - debug] RFI using local web server for URL: http://localhost:9090/learn/vulnerability/a1_injection [Wed Feb 12 09:37:20 2020 - debug] frontpage.audit(did="sljTzWoC", uri="http://localhost:9090/learn/vulnerability/a1_injection") [Wed Feb 12 09:37:20 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:37:20 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:37:20 2020 - debug] user_dir.discover(did="yQyiULHR",uri="http://localhost:9090/cmd.jspx") took 0.14s to run [Wed Feb 12 09:37:20 2020 - debug] sitemap_xml.discover(http://localhost:9090/cmd.jspx, did=jCmohXgL) [Wed Feb 12 09:37:20 2020 - debug] [sitemap_xml] Crawling "http://localhost:9090/cmd.jspx" [Wed Feb 12 09:37:20 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=839,from_cache=1,grep=1,rtt=0.01,did=zGWtqKTp) [Wed Feb 12 09:37:20 2020 - debug] frontpage.audit(did="sljTzWoC",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.03s to run [Wed Feb 12 09:37:20 2020 - debug] The crawl plugin: "sitemap_xml" wont be run anymore. [Wed Feb 12 09:37:20 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:37:20 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:37:20 2020 - debug] sitemap_xml.discover(did="jCmohXgL",uri="http://localhost:9090/cmd.jspx") took 0.03s to run [Wed Feb 12 09:37:20 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=241 returned HTTP code "200" (id=837,from_cache=0,grep=0,rtt=0.61,did=9JrO3m5a) [Wed Feb 12 09:37:20 2020 - debug] dir_file_bruter.discover(http://localhost:9090/cmd.jspx, did=k3mFIOhV) [Wed Feb 12 09:37:20 2020 - debug] [dir_file_bruter] Crawling "http://localhost:9090/cmd.jspx" [Wed Feb 12 09:37:20 2020 - debug] The crawl plugin: "dir_file_bruter" wont be run anymore. [Wed Feb 12 09:37:20 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:37:20 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:37:20 2020 - debug] htaccess_methods.audit(did="MgsM0pzb",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.70s to run [Wed Feb 12 09:37:20 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a1_injection" () [Wed Feb 12 09:37:20 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:bBjvZGyB) [Wed Feb 12 09:37:20 2020 - debug] rfi.audit(did="bBjvZGyB",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 0.23s to run [Wed Feb 12 09:37:20 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "302" (id=840,from_cache=0,grep=0,rtt=0.02,did=y8xtzSWj) [Wed Feb 12 09:37:20 2020 - debug] dir_file_bruter.discover(did="k3mFIOhV",uri="http://localhost:9090/cmd.jspx") took 0.00s to run [Wed Feb 12 09:37:20 2020 - debug] phpinfo.discover(http://localhost:9090/cmd.jspx, did=7nMrZxOy) [Wed Feb 12 09:37:20 2020 - debug] [phpinfo] Crawling "http://localhost:9090/cmd.jspx" [Wed Feb 12 09:37:20 2020 - debug] phpinfo.discover(did="7nMrZxOy",uri="http://localhost:9090/cmd.jspx") took 0.00s to run [Wed Feb 12 09:37:20 2020 - debug] find_dvcs.discover(http://localhost:9090/cmd.jspx, did=aCl8Wdm0) [Wed Feb 12 09:37:20 2020 - debug] [find_dvcs] Crawling "http://localhost:9090/cmd.jspx" [Wed Feb 12 09:37:20 2020 - debug] Returning fresh average RTT of 0.06 seconds for mutant 8df71523b2606c98fde2e5921b045cfe [Wed Feb 12 09:37:20 2020 - debug] Returning cached average RTT of 0.06 seconds for mutant 8df71523b2606c98fde2e5921b045cfe [Wed Feb 12 09:37:20 2020 - debug] find_dvcs.discover(did="aCl8Wdm0",uri="http://localhost:9090/cmd.jspx") took 0.04s to run [Wed Feb 12 09:37:20 2020 - debug] import_results.discover(http://localhost:9090/cmd.jspx, did=Rgub33wI) [Wed Feb 12 09:37:20 2020 - debug] [import_results] Crawling "http://localhost:9090/cmd.jspx" [Wed Feb 12 09:37:20 2020 - debug] GET http://localhost:9090/assets/fa/css/font-awesome.min.css returned HTTP code "200" (id=841,from_cache=0,grep=0,rtt=0.08,did=LkIx1b62) [Wed Feb 12 09:37:20 2020 - debug] file_upload.audit(did="MLrWM2iq", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:20 2020 - debug] file_upload.audit(did="MLrWM2iq",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.00s to run [Wed Feb 12 09:37:21 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "302" (id=842,from_cache=0,grep=1,rtt=0.02,did=y8xtzSWj) [Wed Feb 12 09:37:21 2020 - debug] The crawl plugin: "import_results" wont be run anymore. [Wed Feb 12 09:37:21 2020 - debug] Starting CrawlInfra consumer _teardown() with 0 plugins [Wed Feb 12 09:37:21 2020 - debug] Finished CrawlInfra consumer _teardown() [Wed Feb 12 09:37:21 2020 - debug] import_results.discover(did="Rgub33wI",uri="http://localhost:9090/cmd.jspx") took 0.08s to run [Wed Feb 12 09:37:21 2020 - debug] payment_webhook_finder.discover(http://localhost:9090/cmd.jspx, did=vxUqJJpP) [Wed Feb 12 09:37:21 2020 - debug] [payment_webhook_finder] Crawling "http://localhost:9090/cmd.jspx" [Wed Feb 12 09:37:21 2020 - debug] csrf.audit(did="sxluUV6z", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:21 2020 - debug] csrf.audit(did="sxluUV6z",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.00s to run [Wed Feb 12 09:37:21 2020 - debug] deserialization.audit(did="R8HZjycF", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:21 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "302" (id=843,from_cache=0,grep=1,rtt=0.03,did=y8xtzSWj) [Wed Feb 12 09:37:21 2020 - debug] [id: 140100623489872] HTTP response delay was 0.03. (lower, expected, upper): 8.00, 8.00, 16.08. [Wed Feb 12 09:37:21 2020 - debug] os_commanding.audit(did="V87TXFFk", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:V87TXFFk) [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] os_commanding.audit(did="V87TXFFk",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.00s to run [Wed Feb 12 09:37:21 2020 - debug] [id: 140100553254480] HTTP response delay was 0.02. (lower, expected, upper): 8.00, 8.00, 16.08. [Wed Feb 12 09:37:21 2020 - debug] [did: y8xtzSWj] [id: 140100553254480] Failed to control HTTP response delay for URL http://localhost:9090/learn/vulnerability/a1_injection - parameter "User-Agent" for 8 seconds using , response wait time was: 0.0214171409607 seconds and response ID: 842. [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] deserialization.audit(did="R8HZjycF",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.04s to run [Wed Feb 12 09:37:21 2020 - debug] [did: y8xtzSWj] [id: 140100623489872] Failed to control HTTP response delay for URL http://localhost:9090/learn/vulnerability/a1_injection - parameter "User-Agent" for 8 seconds using , response wait time was: 0.027801990509 seconds and response ID: 843. [Wed Feb 12 09:37:21 2020 - debug] shell_shock.audit(did="y8xtzSWj",uri="http://localhost:9090/learn/vulnerability/a1_injection") took 1.80s to run (0.31s 17% sending HTTP requests) [Wed Feb 12 09:37:21 2020 - debug] lfi.audit(did="m38m8eGA", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:m38m8eGA) [Wed Feb 12 09:37:21 2020 - debug] sqli.audit(did="9ZFrFWDQ", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:9ZFrFWDQ) [Wed Feb 12 09:37:21 2020 - debug] detailed.has_active_session() and detailed.login() [Wed Feb 12 09:37:21 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: T4rViA0V) [Wed Feb 12 09:37:21 2020 - debug] localhost:9090 connection pool stats (free:53 / in_use:0 / max:50 / total:53) [Wed Feb 12 09:37:21 2020 - debug] There are no connections marked as in use in the connection pool at this time [Wed Feb 12 09:37:21 2020 - debug] lfi.audit(did="m38m8eGA",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.06s to run [Wed Feb 12 09:37:21 2020 - debug] blind_sqli.audit(did="qUMr3Jxp", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] sqli.audit(did="9ZFrFWDQ",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.02s to run [Wed Feb 12 09:37:21 2020 - debug] phishing_vector.audit(did="7LN10Oc0", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:7LN10Oc0) [Wed Feb 12 09:37:21 2020 - debug] Finished audit.phishing_vector (did=7LN10Oc0) [Wed Feb 12 09:37:21 2020 - debug] phishing_vector.audit(did="7LN10Oc0",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.00s to run [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] generic.audit(did="uUVAOSgX", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] blind_sqli.audit(did="qUMr3Jxp",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.05s to run [Wed Feb 12 09:37:21 2020 - debug] format_string.audit(did="ymq1sw7s", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:ymq1sw7s) [Wed Feb 12 09:37:21 2020 - debug] format_string.audit(did="ymq1sw7s",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.01s to run [Wed Feb 12 09:37:21 2020 - debug] generic.audit(did="uUVAOSgX",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.05s to run [Wed Feb 12 09:37:21 2020 - debug] websocket_hijacking.audit(did="fSm2o8zv", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:21 2020 - debug] shell_shock.audit(did="LlW5EkqZ", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:21 2020 - debug] websocket_hijacking.audit(did="fSm2o8zv",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.04s to run [Wed Feb 12 09:37:21 2020 - debug] memcachei.audit(did="mXvfDy7l", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:21 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:21 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:mXvfDy7l) [Wed Feb 12 09:37:21 2020 - debug] memcachei.audit(did="mXvfDy7l",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.01s to run [Wed Feb 12 09:37:22 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=845,from_cache=0,grep=0,rtt=0.16,did=T4rViA0V) [Wed Feb 12 09:37:22 2020 - debug] [auth.detailed] User "admin" is NOT logged into the application, the `check_string` was not found in the HTTP response with ID 845. (did: T4rViA0V) [Wed Feb 12 09:37:22 2020 - debug] [auth.detailed] Logging into the application with user: admin (did: 0zVJeVwK) [Wed Feb 12 09:37:22 2020 - debug] un_ssl.audit(did="2gVQO1dy", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:22 2020 - debug] un_ssl.audit(did="2gVQO1dy",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.00s to run [Wed Feb 12 09:37:22 2020 - debug] ldapi.audit(did="ScHPErC8", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:22 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:22 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:ScHPErC8) [Wed Feb 12 09:37:22 2020 - debug] GET http://localhost:9090/assets/fa/css/font-awesome.min.css returned HTTP code "200" (id=846,from_cache=0,grep=1,rtt=0.03,did=LlW5EkqZ) [Wed Feb 12 09:37:22 2020 - debug] buffer_overflow.audit(did="Mwrl0ZoD", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:22 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:22 2020 - debug] ldapi.audit(did="ScHPErC8",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.01s to run [Wed Feb 12 09:37:22 2020 - debug] redos.audit(did="IWuqb3yl", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:22 2020 - debug] global_redirect.audit(did="Fc4TCgps", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:22 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:22 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:Fc4TCgps) [Wed Feb 12 09:37:22 2020 - debug] buffer_overflow.audit(did="Mwrl0ZoD",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.02s to run [Wed Feb 12 09:37:22 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:22 2020 - debug] xpath.audit(did="O1dCiXuE", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:22 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:22 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:O1dCiXuE) [Wed Feb 12 09:37:22 2020 - debug] cors_origin.audit(did="PT3595wx", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:22 2020 - debug] redos.audit(did="IWuqb3yl",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.14s to run [Wed Feb 12 09:37:22 2020 - debug] xpath.audit(did="O1dCiXuE",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.07s to run [Wed Feb 12 09:37:22 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 95. [Wed Feb 12 09:37:22 2020 - debug] htaccess_methods.audit(did="MJdpWhVA", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:22 2020 - debug] dav.audit(did="qpeUerWS", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:22 2020 - debug] localhost:9090 connection pool stats (free:38 / in_use:14 / max:50 / total:52) [Wed Feb 12 09:37:22 2020 - debug] Connections with more in use time: (a5419411797e137e, 0.17 sec) (f5adb0c09c70ca09, 0.16 sec) (450aace75c9d8a42, 0.12 sec) (955b76b517b2a7f0, 0.10 sec) (ff9acc2bc4ba5606, 0.09 sec) [Wed Feb 12 09:37:22 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=251 returned HTTP code "200" (id=847,from_cache=0,grep=0,rtt=0.87,did=udnB6dMg) [Wed Feb 12 09:37:22 2020 - debug] ssi.audit(did="5HoV4k56", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:22 2020 - debug] xxe.audit(did="pG3uHFiq", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:22 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:22 2020 - debug] eval.audit(did="6NUlKkVY", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:22 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:22 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:6NUlKkVY) [Wed Feb 12 09:37:22 2020 - debug] POST http://localhost:9090/login with data: "username=admin&password=admin" returned HTTP code "302" (id=848,from_cache=0,grep=0,rtt=0.33,did=0zVJeVwK) [Wed Feb 12 09:37:22 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: z7WsWSAG) [Wed Feb 12 09:37:22 2020 - debug] xxe.audit(did="pG3uHFiq",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.14s to run [Wed Feb 12 09:37:22 2020 - debug] GET http://localhost:9090/assets/fa/css/font-awesome.min.css returned HTTP code "200" (id=849,from_cache=0,grep=1,rtt=0.11,did=PT3595wx) [Wed Feb 12 09:37:22 2020 - debug] POST http://localhost:9090/servlet/paymentcomplete returned HTTP code "404" (id=850,from_cache=0,grep=1,rtt=0.25,did=89wQNMW4) [Wed Feb 12 09:37:23 2020 - debug] POST http://localhost:9090/servlet/finished returned HTTP code "404" (id=852,from_cache=0,grep=1,rtt=0.39,did=iAlhwgn2) [Wed Feb 12 09:37:23 2020 - debug] POST http://localhost:9090/includes/validpay returned HTTP code "404" (id=854,from_cache=0,grep=1,rtt=0.44,did=H8ZwC3lQ) [Wed Feb 12 09:37:23 2020 - debug] POST http://localhost:9090/includes/transactioncomplete returned HTTP code "404" (id=855,from_cache=0,grep=1,rtt=0.22,did=vz3XTGwb) [Wed Feb 12 09:37:23 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:23 2020 - debug] rosetta_flash.audit(did="L2gIJ3cJ", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:23 2020 - debug] rosetta_flash.audit(did="L2gIJ3cJ",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.00s to run [Wed Feb 12 09:37:23 2020 - debug] GET http://localhost:9090/assets/fa/css/font-awesome.min.css returned HTTP code "200" (id=857,from_cache=1,grep=1,rtt=0.11,did=6oTPPGR0) [Wed Feb 12 09:37:23 2020 - debug] htaccess_methods.audit(did="MJdpWhVA",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.69s to run [Wed Feb 12 09:37:23 2020 - debug] POST http://localhost:9090/includes/completepayment.php4 returned HTTP code "404" (id=859,from_cache=0,grep=1,rtt=0.38,did=A9mcd5SY) [Wed Feb 12 09:37:23 2020 - debug] eval.audit(did="6NUlKkVY",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.40s to run [Wed Feb 12 09:37:23 2020 - debug] POST http://localhost:9090/module/successful returned HTTP code "404" (id=856,from_cache=0,grep=1,rtt=0.23,did=IzPjKUVf) [Wed Feb 12 09:37:23 2020 - debug] POST http://localhost:9090/module/paymentsuccessful returned HTTP code "404" (id=853,from_cache=0,grep=1,rtt=0.36,did=A7eNDNMY) [Wed Feb 12 09:37:23 2020 - debug] POST http://localhost:9090/modules/validation.php4 returned HTTP code "404" (id=851,from_cache=0,grep=1,rtt=0.21,did=iZBifpzs) [Wed Feb 12 09:37:23 2020 - debug] xss.audit(did="degtofRS", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:23 2020 - debug] POST http://localhost:9090/inc/success returned HTTP code "404" (id=861,from_cache=0,grep=1,rtt=0.38,did=auVcPyNT) [Wed Feb 12 09:37:23 2020 - debug] POST http://localhost:9090/modules/validatepay returned HTTP code "404" (id=863,from_cache=0,grep=1,rtt=0.51,did=iuU0W933) [Wed Feb 12 09:37:23 2020 - debug] POST http://localhost:9090/module/paymentsuccess returned HTTP code "404" (id=865,from_cache=0,grep=1,rtt=0.25,did=SSS1TtRZ) [Wed Feb 12 09:37:24 2020 - debug] POST http://localhost:9090/servlet/validation returned HTTP code "404" (id=869,from_cache=0,grep=1,rtt=0.55,did=jJuhfYop) [Wed Feb 12 09:37:24 2020 - debug] POST http://localhost:9090/modules/trxcomplete returned HTTP code "404" (id=870,from_cache=0,grep=1,rtt=0.58,did=rMkI1uZo) [Wed Feb 12 09:37:24 2020 - debug] POST http://localhost:9090/module/completepay.php4 returned HTTP code "404" (id=871,from_cache=0,grep=1,rtt=0.59,did=RTDn2CYX) [Wed Feb 12 09:37:24 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 96. [Wed Feb 12 09:37:24 2020 - debug] POST http://localhost:9090/inc/paid.php4 returned HTTP code "404" (id=873,from_cache=0,grep=1,rtt=0.66,did=tuemeNeP) [Wed Feb 12 09:37:24 2020 - debug] POST http://localhost:9090/modules/validatepayment.php4 returned HTTP code "404" (id=860,from_cache=0,grep=1,rtt=0.26,did=FklVa1nU) [Wed Feb 12 09:37:24 2020 - debug] POST http://localhost:9090/modules/finished.php4 returned HTTP code "404" (id=876,from_cache=0,grep=1,rtt=0.39,did=WyX23pZL) [Wed Feb 12 09:37:24 2020 - debug] POST http://localhost:9090/inc/validpay.php4 returned HTTP code "404" (id=878,from_cache=0,grep=1,rtt=0.58,did=rLsp423B) [Wed Feb 12 09:37:25 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=881,from_cache=0,grep=0,rtt=0.34,did=z7WsWSAG) [Wed Feb 12 09:37:25 2020 - debug] POST http://localhost:9090/includes/pay.php4 returned HTTP code "404" (id=883,from_cache=0,grep=1,rtt=0.64,did=wySWjTKY) [Wed Feb 12 09:37:25 2020 - debug] POST http://localhost:9090/inc/return returned HTTP code "404" (id=872,from_cache=0,grep=1,rtt=0.54,did=71ucqb5f) [Wed Feb 12 09:37:25 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:25 2020 - debug] POST http://localhost:9090/modules/complete returned HTTP code "404" (id=866,from_cache=0,grep=1,rtt=0.37,did=qSyhzO4b) [Wed Feb 12 09:37:25 2020 - debug] POST http://localhost:9090/servlet/return.php4 returned HTTP code "404" (id=862,from_cache=0,grep=1,rtt=0.48,did=8OoCgpn8) [Wed Feb 12 09:37:25 2020 - debug] POST http://localhost:9090/module/final.php4 returned HTTP code "404" (id=864,from_cache=0,grep=1,rtt=0.55,did=lSY5nQyl) [Wed Feb 12 09:37:25 2020 - debug] GET http://localhost:9090/assets/fa/css/font-awesome.min.css returned HTTP code "200" (id=884,from_cache=0,grep=1,rtt=0.09,did=PT3595wx) [Wed Feb 12 09:37:25 2020 - debug] xst.audit(did="KnxlPPjg", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:25 2020 - debug] POST http://localhost:9090/servlet/success.php4 returned HTTP code "404" (id=858,from_cache=0,grep=1,rtt=0.23,did=F1KLB4To) [Wed Feb 12 09:37:25 2020 - debug] POST http://localhost:9090/servlet/validatepayment returned HTTP code "404" (id=867,from_cache=0,grep=1,rtt=0.47,did=XF5qwF8b) [Wed Feb 12 09:37:25 2020 - debug] POST http://localhost:9090/inc/valid returned HTTP code "404" (id=868,from_cache=0,grep=1,rtt=0.36,did=KycQksyG) [Wed Feb 12 09:37:25 2020 - debug] ssl_certificate.audit(did="HUGBYeI2", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:25 2020 - debug] POST http://localhost:9090/modules/paymentcomplete.php4 returned HTTP code "404" (id=882,from_cache=0,grep=1,rtt=0.28,did=Em9NRmaK) [Wed Feb 12 09:37:25 2020 - debug] POST http://localhost:9090/includes/paid returned HTTP code "404" (id=877,from_cache=0,grep=1,rtt=0.72,did=7nLbRgmJ) [Wed Feb 12 09:37:25 2020 - debug] preg_replace.audit(did="3MJiKD05", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:25 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:25 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:3MJiKD05) [Wed Feb 12 09:37:25 2020 - debug] POST http://localhost:9090/includes/payment.php4 returned HTTP code "404" (id=874,from_cache=0,grep=1,rtt=0.52,did=VrunigMl) [Wed Feb 12 09:37:25 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:25 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:5HoV4k56) [Wed Feb 12 09:37:26 2020 - debug] POST http://localhost:9090/inc/transactioncomplete.php4 returned HTTP code "404" (id=879,from_cache=0,grep=1,rtt=0.16,did=0Dljhccn) [Wed Feb 12 09:37:26 2020 - debug] [auth.detailed] User "admin" is currently logged into the application (did: z7WsWSAG) [Wed Feb 12 09:37:26 2020 - debug] Login success for admin [Wed Feb 12 09:37:26 2020 - debug] detailed._login() took 1.89s to run [Wed Feb 12 09:37:26 2020 - debug] xss.audit(did="degtofRS",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.10s to run [Wed Feb 12 09:37:26 2020 - debug] global_redirect.audit(did="Fc4TCgps",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 1.33s to run [Wed Feb 12 09:37:26 2020 - debug] xst.audit(did="KnxlPPjg",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.01s to run [Wed Feb 12 09:37:26 2020 - debug] POST http://localhost:9090/module/validate.php4 returned HTTP code "404" (id=875,from_cache=0,grep=1,rtt=0.41,did=HVSOu6Ax) [Wed Feb 12 09:37:26 2020 - debug] ssl_certificate.audit(did="HUGBYeI2",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.00s to run [Wed Feb 12 09:37:26 2020 - debug] cors_origin.audit(did="PT3595wx",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 1.41s to run (0.20s 14% sending HTTP requests) [Wed Feb 12 09:37:26 2020 - debug] mx_injection.audit(did="R2AkX7UE", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:26 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:26 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:R2AkX7UE) [Wed Feb 12 09:37:26 2020 - debug] preg_replace.audit(did="3MJiKD05",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.06s to run [Wed Feb 12 09:37:26 2020 - debug] ssi.audit(did="5HoV4k56",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.98s to run [Wed Feb 12 09:37:26 2020 - debug] POST http://localhost:9090/servlet/valid.php4 returned HTTP code "404" (id=880,from_cache=0,grep=1,rtt=0.60,did=GudV3z0M) [Wed Feb 12 09:37:26 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.20 seconds [Wed Feb 12 09:37:26 2020 - debug] mx_injection.audit(did="R2AkX7UE",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.05s to run [Wed Feb 12 09:37:26 2020 - debug] response_splitting.audit(did="c2jEgNdu", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:26 2020 - debug] rfd.audit(did="fGxzAW6r", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:26 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css%3B/w3af.cmd%3B/w3af.cmd" () [Wed Feb 12 09:37:26 2020 - debug] rfd.audit(did="fGxzAW6r",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.00s to run [Wed Feb 12 09:37:26 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:26 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:c2jEgNdu) [Wed Feb 12 09:37:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 97. [Wed Feb 12 09:37:26 2020 - debug] rfi.audit(did="9thcazxY", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:26 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:26 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:9thcazxY) [Wed Feb 12 09:37:26 2020 - debug] frontpage.audit(did="rE0Dfczm", uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") [Wed Feb 12 09:37:26 2020 - debug] response_splitting.audit(did="c2jEgNdu",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.26s to run [Wed Feb 12 09:37:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 98. [Wed Feb 12 09:37:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 99. [Wed Feb 12 09:37:26 2020 - debug] frontpage.audit(did="rE0Dfczm",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.06s to run [Wed Feb 12 09:37:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 100. [Wed Feb 12 09:37:26 2020 - debug] RFI using local web server for URL: http://localhost:9090/assets/fa/css/font-awesome.min.css [Wed Feb 12 09:37:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 101. [Wed Feb 12 09:37:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 102. [Wed Feb 12 09:37:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 103. [Wed Feb 12 09:37:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 104. [Wed Feb 12 09:37:26 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 105. [Wed Feb 12 09:37:26 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/assets/fa/css/font-awesome.min.css" () [Wed Feb 12 09:37:26 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:9thcazxY) [Wed Feb 12 09:37:26 2020 - debug] rfi.audit(did="9thcazxY",uri="http://localhost:9090/assets/fa/css/font-awesome.min.css") took 0.38s to run [Wed Feb 12 09:37:26 2020 - debug] GET http://localhost:9090/module/paymentsuccessful returned HTTP code "404" (id=885,from_cache=0,grep=1,rtt=0.15,did=nho8toVz) [Wed Feb 12 09:37:27 2020 - debug] GET http://localhost:9090/servlet/paymentcomplete returned HTTP code "404" (id=886,from_cache=0,grep=1,rtt=0.11,did=DWtmuLzs) [Wed Feb 12 09:37:27 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 419, 'reject-seen-url': 154, 'reject-out-of-scope': 11, 'accept': 141} [Wed Feb 12 09:37:27 2020 - debug] localhost:9090 connection pool stats (free:51 / in_use:2 / max:50 / total:53) [Wed Feb 12 09:37:27 2020 - debug] Connections with more in use time: (a5419411797e137e, 0.06 sec) (20c6fb7a85d275d0, 0.04 sec) [Wed Feb 12 09:37:27 2020 - debug] GET http://localhost:9090/servlet/validation returned HTTP code "404" (id=889,from_cache=0,grep=1,rtt=0.16,did=6dWlXNVE) [Wed Feb 12 09:37:27 2020 - debug] GET http://localhost:9090/includes/validpay returned HTTP code "404" (id=891,from_cache=0,grep=1,rtt=0.14,did=h9QmS6hJ) [Wed Feb 12 09:37:27 2020 - debug] GET http://localhost:9090/modules/validatepayment.php4 returned HTTP code "404" (id=888,from_cache=0,grep=1,rtt=0.05,did=qvQYRMDm) [Wed Feb 12 09:37:28 2020 - debug] GET http://localhost:9090/servlet/success.php4 returned HTTP code "404" (id=893,from_cache=0,grep=1,rtt=0.04,did=gvb9vGDs) [Wed Feb 12 09:37:28 2020 - debug] GET http://localhost:9090/servlet/finished returned HTTP code "404" (id=890,from_cache=0,grep=1,rtt=0.13,did=FJsYsOY9) [Wed Feb 12 09:37:28 2020 - debug] GET http://localhost:9090/learn/vulnerability/a8_ides returned HTTP code "200" (id=894,from_cache=0,grep=0,rtt=0.21,did=zT12801r) [Wed Feb 12 09:37:28 2020 - debug] GET http://localhost:9090/module/successful returned HTTP code "404" (id=887,from_cache=0,grep=1,rtt=0.17,did=UXuM7wNI) [Wed Feb 12 09:37:28 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=261 returned HTTP code "200" (id=892,from_cache=0,grep=0,rtt=0.65,did=dE5gb8aj) [Wed Feb 12 09:37:28 2020 - debug] file_upload.audit(did="5OSUC1t4", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:28 2020 - debug] file_upload.audit(did="5OSUC1t4",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.00s to run [Wed Feb 12 09:37:28 2020 - debug] localhost:9090 connection pool stats (free:40 / in_use:13 / max:50 / total:53) [Wed Feb 12 09:37:28 2020 - debug] Connections with more in use time: (a5419411797e137e, 0.60 sec) (20c6fb7a85d275d0, 0.27 sec) (33cedecc203f8322, 0.22 sec) (7e2427f5d8fccdb1, 0.21 sec) (450aace75c9d8a42, 0.19 sec) [Wed Feb 12 09:37:28 2020 - debug] GET http://localhost:9090/includes/pay.php4 returned HTTP code "404" (id=897,from_cache=0,grep=1,rtt=0.22,did=VMb7rLb4) [Wed Feb 12 09:37:29 2020 - debug] GET http://localhost:9090/servlet/return.php4 returned HTTP code "404" (id=902,from_cache=0,grep=1,rtt=0.29,did=oTLjDHPm) [Wed Feb 12 09:37:29 2020 - debug] GET http://localhost:9090/servlet/valid.php4 returned HTTP code "404" (id=903,from_cache=0,grep=1,rtt=0.22,did=FGWGmEIl) [Wed Feb 12 09:37:29 2020 - debug] GET http://localhost:9090/includes/completepayment.php4 returned HTTP code "404" (id=904,from_cache=0,grep=1,rtt=0.28,did=C9tmNWzd) [Wed Feb 12 09:37:29 2020 - debug] GET http://localhost:9090/module/completepay.php4 returned HTTP code "404" (id=906,from_cache=0,grep=1,rtt=0.66,did=xIODtfr6) [Wed Feb 12 09:37:29 2020 - debug] GET http://localhost:9090/module/final.php4 returned HTTP code "404" (id=896,from_cache=0,grep=1,rtt=0.19,did=hO7Gdalj) [Wed Feb 12 09:37:29 2020 - debug] GET http://localhost:9090/modules/paymentcomplete.php4 returned HTTP code "404" (id=895,from_cache=0,grep=1,rtt=0.27,did=VzFwifb2) [Wed Feb 12 09:37:29 2020 - debug] csrf.audit(did="g6aoXRsS", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:29 2020 - debug] csrf.audit(did="g6aoXRsS",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.00s to run [Wed Feb 12 09:37:29 2020 - debug] GET http://localhost:9090/modules/complete returned HTTP code "404" (id=905,from_cache=0,grep=1,rtt=0.11,did=s7SIAsjH) [Wed Feb 12 09:37:29 2020 - debug] GET http://localhost:9090/inc/paid.php4 returned HTTP code "404" (id=901,from_cache=0,grep=1,rtt=0.12,did=ynFNfpva) [Wed Feb 12 09:37:29 2020 - debug] GET http://localhost:9090/modules/validatepay returned HTTP code "404" (id=910,from_cache=0,grep=1,rtt=0.37,did=Rb9wQVoO) [Wed Feb 12 09:37:29 2020 - debug] GET http://localhost:9090/inc/valid returned HTTP code "404" (id=911,from_cache=0,grep=1,rtt=0.34,did=s73dIrIq) [Wed Feb 12 09:37:30 2020 - debug] GET http://localhost:9090/servlet/validatepayment returned HTTP code "404" (id=914,from_cache=0,grep=1,rtt=0.27,did=I4cTUEqk) [Wed Feb 12 09:37:30 2020 - debug] GET http://localhost:9090/inc/success returned HTTP code "404" (id=916,from_cache=0,grep=1,rtt=0.32,did=41m6u6As) [Wed Feb 12 09:37:30 2020 - debug] GET http://localhost:9090/module/validate.php4 returned HTTP code "404" (id=917,from_cache=0,grep=1,rtt=0.24,did=0xxZTwtB) [Wed Feb 12 09:37:30 2020 - debug] GET http://localhost:9090/module/paymentsuccess returned HTTP code "404" (id=920,from_cache=0,grep=1,rtt=0.11,did=0tc4WR8x) [Wed Feb 12 09:37:31 2020 - debug] GET http://localhost:9090/includes/payment.php4 returned HTTP code "404" (id=919,from_cache=0,grep=1,rtt=0.16,did=YJNhUeOw) [Wed Feb 12 09:37:31 2020 - debug] GET http://localhost:9090/includes/transactioncomplete returned HTTP code "404" (id=899,from_cache=0,grep=1,rtt=0.36,did=UOHb8QiI) [Wed Feb 12 09:37:31 2020 - debug] POST http://localhost:9090/module/paymentsuccessful.cgi returned HTTP code "404" (id=913,from_cache=0,grep=1,rtt=0.35,did=J9flC0QW) [Wed Feb 12 09:37:31 2020 - debug] GET http://localhost:9090/inc/validpay.php4 returned HTTP code "404" (id=915,from_cache=0,grep=1,rtt=0.23,did=41meGWPx) [Wed Feb 12 09:37:31 2020 - debug] GET http://localhost:9090/modules/validation.php4 returned HTTP code "404" (id=912,from_cache=0,grep=1,rtt=0.09,did=HR6sXVkZ) [Wed Feb 12 09:37:31 2020 - debug] GET http://localhost:9090/modules/finished.php4 returned HTTP code "404" (id=909,from_cache=0,grep=1,rtt=0.15,did=idqXdkqm) [Wed Feb 12 09:37:31 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 419, 'reject-seen-url': 179, 'reject-out-of-scope': 11, 'accept': 141} [Wed Feb 12 09:37:31 2020 - debug] GET http://localhost:9090/inc/transactioncomplete.php4 returned HTTP code "404" (id=923,from_cache=0,grep=1,rtt=0.16,did=yjAr8MAy) [Wed Feb 12 09:37:31 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 419, 'reject-seen-url': 179, 'reject-out-of-scope': 11, 'accept': 141} [Wed Feb 12 09:37:31 2020 - debug] POST http://localhost:9090/servlet/validation.cgi returned HTTP code "404" (id=922,from_cache=0,grep=1,rtt=0.19,did=yFGl5zQf) [Wed Feb 12 09:37:31 2020 - debug] POST http://localhost:9090/modules/validatepayment.php5 returned HTTP code "404" (id=918,from_cache=0,grep=1,rtt=0.27,did=b1COAl6P) [Wed Feb 12 09:37:31 2020 - debug] GET http://localhost:9090/inc/return returned HTTP code "404" (id=898,from_cache=0,grep=1,rtt=0.18,did=E5XjPWA1) [Wed Feb 12 09:37:32 2020 - debug] POST http://localhost:9090/servlet/success.php5 returned HTTP code "404" (id=924,from_cache=0,grep=1,rtt=0.16,did=XT57kvst) [Wed Feb 12 09:37:32 2020 - debug] POST http://localhost:9090/includes/pay.php5 returned HTTP code "404" (id=925,from_cache=0,grep=1,rtt=0.22,did=AfeBL6wo) [Wed Feb 12 09:37:32 2020 - debug] deserialization.audit(did="5XmMnkox", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:32 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:32 2020 - debug] GET http://localhost:9090/includes/paid returned HTTP code "404" (id=907,from_cache=0,grep=1,rtt=0.21,did=IuAE3lfZ) [Wed Feb 12 09:37:32 2020 - debug] POST http://localhost:9090/includes/validpay.cgi returned HTTP code "404" (id=921,from_cache=0,grep=1,rtt=0.21,did=e5l1UNTe) [Wed Feb 12 09:37:32 2020 - debug] GET http://localhost:9090/modules/trxcomplete returned HTTP code "404" (id=908,from_cache=0,grep=1,rtt=0.09,did=b7vJrdbl) [Wed Feb 12 09:37:32 2020 - debug] os_commanding.audit(did="9iVFw6I2", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:32 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:32 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:32 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:9iVFw6I2) [Wed Feb 12 09:37:32 2020 - debug] POST http://localhost:9090/module/successful.cgi returned HTTP code "404" (id=927,from_cache=0,grep=1,rtt=0.23,did=LrYRrKJ5) [Wed Feb 12 09:37:32 2020 - debug] POST http://localhost:9090/servlet/finished.cgi returned HTTP code "404" (id=926,from_cache=0,grep=1,rtt=0.16,did=NjM5iDqN) [Wed Feb 12 09:37:32 2020 - debug] POST http://localhost:9090/module/completepay.php5 returned HTTP code "404" (id=928,from_cache=0,grep=1,rtt=0.09,did=D7fYaq9e) [Wed Feb 12 09:37:32 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:32 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:32 2020 - debug] lfi.audit(did="0xqHwXgc", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:32 2020 - debug] deserialization.audit(did="5XmMnkox",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.34s to run [Wed Feb 12 09:37:32 2020 - debug] localhost:9090 connection pool stats (free:43 / in_use:10 / max:50 / total:53) [Wed Feb 12 09:37:32 2020 - debug] Connections with more in use time: (20c6fb7a85d275d0, 0.33 sec) (a5419411797e137e, 0.32 sec) (ff37903b27d7f8f9, 0.26 sec) (f5adb0c09c70ca09, 0.20 sec) (450aace75c9d8a42, 0.17 sec) [Wed Feb 12 09:37:32 2020 - debug] sqli.audit(did="d85rLqWq", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:32 2020 - debug] os_commanding.audit(did="9iVFw6I2",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.37s to run [Wed Feb 12 09:37:32 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 106. [Wed Feb 12 09:37:32 2020 - debug] blind_sqli.audit(did="qoCQsbrc", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:32 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:32 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:32 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:0xqHwXgc) [Wed Feb 12 09:37:32 2020 - debug] POST http://localhost:9090/servlet/valid.php5 returned HTTP code "404" (id=929,from_cache=0,grep=1,rtt=0.21,did=T3IkeSNN) [Wed Feb 12 09:37:32 2020 - debug] phishing_vector.audit(did="r6sv1VXD", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:33 2020 - debug] POST http://localhost:9090/includes/payment.php5 returned HTTP code "404" (id=931,from_cache=0,grep=1,rtt=0.21,did=GfJitEYH) [Wed Feb 12 09:37:33 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:33 2020 - debug] lfi.audit(did="0xqHwXgc",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.39s to run [Wed Feb 12 09:37:33 2020 - debug] generic.audit(did="QazDcfqD", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:33 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:33 2020 - debug] generic.audit(did="QazDcfqD",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.00s to run [Wed Feb 12 09:37:33 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:33 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:d85rLqWq) [Wed Feb 12 09:37:33 2020 - debug] POST http://localhost:9090/inc/paid.php5 returned HTTP code "404" (id=934,from_cache=0,grep=1,rtt=0.24,did=wbzwpJ4P) [Wed Feb 12 09:37:33 2020 - debug] format_string.audit(did="sOsv8VLX", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:33 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:33 2020 - debug] POST http://localhost:9090/modules/validation.php5 returned HTTP code "404" (id=930,from_cache=0,grep=1,rtt=0.16,did=hjdukqMM) [Wed Feb 12 09:37:34 2020 - debug] POST http://localhost:9090/module/paymentsuccess.cgi returned HTTP code "404" (id=933,from_cache=0,grep=1,rtt=0.23,did=5wWs9hpX) [Wed Feb 12 09:37:34 2020 - debug] POST http://localhost:9090/modules/validatepay.cgi returned HTTP code "404" (id=932,from_cache=0,grep=1,rtt=0.06,did=xhtkmeb2) [Wed Feb 12 09:37:34 2020 - debug] POST http://localhost:9090/servlet/validatepayment.cgi returned HTTP code "404" (id=936,from_cache=0,grep=1,rtt=0.29,did=O97CU4KL) [Wed Feb 12 09:37:34 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 107. [Wed Feb 12 09:37:34 2020 - debug] websocket_hijacking.audit(did="nz9lZWs3", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:34 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:34 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:r6sv1VXD) [Wed Feb 12 09:37:34 2020 - debug] POST http://localhost:9090/modules/trxcomplete.cgi returned HTTP code "404" (id=935,from_cache=0,grep=1,rtt=0.12,did=KPTvMxDh) [Wed Feb 12 09:37:34 2020 - debug] shell_shock.audit(did="p4D19NCw", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:34 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:sOsv8VLX) [Wed Feb 12 09:37:34 2020 - debug] blind_sqli.audit(did="qoCQsbrc",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.49s to run [Wed Feb 12 09:37:34 2020 - debug] memcachei.audit(did="WSMKWrtB", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:34 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:34 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:WSMKWrtB) [Wed Feb 12 09:37:34 2020 - debug] POST http://localhost:9090/module/validate.php5 returned HTTP code "404" (id=938,from_cache=0,grep=1,rtt=0.39,did=dtUGtAAs) [Wed Feb 12 09:37:34 2020 - debug] POST http://localhost:9090/includes/completepayment.php5 returned HTTP code "404" (id=940,from_cache=0,grep=1,rtt=0.50,did=YjcF6LAb) [Wed Feb 12 09:37:34 2020 - debug] POST http://localhost:9090/includes/transactioncomplete.cgi returned HTTP code "404" (id=947,from_cache=0,grep=1,rtt=0.09,did=v8tcOqmg) [Wed Feb 12 09:37:34 2020 - debug] POST http://localhost:9090/modules/paymentcomplete.php5 returned HTTP code "404" (id=948,from_cache=0,grep=1,rtt=0.56,did=hD6Re34l) [Wed Feb 12 09:37:34 2020 - debug] sqli.audit(did="d85rLqWq",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.76s to run [Wed Feb 12 09:37:34 2020 - debug] Updating socket timeout for localhost from 3.20 to 3.00 seconds [Wed Feb 12 09:37:35 2020 - debug] POST http://localhost:9090/inc/transactioncomplete.php5 returned HTTP code "404" (id=945,from_cache=0,grep=1,rtt=0.26,did=ACv2Q7Yb) [Wed Feb 12 09:37:35 2020 - debug] POST http://localhost:9090/modules/complete.cgi returned HTTP code "404" (id=937,from_cache=0,grep=1,rtt=0.21,did=7tycKlvH) [Wed Feb 12 09:37:35 2020 - debug] POST http://localhost:9090/inc/valid.cgi returned HTTP code "404" (id=941,from_cache=0,grep=1,rtt=0.40,did=fms5o8xI) [Wed Feb 12 09:37:35 2020 - debug] GET http://localhost:9090/includes/pay.php5 returned HTTP code "404" (id=951,from_cache=0,grep=1,rtt=0.16,did=3DyvFauW) [Wed Feb 12 09:37:35 2020 - debug] Finished audit.phishing_vector (did=r6sv1VXD) [Wed Feb 12 09:37:35 2020 - debug] phishing_vector.audit(did="r6sv1VXD",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.34s to run [Wed Feb 12 09:37:35 2020 - debug] POST http://localhost:9090/module/final.php5 returned HTTP code "404" (id=946,from_cache=0,grep=1,rtt=0.53,did=iYAzgWJo) [Wed Feb 12 09:37:35 2020 - debug] POST http://localhost:9090/includes/paid.cgi returned HTTP code "404" (id=944,from_cache=0,grep=1,rtt=0.12,did=PHVmoZua) [Wed Feb 12 09:37:35 2020 - debug] POST http://localhost:9090/servlet/return.php5 returned HTTP code "404" (id=939,from_cache=0,grep=1,rtt=0.14,did=1BipdhGL) [Wed Feb 12 09:37:35 2020 - debug] POST http://localhost:9090/modules/finished.php5 returned HTTP code "404" (id=942,from_cache=0,grep=1,rtt=0.57,did=lKJPRK3T) [Wed Feb 12 09:37:35 2020 - debug] POST http://localhost:9090/inc/return.cgi returned HTTP code "404" (id=950,from_cache=0,grep=1,rtt=0.29,did=FnP4cGc8) [Wed Feb 12 09:37:35 2020 - debug] format_string.audit(did="sOsv8VLX",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.29s to run [Wed Feb 12 09:37:35 2020 - debug] POST http://localhost:9090/inc/success.cgi returned HTTP code "404" (id=943,from_cache=0,grep=1,rtt=0.12,did=psIIba8B) [Wed Feb 12 09:37:35 2020 - debug] memcachei.audit(did="WSMKWrtB",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.15s to run [Wed Feb 12 09:37:35 2020 - debug] un_ssl.audit(did="rl6AcVeu", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:35 2020 - debug] un_ssl.audit(did="rl6AcVeu",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.00s to run [Wed Feb 12 09:37:35 2020 - debug] GET http://localhost:9090/module/successful.cgi returned HTTP code "404" (id=952,from_cache=0,grep=1,rtt=0.03,did=suQtXlz7) [Wed Feb 12 09:37:36 2020 - debug] websocket_hijacking.audit(did="nz9lZWs3",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.30s to run [Wed Feb 12 09:37:36 2020 - debug] POST http://localhost:9090/inc/validpay.php5 returned HTTP code "404" (id=949,from_cache=0,grep=1,rtt=0.30,did=86HOX2dj) [Wed Feb 12 09:37:36 2020 - debug] ldapi.audit(did="y1T7o7lF", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:36 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:36 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:y1T7o7lF) [Wed Feb 12 09:37:36 2020 - debug] buffer_overflow.audit(did="BQ70mqVQ", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:36 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:36 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 108. [Wed Feb 12 09:37:36 2020 - debug] ldapi.audit(did="y1T7o7lF",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.11s to run [Wed Feb 12 09:37:36 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 109. [Wed Feb 12 09:37:36 2020 - debug] redos.audit(did="gKd3pXny", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:36 2020 - debug] buffer_overflow.audit(did="BQ70mqVQ",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.15s to run [Wed Feb 12 09:37:36 2020 - debug] GET http://localhost:9090/servlet/finished.cgi returned HTTP code "404" (id=953,from_cache=0,grep=1,rtt=0.17,did=22EQq0Wv) [Wed Feb 12 09:37:36 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 110. [Wed Feb 12 09:37:36 2020 - debug] global_redirect.audit(did="Q70SyQOL", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:36 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:36 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:Q70SyQOL) [Wed Feb 12 09:37:36 2020 - debug] xpath.audit(did="fQQuB4bH", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:36 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:36 2020 - debug] htaccess_methods.audit(did="bs0HYETQ", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:36 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:36 2020 - debug] localhost:9090 connection pool stats (free:47 / in_use:6 / max:50 / total:53) [Wed Feb 12 09:37:36 2020 - debug] Connections with more in use time: (f5adb0c09c70ca09, 0.35 sec) (955b76b517b2a7f0, 0.32 sec) (084f56a9dda1c119, 0.21 sec) (a5419411797e137e, 0.20 sec) (ff9acc2bc4ba5606, 0.15 sec) [Wed Feb 12 09:37:36 2020 - debug] GET http://localhost:9090/servlet/valid.php5 returned HTTP code "404" (id=954,from_cache=0,grep=1,rtt=0.05,did=3k6fDpUX) [Wed Feb 12 09:37:36 2020 - debug] GET http://localhost:9090/modules/paymentcomplete.php5 returned HTTP code "404" (id=957,from_cache=0,grep=1,rtt=0.07,did=TE14jYqo) [Wed Feb 12 09:37:36 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 111. [Wed Feb 12 09:37:36 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:fQQuB4bH) [Wed Feb 12 09:37:36 2020 - debug] xpath.audit(did="fQQuB4bH",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.19s to run [Wed Feb 12 09:37:36 2020 - debug] cors_origin.audit(did="Lkxgff2R", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:36 2020 - debug] dav.audit(did="8S5nvBM0", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:36 2020 - debug] dav.audit(did="8S5nvBM0",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.00s to run [Wed Feb 12 09:37:36 2020 - debug] redos.audit(did="gKd3pXny",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.44s to run [Wed Feb 12 09:37:36 2020 - debug] GET http://localhost:9090/servlet/validatepayment.cgi returned HTTP code "404" (id=955,from_cache=0,grep=1,rtt=0.19,did=Uh4UmmLY) [Wed Feb 12 09:37:36 2020 - debug] POST http://localhost:9090/includes/pay.php returned HTTP code "404" (id=956,from_cache=0,grep=1,rtt=0.21,did=Xp95ljZW) [Wed Feb 12 09:37:36 2020 - debug] GET http://localhost:9090/inc/transactioncomplete.php5 returned HTTP code "404" (id=959,from_cache=0,grep=1,rtt=0.10,did=6tDzxNw3) [Wed Feb 12 09:37:36 2020 - debug] ssi.audit(did="eyuAyGDh", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:36 2020 - debug] GET http://localhost:9090/modules/finished.php5 returned HTTP code "404" (id=958,from_cache=0,grep=1,rtt=0.25,did=vNNDaajo) [Wed Feb 12 09:37:36 2020 - debug] There is a corrupt signature in the GHDB. No query string was found in the following XML code: "791https://www.exploit-db.com/ghdb/791/Various Online Devicessome of the sites are very, very interesting - try a search substituting site:gov instead of site:com, or try site:edu or site:org or site:fm. Anyway, camera servers made by Axis Video, you can look up administrator manuals online via the following search string (guess what you might find there?):site:com inurl:axis video server manualsCan you say default UID and PW?What\'s really interesting is if you look hard enough; you can find cameras within government and educational labs; airport surveillance; even some stretches of I65 in the US (for those of you close to the Ohio River area).Anyway this search string gets you into the server; from there you can have many controls or few controls over the cameras (including zoom, pan, and iris). There is much to see and most of the cameras have easy acccess to admin profile via click of a button - of course from there you have to provide a UID & PW. But read up on the manuals any you may get lucky.Bottom line, if you can control the camera (via admin priv.) you can control what and when the camera & server view as well as what & when they record. Just a small seed for a possibly big idea - your ambitions may vary.Rate it! Give me feedback! I will not learn without some form of criticism...yet despite how insignificant that criticism may make me feel...i enjoy the search for the unseen/unknown knowledge nonetheless...it was worth it.". [Wed Feb 12 09:37:36 2020 - debug] GET http://localhost:9090/includes/completepayment.php5 returned HTTP code "404" (id=964,from_cache=0,grep=1,rtt=0.12,did=SiEjt6nW) [Wed Feb 12 09:37:37 2020 - debug] GET http://localhost:9090/module/validate.php5 returned HTTP code "404" (id=961,from_cache=0,grep=1,rtt=0.14,did=DAJxLkib) [Wed Feb 12 09:37:37 2020 - debug] GET http://localhost:9090/module/paymentsuccess.cgi returned HTTP code "404" (id=963,from_cache=0,grep=1,rtt=0.23,did=KFqS69Qn) [Wed Feb 12 09:37:37 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 112. [Wed Feb 12 09:37:37 2020 - debug] GET http://localhost:9090/includes/payment.php5 returned HTTP code "404" (id=966,from_cache=0,grep=1,rtt=0.02,did=EJw4l5Li) [Wed Feb 12 09:37:37 2020 - debug] POST http://localhost:9090/module/successful.asp returned HTTP code "404" (id=967,from_cache=0,grep=1,rtt=0.49,did=h1hX6mEW) [Wed Feb 12 09:37:37 2020 - debug] xxe.audit(did="cXFfHygr", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:37 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:38 2020 - debug] GET http://localhost:9090/modules/complete.cgi returned HTTP code "404" (id=972,from_cache=0,grep=1,rtt=0.27,did=hwADI9ig) [Wed Feb 12 09:37:38 2020 - debug] rosetta_flash.audit(did="lQPmM3z0", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:38 2020 - debug] GET http://localhost:9090/learn/vulnerability/a8_ides returned HTTP code "200" (id=960,from_cache=0,grep=1,rtt=0.24,did=p4D19NCw) [Wed Feb 12 09:37:38 2020 - debug] eval.audit(did="yV3ph6t2", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:38 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:38 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:yV3ph6t2) [Wed Feb 12 09:37:38 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:38 2020 - debug] detailed.has_active_session() and detailed.login() [Wed Feb 12 09:37:38 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: cLPQL0Tb) [Wed Feb 12 09:37:38 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=271 returned HTTP code "200" (id=962,from_cache=0,grep=0,rtt=0.88,did=ttWY97tK) [Wed Feb 12 09:37:38 2020 - debug] POST http://localhost:9090/servlet/finished.asp returned HTTP code "404" (id=968,from_cache=0,grep=1,rtt=0.30,did=A6aLo8hi) [Wed Feb 12 09:37:38 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 113. [Wed Feb 12 09:37:38 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 114. [Wed Feb 12 09:37:38 2020 - debug] GET http://localhost:9090/servlet/success.php5 returned HTTP code "404" (id=969,from_cache=0,grep=1,rtt=0.06,did=z0mRew2Z) [Wed Feb 12 09:37:38 2020 - debug] GET http://localhost:9090/inc/return.cgi returned HTTP code "404" (id=974,from_cache=0,grep=1,rtt=0.17,did=ms4raqHU) [Wed Feb 12 09:37:38 2020 - debug] GET http://localhost:9090/includes/paid.cgi returned HTTP code "404" (id=975,from_cache=0,grep=1,rtt=0.24,did=jda0ZY0R) [Wed Feb 12 09:37:38 2020 - debug] eval.audit(did="yV3ph6t2",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.00s to run [Wed Feb 12 09:37:38 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 440, 'reject-seen-url': 197, 'reject-out-of-scope': 11, 'accept': 152} [Wed Feb 12 09:37:38 2020 - debug] rosetta_flash.audit(did="lQPmM3z0",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.00s to run [Wed Feb 12 09:37:38 2020 - debug] xss.audit(did="0pW9Tnu6", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:38 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 440, 'reject-seen-url': 197, 'reject-out-of-scope': 11, 'accept': 152} [Wed Feb 12 09:37:38 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 440, 'reject-seen-url': 197, 'reject-out-of-scope': 11, 'accept': 152} [Wed Feb 12 09:37:38 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:39 2020 - debug] GET http://localhost:9090/module/final.php5 returned HTTP code "404" (id=971,from_cache=0,grep=1,rtt=0.48,did=rJsZzxef) [Wed Feb 12 09:37:39 2020 - debug] GET http://localhost:9090/servlet/return.php5 returned HTTP code "404" (id=973,from_cache=0,grep=1,rtt=0.30,did=qUkUrN0c) [Wed Feb 12 09:37:39 2020 - debug] GET http://localhost:9090/module/paymentsuccessful.cgi returned HTTP code "404" (id=970,from_cache=0,grep=1,rtt=0.36,did=9cdfKP3F) [Wed Feb 12 09:37:39 2020 - debug] GET http://localhost:9090/includes/transactioncomplete.cgi returned HTTP code "404" (id=980,from_cache=0,grep=1,rtt=0.28,did=ClKtLkrU) [Wed Feb 12 09:37:40 2020 - debug] GET http://localhost:9090/inc/success.cgi returned HTTP code "404" (id=976,from_cache=0,grep=1,rtt=0.18,did=TD7Vh83F) [Wed Feb 12 09:37:40 2020 - debug] GET http://localhost:9090/modules/validatepayment.php5 returned HTTP code "404" (id=977,from_cache=0,grep=1,rtt=0.16,did=pZayelWs) [Wed Feb 12 09:37:40 2020 - debug] GET http://localhost:9090/modules/trxcomplete.cgi returned HTTP code "404" (id=965,from_cache=0,grep=1,rtt=0.06,did=9VfaUUxI) [Wed Feb 12 09:37:40 2020 - debug] GET http://localhost:9090/modules/validation.php5 returned HTTP code "404" (id=979,from_cache=0,grep=1,rtt=0.45,did=fXQ9ibiU) [Wed Feb 12 09:37:41 2020 - debug] POST http://localhost:9090/servlet/valid.php returned HTTP code "404" (id=981,from_cache=0,grep=1,rtt=0.21,did=uKUXohGH) [Wed Feb 12 09:37:41 2020 - debug] GET http://localhost:9090/servlet/validation.cgi returned HTTP code "404" (id=978,from_cache=0,grep=1,rtt=0.42,did=pumDAOwM) [Wed Feb 12 09:37:41 2020 - debug] xxe.audit(did="cXFfHygr",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.17s to run [Wed Feb 12 09:37:41 2020 - debug] ssl_certificate.audit(did="cOvq89L4", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:41 2020 - debug] xss.audit(did="0pW9Tnu6",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.11s to run [Wed Feb 12 09:37:41 2020 - debug] localhost:9090 connection pool stats (free:50 / in_use:3 / max:50 / total:53) [Wed Feb 12 09:37:41 2020 - debug] Connections with more in use time: (955b76b517b2a7f0, 0.38 sec) (20c6fb7a85d275d0, 0.10 sec) (084f56a9dda1c119, 0.03 sec) (a5419411797e137e, 0.02 sec) [Wed Feb 12 09:37:41 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 115. [Wed Feb 12 09:37:41 2020 - debug] xst.audit(did="DATBFMNE", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:41 2020 - debug] xst.audit(did="DATBFMNE",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.00s to run [Wed Feb 12 09:37:41 2020 - debug] ssl_certificate.audit(did="cOvq89L4",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.01s to run [Wed Feb 12 09:37:41 2020 - debug] GET http://localhost:9090/learn/vulnerability/a8_ides returned HTTP code "200" (id=982,from_cache=0,grep=1,rtt=0.19,did=Lkxgff2R) [Wed Feb 12 09:37:41 2020 - debug] GET http://localhost:9090/includes/validpay.cgi returned HTTP code "404" (id=990,from_cache=0,grep=1,rtt=0.47,did=Oe8bN7Pz) [Wed Feb 12 09:37:41 2020 - debug] global_redirect.audit(did="Q70SyQOL",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 1.54s to run [Wed Feb 12 09:37:41 2020 - debug] POST http://localhost:9090/inc/transactioncomplete.php returned HTTP code "404" (id=984,from_cache=0,grep=1,rtt=0.25,did=SKLtd6xW) [Wed Feb 12 09:37:41 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 116. [Wed Feb 12 09:37:41 2020 - debug] POST http://localhost:9090/module/paymentsuccess.asp returned HTTP code "404" (id=987,from_cache=0,grep=1,rtt=0.17,did=3eFoHO33) [Wed Feb 12 09:37:42 2020 - debug] GET http://localhost:9090/inc/validpay.php5 returned HTTP code "404" (id=983,from_cache=0,grep=1,rtt=0.16,did=5cj5E8Qp) [Wed Feb 12 09:37:42 2020 - debug] POST http://localhost:9090/servlet/validatepayment.asp returned HTTP code "404" (id=992,from_cache=0,grep=1,rtt=0.34,did=RRgwhma7) [Wed Feb 12 09:37:42 2020 - debug] preg_replace.audit(did="xGtnweJI", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:42 2020 - debug] POST http://localhost:9090/modules/paymentcomplete.php returned HTTP code "404" (id=988,from_cache=0,grep=1,rtt=0.45,did=ciHO1oNv) [Wed Feb 12 09:37:42 2020 - debug] GET http://localhost:9090/learn/vulnerability/a8_ides returned HTTP code "200" (id=985,from_cache=0,grep=1,rtt=0.19,did=PzgSTNzM) [Wed Feb 12 09:37:42 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 117. [Wed Feb 12 09:37:42 2020 - debug] POST http://localhost:9090/includes/completepayment.php returned HTTP code "404" (id=986,from_cache=0,grep=1,rtt=0.17,did=zyMWObPI) [Wed Feb 12 09:37:42 2020 - debug] POST http://localhost:9090/includes/payment.php returned HTTP code "404" (id=989,from_cache=0,grep=1,rtt=0.10,did=coY7FFpr) [Wed Feb 12 09:37:42 2020 - debug] POST http://localhost:9090/modules/finished.php returned HTTP code "404" (id=991,from_cache=0,grep=1,rtt=0.33,did=BdzPvRNd) [Wed Feb 12 09:37:42 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:eyuAyGDh) [Wed Feb 12 09:37:42 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:xGtnweJI) [Wed Feb 12 09:37:43 2020 - debug] GET http://localhost:9090/module/completepay.php5 returned HTTP code "404" (id=994,from_cache=0,grep=1,rtt=0.17,did=05qg7uFP) [Wed Feb 12 09:37:43 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 118. [Wed Feb 12 09:37:43 2020 - debug] mx_injection.audit(did="ddnFvqZN", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:43 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:43 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:ddnFvqZN) [Wed Feb 12 09:37:43 2020 - debug] htaccess_methods.audit(did="bs0HYETQ",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 1.87s to run [Wed Feb 12 09:37:43 2020 - debug] ssi.audit(did="eyuAyGDh",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 1.30s to run [Wed Feb 12 09:37:43 2020 - debug] GET http://localhost:9090/inc/paid.php5 returned HTTP code "404" (id=996,from_cache=0,grep=1,rtt=0.28,did=6QsZDRok) [Wed Feb 12 09:37:43 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=993,from_cache=0,grep=0,rtt=0.17,did=cLPQL0Tb) [Wed Feb 12 09:37:43 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 442, 'reject-seen-url': 214, 'reject-out-of-scope': 11, 'accept': 158} [Wed Feb 12 09:37:43 2020 - debug] GET http://localhost:9090/inc/valid.cgi returned HTTP code "404" (id=1001,from_cache=0,grep=1,rtt=0.20,did=j2iG468k) [Wed Feb 12 09:37:43 2020 - debug] [auth.detailed] User "admin" is currently logged into the application (did: cLPQL0Tb) [Wed Feb 12 09:37:43 2020 - debug] detailed._login() took 1.34s to run [Wed Feb 12 09:37:43 2020 - debug] preg_replace.audit(did="xGtnweJI",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.40s to run [Wed Feb 12 09:37:43 2020 - debug] Using RLIMIT_AS memory usage limit 2350 MB for new pool process [Wed Feb 12 09:37:43 2020 - debug] response_splitting.audit(did="FMaPyDIZ", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:43 2020 - debug] POST http://localhost:9090/modules/validation.php returned HTTP code "404" (id=1003,from_cache=0,grep=1,rtt=0.35,did=C9yCP5Oh) [Wed Feb 12 09:37:43 2020 - debug] POST http://localhost:9090/includes/validpay.asp returned HTTP code "404" (id=1004,from_cache=0,grep=1,rtt=0.13,did=QBFtzwSi) [Wed Feb 12 09:37:43 2020 - debug] POST http://localhost:9090/modules/validatepayment.php returned HTTP code "404" (id=1005,from_cache=0,grep=1,rtt=0.06,did=KQFrsqvl) [Wed Feb 12 09:37:43 2020 - debug] POST http://localhost:9090/module/validate.php returned HTTP code "404" (id=999,from_cache=0,grep=1,rtt=0.56,did=kEI1vW9H) [Wed Feb 12 09:37:43 2020 - debug] POST http://localhost:9090/modules/complete.asp returned HTTP code "404" (id=997,from_cache=0,grep=1,rtt=0.33,did=UEMH0UVn) [Wed Feb 12 09:37:43 2020 - debug] rfd.audit(did="YHgVHPCW", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:43 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 119. [Wed Feb 12 09:37:43 2020 - debug] POST http://localhost:9090/modules/trxcomplete.asp returned HTTP code "404" (id=995,from_cache=0,grep=1,rtt=0.13,did=5qYVYSs9) [Wed Feb 12 09:37:43 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:43 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:FMaPyDIZ) [Wed Feb 12 09:37:43 2020 - debug] URL "http://localhost:9090/learn/vulnerability/a8_ides" is not vulnerable to RFD because response content-type is "text/html" and content-disposition header is missing, response id 894 [Wed Feb 12 09:37:44 2020 - debug] POST http://localhost:9090/module/paymentsuccessful.asp returned HTTP code "404" (id=1008,from_cache=0,grep=1,rtt=0.36,did=tVaNNvwu) [Wed Feb 12 09:37:44 2020 - debug] POST http://localhost:9090/includes/paid.asp returned HTTP code "404" (id=1010,from_cache=0,grep=1,rtt=0.60,did=HueuAwnE) [Wed Feb 12 09:37:44 2020 - debug] POST http://localhost:9090/servlet/validation.asp returned HTTP code "404" (id=1002,from_cache=0,grep=1,rtt=0.46,did=uaRFQ0WN) [Wed Feb 12 09:37:44 2020 - debug] mx_injection.audit(did="ddnFvqZN",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.39s to run [Wed Feb 12 09:37:44 2020 - debug] rfi.audit(did="8j0N7I1h", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:44 2020 - debug] rfd.audit(did="YHgVHPCW",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.07s to run [Wed Feb 12 09:37:44 2020 - debug] POST http://localhost:9090/servlet/return.php returned HTTP code "404" (id=1000,from_cache=0,grep=1,rtt=0.22,did=eBlpJoeY) [Wed Feb 12 09:37:44 2020 - debug] response_splitting.audit(did="FMaPyDIZ",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.22s to run [Wed Feb 12 09:37:44 2020 - debug] localhost:9090 connection pool stats (free:50 / in_use:3 / max:50 / total:53) [Wed Feb 12 09:37:44 2020 - debug] Connections with more in use time: (a5419411797e137e, 0.18 sec) (ff9acc2bc4ba5606, 0.16 sec) (084f56a9dda1c119, 0.08 sec) (20c6fb7a85d275d0, 0.02 sec) [Wed Feb 12 09:37:44 2020 - debug] GET http://localhost:9090/modules/validatepay.cgi returned HTTP code "404" (id=998,from_cache=0,grep=1,rtt=0.38,did=Pqrhpc9k) [Wed Feb 12 09:37:44 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:44 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:8j0N7I1h) [Wed Feb 12 09:37:44 2020 - debug] frontpage.audit(did="hDbuNQwe", uri="http://localhost:9090/learn/vulnerability/a8_ides") [Wed Feb 12 09:37:44 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 120. [Wed Feb 12 09:37:44 2020 - debug] POST http://localhost:9090/inc/validpay.php returned HTTP code "404" (id=1014,from_cache=0,grep=1,rtt=0.15,did=xjbWI7gy) [Wed Feb 12 09:37:44 2020 - debug] POST http://localhost:9090/module/final.php returned HTTP code "404" (id=1006,from_cache=0,grep=1,rtt=0.62,did=07wkr68W) [Wed Feb 12 09:37:45 2020 - debug] POST http://localhost:9090/inc/success.asp returned HTTP code "404" (id=1007,from_cache=0,grep=1,rtt=0.38,did=MJVgkWHq) [Wed Feb 12 09:37:46 2020 - debug] POST http://localhost:9090/servlet/success.php returned HTTP code "404" (id=1011,from_cache=0,grep=1,rtt=0.11,did=mhx6D483) [Wed Feb 12 09:37:46 2020 - debug] POST http://localhost:9090/inc/valid.asp returned HTTP code "404" (id=1017,from_cache=0,grep=1,rtt=0.25,did=cdtHbSsg) [Wed Feb 12 09:37:46 2020 - debug] GET http://localhost:9090/includes/completepayment.php returned HTTP code "404" (id=1019,from_cache=0,grep=1,rtt=0.15,did=H8DT7kGO) [Wed Feb 12 09:37:46 2020 - debug] GET http://localhost:9090/modules/finished.php returned HTTP code "404" (id=1022,from_cache=0,grep=1,rtt=0.10,did=BQHJAOoR) [Wed Feb 12 09:37:46 2020 - debug] frontpage.audit(did="hDbuNQwe",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 0.31s to run [Wed Feb 12 09:37:46 2020 - debug] RFI using local web server for URL: http://localhost:9090/learn/vulnerability/a8_ides [Wed Feb 12 09:37:46 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.00 seconds [Wed Feb 12 09:37:46 2020 - debug] GET http://localhost:9090/includes/pay.php returned HTTP code "404" (id=1013,from_cache=0,grep=1,rtt=0.25,did=czt3hBtx) [Wed Feb 12 09:37:46 2020 - debug] GET http://localhost:9090/learn/vulnerability/a8_ides returned HTTP code "200" (id=1016,from_cache=0,grep=1,rtt=0.44,did=Lkxgff2R) [Wed Feb 12 09:37:46 2020 - debug] cors_origin.audit(did="Lkxgff2R",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 3.18s to run (0.63s 19% sending HTTP requests) [Wed Feb 12 09:37:46 2020 - debug] POST http://localhost:9090/includes/transactioncomplete.asp returned HTTP code "404" (id=1012,from_cache=0,grep=1,rtt=0.43,did=85pQ3RnE) [Wed Feb 12 09:37:46 2020 - debug] POST http://localhost:9090/module/completepay.php returned HTTP code "404" (id=1018,from_cache=0,grep=1,rtt=0.11,did=Obu38iaG) [Wed Feb 12 09:37:46 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 121. [Wed Feb 12 09:37:46 2020 - debug] GET http://localhost:9090/learn/vulnerability/a6_sec_misconf returned HTTP code "200" (id=1021,from_cache=0,grep=0,rtt=0.05,did=BS2XA4Jl) [Wed Feb 12 09:37:46 2020 - debug] POST http://localhost:9090/inc/return.asp returned HTTP code "404" (id=1009,from_cache=0,grep=1,rtt=0.12,did=DV6PyPoA) [Wed Feb 12 09:37:46 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 455, 'reject-seen-url': 222, 'reject-out-of-scope': 11, 'accept': 162} [Wed Feb 12 09:37:46 2020 - debug] GET http://localhost:9090/module/paymentsuccess.asp returned HTTP code "404" (id=1020,from_cache=0,grep=1,rtt=0.29,did=jEvnjV9V) [Wed Feb 12 09:37:46 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 455, 'reject-seen-url': 222, 'reject-out-of-scope': 11, 'accept': 162} [Wed Feb 12 09:37:46 2020 - debug] file_upload.audit(did="N0rqjF4S", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:46 2020 - debug] file_upload.audit(did="N0rqjF4S",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.00s to run [Wed Feb 12 09:37:47 2020 - debug] POST http://localhost:9090/inc/paid.php returned HTTP code "404" (id=1015,from_cache=0,grep=1,rtt=0.29,did=ljafKSxC) [Wed Feb 12 09:37:47 2020 - debug] GET http://localhost:9090/servlet/finished.asp returned HTTP code "404" (id=1024,from_cache=0,grep=1,rtt=0.36,did=Yqokr0nm) [Wed Feb 12 09:37:47 2020 - debug] GET http://localhost:9090/servlet/validatepayment.asp returned HTTP code "404" (id=1027,from_cache=0,grep=1,rtt=0.28,did=JB0rLgcP) [Wed Feb 12 09:37:47 2020 - debug] GET http://localhost:9090/includes/payment.php returned HTTP code "404" (id=1025,from_cache=0,grep=1,rtt=0.15,did=wJHYnVF9) [Wed Feb 12 09:37:47 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 122. [Wed Feb 12 09:37:47 2020 - debug] GET http://localhost:9090/module/successful.asp returned HTTP code "404" (id=1023,from_cache=0,grep=1,rtt=0.10,did=lr1xNQBa) [Wed Feb 12 09:37:47 2020 - debug] POST http://localhost:9090/modules/validatepay.asp returned HTTP code "404" (id=1026,from_cache=0,grep=1,rtt=0.43,did=yFPsNsEc) [Wed Feb 12 09:37:47 2020 - debug] csrf.audit(did="EUOBb1Sa", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:47 2020 - debug] csrf.audit(did="EUOBb1Sa",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.00s to run [Wed Feb 12 09:37:47 2020 - debug] deserialization.audit(did="0BI8qPKP", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:47 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:47 2020 - debug] deserialization.audit(did="0BI8qPKP",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.01s to run [Wed Feb 12 09:37:47 2020 - debug] GET http://localhost:9090/modules/trxcomplete.asp returned HTTP code "404" (id=1029,from_cache=0,grep=1,rtt=0.22,did=EwI2xQIV) [Wed Feb 12 09:37:47 2020 - debug] DNS response from DNS server for domain: ajax.googleapis.com [Wed Feb 12 09:37:47 2020 - debug] GET http://localhost:9090/servlet/validation.asp returned HTTP code "404" (id=1031,from_cache=0,grep=1,rtt=0.18,did=gSPY41j9) [Wed Feb 12 09:37:47 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 123. [Wed Feb 12 09:37:47 2020 - debug] os_commanding.audit(did="y2MVkgAh", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:47 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a8_ides" () [Wed Feb 12 09:37:47 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:8j0N7I1h) [Wed Feb 12 09:37:47 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:47 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:47 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:y2MVkgAh) [Wed Feb 12 09:37:47 2020 - debug] rfi.audit(did="8j0N7I1h",uri="http://localhost:9090/learn/vulnerability/a8_ides") took 1.32s to run [Wed Feb 12 09:37:48 2020 - debug] GET http://localhost:9090/module/final.php returned HTTP code "404" (id=1033,from_cache=0,grep=1,rtt=0.10,did=I2hFXS9q) [Wed Feb 12 09:37:48 2020 - debug] retire.js returned the expected exit code. [Wed Feb 12 09:37:48 2020 - debug] retirejs.grep(uri="http://localhost:9090/") took 55.90s to run [Wed Feb 12 09:37:48 2020 - debug] code_disclosure.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] retirejs.grep(uri="http://localhost:9090/_vti_inf.html") took 54.99s to run [Wed Feb 12 09:37:48 2020 - debug] Unknown post-data. Content-type: "None" and/or post-data "" [Wed Feb 12 09:37:48 2020 - debug] serialized_object.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] blank_body.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] path_disclosure.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] strange_http_codes.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] credit_cards.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] lfi.audit(did="WZz7pA5z", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:48 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:WZz7pA5z) [Wed Feb 12 09:37:48 2020 - debug] GET http://localhost:9090/modules/validatepayment.php returned HTTP code "404" (id=1030,from_cache=0,grep=1,rtt=0.14,did=60aP8arb) [Wed Feb 12 09:37:48 2020 - debug] retirejs.grep(uri="http://localhost:9090/.listing") took 54.38s to run [Wed Feb 12 09:37:48 2020 - debug] csp.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] dom_xss.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] vulners_db.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] strict_transport_security.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] keys.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] retirejs.grep(uri="http://localhost:9090/wp-login.php") took 52.63s to run [Wed Feb 12 09:37:48 2020 - debug] clamav.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] retirejs.grep(uri="http://localhost:9090/robots.txt") took 48.77s to run [Wed Feb 12 09:37:48 2020 - debug] retirejs.grep(uri="http://localhost:9090/execute.xml") took 26.09s to run [Wed Feb 12 09:37:48 2020 - debug] retirejs.grep(uri="http://localhost:9090/~_w_3_a_f_/") took 25.69s to run [Wed Feb 12 09:37:48 2020 - debug] retirejs.grep(uri="http://localhost:9090/gears_config") took 24.63s to run [Wed Feb 12 09:37:48 2020 - debug] dot_net_event_validation.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] objects.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] error_500.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] meta_tags.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] password_profiling.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] click_jacking.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] retirejs.grep(uri="http://localhost:9090/sitemanifest.gears") took 23.04s to run [Wed Feb 12 09:37:48 2020 - debug] lang.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] retirejs.grep(uri="http://localhost:9090/filesInCache.json") took 20.88s to run [Wed Feb 12 09:37:48 2020 - debug] hash_analysis.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:48 2020 - debug] GET http://localhost:9090/servlet/return.php returned HTTP code "404" (id=1032,from_cache=0,grep=1,rtt=0.34,did=eB7Poamh) [Wed Feb 12 09:37:48 2020 - debug] localhost:9090 connection pool stats (free:50 / in_use:3 / max:50 / total:53) [Wed Feb 12 09:37:48 2020 - debug] Connections with more in use time: (084f56a9dda1c119, 0.19 sec) (a5419411797e137e, 0.03 sec) (ff9acc2bc4ba5606, 0.03 sec) [Wed Feb 12 09:37:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:48 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:49 2020 - debug] POST http://localhost:9090/includes/completepayment.aspx returned HTTP code "404" (id=1036,from_cache=0,grep=1,rtt=0.46,did=u3Gq4J1a) [Wed Feb 12 09:37:49 2020 - debug] form_cleartext_password.grep(uri="http://localhost:9090/filesInCache.json") took 0.17s to run [Wed Feb 12 09:37:49 2020 - debug] sqli.audit(did="D4zsavC9", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:49 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:49 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:D4zsavC9) [Wed Feb 12 09:37:49 2020 - debug] GET http://localhost:9090/includes/paid.asp returned HTTP code "404" (id=1028,from_cache=0,grep=1,rtt=0.17,did=WOUHF8fo) [Wed Feb 12 09:37:49 2020 - debug] lfi.audit(did="WZz7pA5z",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.21s to run [Wed Feb 12 09:37:49 2020 - debug] GET http://localhost:9090/servlet/valid.php returned HTTP code "404" (id=1034,from_cache=0,grep=1,rtt=0.21,did=v0zK7YSy) [Wed Feb 12 09:37:49 2020 - debug] url_session.grep(uri="http://localhost:9090/filesInCache.json") took 0.18s to run [Wed Feb 12 09:37:49 2020 - debug] html_comments.grep(uri="http://localhost:9090/filesInCache.json") took 0.19s to run [Wed Feb 12 09:37:49 2020 - debug] strange_parameters.grep(uri="http://localhost:9090/filesInCache.json") took 0.19s to run [Wed Feb 12 09:37:49 2020 - debug] os_commanding.audit(did="y2MVkgAh",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.31s to run [Wed Feb 12 09:37:49 2020 - debug] form_autocomplete.grep(uri="http://localhost:9090/filesInCache.json") took 0.21s to run [Wed Feb 12 09:37:49 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 124. [Wed Feb 12 09:37:49 2020 - debug] http_auth_detect.grep(uri="http://localhost:9090/filesInCache.json") took 0.21s to run [Wed Feb 12 09:37:49 2020 - debug] POST http://localhost:9090/modules/finished.aspx returned HTTP code "404" (id=1035,from_cache=0,grep=1,rtt=0.35,did=VoAbZfPK) [Wed Feb 12 09:37:49 2020 - debug] strange_reason.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:49 2020 - debug] oracle.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:49 2020 - debug] feeds.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:49 2020 - debug] user_defined_regex.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:49 2020 - debug] ssn.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:49 2020 - debug] strange_headers.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:49 2020 - debug] cache_control.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:49 2020 - debug] content_sniffing.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:49 2020 - debug] websockets_links.grep(uri="http://localhost:9090/filesInCache.json") took 0.00s to run [Wed Feb 12 09:37:49 2020 - debug] POST http://localhost:9090/servlet/validatepayment.py returned HTTP code "404" (id=1042,from_cache=0,grep=1,rtt=0.10,did=SS6ISMlY) [Wed Feb 12 09:37:50 2020 - debug] GET http://localhost:9090/servlet/success.php returned HTTP code "404" (id=1040,from_cache=0,grep=1,rtt=0.21,did=aCvSQgcq) [Wed Feb 12 09:37:50 2020 - debug] GET http://localhost:9090/modules/validation.php returned HTTP code "404" (id=1037,from_cache=0,grep=1,rtt=0.20,did=D0yquZMy) [Wed Feb 12 09:37:50 2020 - debug] POST http://localhost:9090/module/successful.py returned HTTP code "404" (id=1045,from_cache=0,grep=1,rtt=0.22,did=jRRGa2pJ) [Wed Feb 12 09:37:50 2020 - debug] error_pages.grep(uri="http://localhost:9090/filesInCache.json") took 0.46s to run [Wed Feb 12 09:37:50 2020 - debug] directory_indexing.grep(uri="http://localhost:9090/filesInCache.json") took 0.01s to run [Wed Feb 12 09:37:50 2020 - debug] POST http://localhost:9090/includes/pay.aspx returned HTTP code "404" (id=1038,from_cache=0,grep=1,rtt=0.14,did=DhKXxbpe) [Wed Feb 12 09:37:50 2020 - debug] GET http://localhost:9090/module/paymentsuccessful.asp returned HTTP code "404" (id=1039,from_cache=0,grep=1,rtt=0.08,did=VPHKH6v0) [Wed Feb 12 09:37:50 2020 - debug] blind_sqli.audit(did="mXRRsRTF", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:50 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:50 2020 - debug] analyze_cookies.grep(uri="http://localhost:9090/filesInCache.json") took 0.34s to run [Wed Feb 12 09:37:50 2020 - debug] GET http://localhost:9090/inc/valid.asp returned HTTP code "404" (id=1041,from_cache=0,grep=1,rtt=0.15,did=MndvqUIf) [Wed Feb 12 09:37:50 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:51 2020 - debug] POST http://localhost:9090/modules/trxcomplete.py returned HTTP code "404" (id=1046,from_cache=0,grep=1,rtt=0.17,did=hYzSqts9) [Wed Feb 12 09:37:51 2020 - debug] POST http://localhost:9090/servlet/return.aspx returned HTTP code "404" (id=1044,from_cache=0,grep=1,rtt=0.10,did=4lEZBJEI) [Wed Feb 12 09:37:51 2020 - debug] POST http://localhost:9090/servlet/validation.py returned HTTP code "404" (id=1051,from_cache=0,grep=1,rtt=0.31,did=ZPnnQQRp) [Wed Feb 12 09:37:51 2020 - debug] sqli.audit(did="D4zsavC9",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.30s to run [Wed Feb 12 09:37:51 2020 - debug] blind_sqli.audit(did="mXRRsRTF",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.10s to run [Wed Feb 12 09:37:51 2020 - debug] POST http://localhost:9090/includes/payment.aspx returned HTTP code "404" (id=1050,from_cache=0,grep=1,rtt=0.39,did=GHAhbacp) [Wed Feb 12 09:37:51 2020 - debug] POST http://localhost:9090/servlet/finished.py returned HTTP code "404" (id=1048,from_cache=0,grep=1,rtt=0.21,did=tYSb6IeF) [Wed Feb 12 09:37:52 2020 - debug] POST http://localhost:9090/servlet/valid.aspx returned HTTP code "404" (id=1047,from_cache=0,grep=1,rtt=0.18,did=qcY3O32z) [Wed Feb 12 09:37:52 2020 - debug] phishing_vector.audit(did="N0YCdPQO", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:52 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:52 2020 - debug] generic.audit(did="T7kmk5gw", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:52 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:52 2020 - debug] GET http://localhost:9090/inc/validpay.php returned HTTP code "404" (id=1043,from_cache=0,grep=1,rtt=0.28,did=9Rg73qCp) [Wed Feb 12 09:37:52 2020 - debug] POST http://localhost:9090/module/paymentsuccess.py returned HTTP code "404" (id=1049,from_cache=0,grep=1,rtt=0.42,did=8Al6jbRv) [Wed Feb 12 09:37:52 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 125. [Wed Feb 12 09:37:52 2020 - debug] format_string.audit(did="tBMZcX2B", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:52 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:52 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:tBMZcX2B) [Wed Feb 12 09:37:52 2020 - debug] GET http://localhost:9090/inc/transactioncomplete.php returned HTTP code "404" (id=1053,from_cache=0,grep=1,rtt=0.16,did=Rp1ygjuf) [Wed Feb 12 09:37:52 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 461, 'reject-seen-url': 238, 'reject-out-of-scope': 11, 'accept': 165} [Wed Feb 12 09:37:52 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:N0YCdPQO) [Wed Feb 12 09:37:52 2020 - debug] generic.audit(did="T7kmk5gw",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.00s to run [Wed Feb 12 09:37:52 2020 - debug] GET http://localhost:9090/inc/paid.php returned HTTP code "404" (id=1052,from_cache=0,grep=1,rtt=0.16,did=UrqMmtSR) [Wed Feb 12 09:37:52 2020 - debug] format_string.audit(did="tBMZcX2B",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.01s to run [Wed Feb 12 09:37:52 2020 - debug] websocket_hijacking.audit(did="EikZKIr6", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:52 2020 - debug] GET http://localhost:9090/inc/return.asp returned HTTP code "404" (id=1055,from_cache=0,grep=1,rtt=0.34,did=GPv9ry7V) [Wed Feb 12 09:37:52 2020 - debug] Finished audit.phishing_vector (did=N0YCdPQO) [Wed Feb 12 09:37:52 2020 - debug] phishing_vector.audit(did="N0YCdPQO",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.21s to run [Wed Feb 12 09:37:52 2020 - debug] GET http://localhost:9090/modules/paymentcomplete.php returned HTTP code "404" (id=1054,from_cache=0,grep=1,rtt=0.29,did=FLLCXriv) [Wed Feb 12 09:37:52 2020 - debug] shell_shock.audit(did="J23oyGAU", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:52 2020 - debug] localhost:9090 connection pool stats (free:51 / in_use:2 / max:50 / total:53) [Wed Feb 12 09:37:52 2020 - debug] Connections with more in use time: (ff9acc2bc4ba5606, 0.22 sec) (a5419411797e137e, 0.16 sec) [Wed Feb 12 09:37:52 2020 - debug] GET http://localhost:9090/module/completepay.php returned HTTP code "404" (id=1058,from_cache=0,grep=1,rtt=0.27,did=9avC3im2) [Wed Feb 12 09:37:52 2020 - debug] POST http://localhost:9090/includes/paid.py returned HTTP code "404" (id=1057,from_cache=0,grep=1,rtt=0.34,did=M6ZGkzgu) [Wed Feb 12 09:37:52 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 126. [Wed Feb 12 09:37:53 2020 - debug] GET http://ajax.googleapis.com/ajax/services/search/web?q=site:localhost inurl:zebra.conf intext:password -sample -test -tutorial -download&start=0&rsz=8&v=1.0 returned HTTP code "200" (id=1064,from_cache=0,grep=1,rtt=1.15,did=OqMgujLj) [Wed Feb 12 09:37:53 2020 - debug] websocket_hijacking.audit(did="EikZKIr6",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.19s to run [Wed Feb 12 09:37:53 2020 - debug] memcachei.audit(did="qECcmqsJ", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:53 2020 - debug] GET http://localhost:9090/includes/transactioncomplete.asp returned HTTP code "404" (id=1060,from_cache=0,grep=1,rtt=0.20,did=c0ANMSh6) [Wed Feb 12 09:37:53 2020 - debug] GET http://localhost:9090/includes/validpay.asp returned HTTP code "404" (id=1062,from_cache=0,grep=1,rtt=0.16,did=PNTRn8Km) [Wed Feb 12 09:37:53 2020 - debug] GET http://localhost:9090/modules/validatepay.asp returned HTTP code "404" (id=1065,from_cache=0,grep=1,rtt=0.55,did=rsz6JdZx) [Wed Feb 12 09:37:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:53 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:qECcmqsJ) [Wed Feb 12 09:37:53 2020 - debug] POST http://localhost:9090/module/final.aspx returned HTTP code "404" (id=1061,from_cache=0,grep=1,rtt=0.33,did=TfbYnVpi) [Wed Feb 12 09:37:53 2020 - debug] POST http://localhost:9090/inc/validpay.aspx returned HTTP code "404" (id=1066,from_cache=0,grep=1,rtt=0.14,did=vdhvqkW8) [Wed Feb 12 09:37:53 2020 - debug] un_ssl.audit(did="eFFEVdgn", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:53 2020 - debug] GET http://localhost:9090/module/validate.php returned HTTP code "404" (id=1056,from_cache=0,grep=1,rtt=0.15,did=51k5geDC) [Wed Feb 12 09:37:53 2020 - debug] ldapi.audit(did="iQaumj4w", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:53 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:iQaumj4w) [Wed Feb 12 09:37:53 2020 - debug] buffer_overflow.audit(did="KDyGLAIp", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:53 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:53 2020 - debug] redos.audit(did="KCSKnDGP", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:53 2020 - debug] Invalid JSON format returned by Google, response status needs to be 200, got "The Google Web Search API is no longer available. Please migrate to the Google Custom Search API (https://developers.google.com/custom-search/)" instead. [Wed Feb 12 09:37:53 2020 - debug] memcachei.audit(did="qECcmqsJ",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.12s to run [Wed Feb 12 09:37:54 2020 - debug] un_ssl.audit(did="eFFEVdgn",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] POST http://localhost:9090/inc/valid.py returned HTTP code "404" (id=1069,from_cache=0,grep=1,rtt=0.21,did=FfxIUjyQ) [Wed Feb 12 09:37:54 2020 - debug] POST http://localhost:9090/servlet/success.aspx returned HTTP code "404" (id=1059,from_cache=0,grep=1,rtt=0.21,did=mGKLLJyo) [Wed Feb 12 09:37:54 2020 - debug] buffer_overflow.audit(did="KDyGLAIp",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] ldapi.audit(did="iQaumj4w",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.02s to run [Wed Feb 12 09:37:54 2020 - debug] POST http://localhost:9090/modules/validatepayment.aspx returned HTTP code "404" (id=1063,from_cache=0,grep=1,rtt=0.20,did=BREwv7xz) [Wed Feb 12 09:37:54 2020 - debug] POST http://localhost:9090/module/paymentsuccessful.py returned HTTP code "404" (id=1067,from_cache=0,grep=1,rtt=0.23,did=X9JUKYz9) [Wed Feb 12 09:37:54 2020 - debug] global_redirect.audit(did="ODoSvHLQ", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:54 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:54 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:ODoSvHLQ) [Wed Feb 12 09:37:54 2020 - debug] POST http://localhost:9090/modules/validation.aspx returned HTTP code "404" (id=1068,from_cache=0,grep=1,rtt=0.18,did=6yXPDi0r) [Wed Feb 12 09:37:54 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 127. [Wed Feb 12 09:37:54 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=281 returned HTTP code "200" (id=1070,from_cache=0,grep=0,rtt=1.74,did=avyXEHwP) [Wed Feb 12 09:37:54 2020 - debug] POST http://localhost:9090/inc/transactioncomplete.aspx returned HTTP code "404" (id=1071,from_cache=0,grep=1,rtt=0.30,did=cADP6vxQ) [Wed Feb 12 09:37:54 2020 - debug] GET http://localhost:9090/learn/vulnerability/a6_sec_misconf returned HTTP code "200" (id=1072,from_cache=0,grep=1,rtt=0.05,did=J23oyGAU) [Wed Feb 12 09:37:54 2020 - debug] Unknown post-data. Content-type: "text/plain" and/or post-data "iZvkuY" [Wed Feb 12 09:37:54 2020 - debug] symfony.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] xss_protection_header.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] private_ip.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] expect_ct.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] xpath.audit(did="oaEJJ54G", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:54 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:54 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:oaEJJ54G) [Wed Feb 12 09:37:54 2020 - debug] svn_users.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] cross_domain_js.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] wsdl_greper.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] file_upload.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:54 2020 - debug] redos.audit(did="KCSKnDGP",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.43s to run [Wed Feb 12 09:37:54 2020 - debug] cors_origin.audit(did="1p1O81sy", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:54 2020 - debug] xpath.audit(did="oaEJJ54G",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.18s to run [Wed Feb 12 09:37:54 2020 - debug] htaccess_methods.audit(did="vqm3nayZ", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:54 2020 - debug] POST http://localhost:9090/modules/paymentcomplete.aspx returned HTTP code "404" (id=1075,from_cache=0,grep=1,rtt=0.39,did=17Okc5Wl) [Wed Feb 12 09:37:54 2020 - debug] dav.audit(did="J9EhgbXP", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:54 2020 - debug] dav.audit(did="J9EhgbXP",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 128. [Wed Feb 12 09:37:54 2020 - debug] GET http://localhost:9090/modules/complete.asp returned HTTP code "404" (id=1073,from_cache=0,grep=1,rtt=0.15,did=cwBR3yHK) [Wed Feb 12 09:37:54 2020 - debug] motw.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] meta_generator.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] retirejs.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] code_disclosure.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] Unknown post-data. Content-type: "text/plain" and/or post-data "iZvkuY" [Wed Feb 12 09:37:54 2020 - debug] serialized_object.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] blank_body.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] path_disclosure.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] strange_http_codes.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] credit_cards.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] websockets_links.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] csp.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] dom_xss.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] vulners_db.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] strict_transport_security.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] keys.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] clamav.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] ssi.audit(did="sZOd9Dqk", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:54 2020 - debug] POST http://localhost:9090/inc/return.py returned HTTP code "404" (id=1074,from_cache=0,grep=1,rtt=0.18,did=91n3pvjF) [Wed Feb 12 09:37:54 2020 - debug] POST http://localhost:9090/inc/paid.aspx returned HTTP code "404" (id=1076,from_cache=0,grep=1,rtt=0.36,did=K70bROlZ) [Wed Feb 12 09:37:54 2020 - debug] dot_net_event_validation.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] objects.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] error_500.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] meta_tags.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] password_profiling.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] click_jacking.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] directory_indexing.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] lang.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:54 2020 - debug] xxe.audit(did="vJnEBRWJ", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:54 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:55 2020 - debug] GET http://localhost:9090/includes/payment.aspx returned HTTP code "404" (id=1081,from_cache=0,grep=1,rtt=0.17,did=4TqqgsYy) [Wed Feb 12 09:37:55 2020 - debug] POST http://localhost:9090/includes/transactioncomplete.py returned HTTP code "404" (id=1084,from_cache=0,grep=1,rtt=0.06,did=ES9kR4yP) [Wed Feb 12 09:37:55 2020 - debug] hash_analysis.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:55 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 129. [Wed Feb 12 09:37:55 2020 - debug] eval.audit(did="vTOYBMtn", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:55 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:55 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:vTOYBMtn) [Wed Feb 12 09:37:55 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:55 2020 - debug] eval.audit(did="vTOYBMtn",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.00s to run [Wed Feb 12 09:37:55 2020 - debug] xxe.audit(did="vJnEBRWJ",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.16s to run [Wed Feb 12 09:37:55 2020 - debug] localhost:9090 connection pool stats (free:51 / in_use:2 / max:50 / total:53) [Wed Feb 12 09:37:55 2020 - debug] Connections with more in use time: (20c6fb7a85d275d0, 0.22 sec) (084f56a9dda1c119, 0.06 sec) [Wed Feb 12 09:37:55 2020 - debug] get_emails.grep(uri="http://localhost:9090/filesInCache.json") took 2.52s to run [Wed Feb 12 09:37:55 2020 - debug] strange_reason.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:55 2020 - debug] content_sniffing.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:55 2020 - debug] user_defined_regex.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:55 2020 - debug] cache_control.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:55 2020 - debug] GET http://localhost:9090/inc/success.asp returned HTTP code "404" (id=1078,from_cache=0,grep=1,rtt=0.15,did=LW4aRY5K) [Wed Feb 12 09:37:55 2020 - debug] GET http://localhost:9090/servlet/valid.aspx returned HTTP code "404" (id=1077,from_cache=0,grep=1,rtt=0.25,did=WuoOq7h0) [Wed Feb 12 09:37:56 2020 - debug] GET http://localhost:9090/modules/validatepayment.aspx returned HTTP code "404" (id=1089,from_cache=0,grep=1,rtt=0.22,did=HLDLLLiP) [Wed Feb 12 09:37:56 2020 - debug] GET http://localhost:9090/servlet/finished.py returned HTTP code "404" (id=1082,from_cache=0,grep=1,rtt=0.36,did=0jlmQwhR) [Wed Feb 12 09:37:56 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.00 seconds [Wed Feb 12 09:37:56 2020 - debug] POST http://localhost:9090/modules/validatepay.py returned HTTP code "404" (id=1079,from_cache=0,grep=1,rtt=0.31,did=1fs8jxTr) [Wed Feb 12 09:37:56 2020 - debug] rosetta_flash.audit(did="8XfcqlfS", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:56 2020 - debug] strange_headers.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:56 2020 - debug] ssn.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:56 2020 - debug] GET http://localhost:9090/modules/finished.aspx returned HTTP code "404" (id=1083,from_cache=0,grep=1,rtt=0.36,did=e7chs9NX) [Wed Feb 12 09:37:56 2020 - debug] POST http://localhost:9090/includes/validpay.py returned HTTP code "404" (id=1080,from_cache=0,grep=1,rtt=0.39,did=e1nvNtjN) [Wed Feb 12 09:37:56 2020 - debug] rosetta_flash.audit(did="8XfcqlfS",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.11s to run [Wed Feb 12 09:37:56 2020 - debug] GET http://localhost:9090/servlet/validation.py returned HTTP code "404" (id=1087,from_cache=0,grep=1,rtt=0.30,did=8jAOofo3) [Wed Feb 12 09:37:56 2020 - debug] POST http://localhost:9090/module/validate.aspx returned HTTP code "404" (id=1088,from_cache=0,grep=1,rtt=0.40,did=VHzC3PML) [Wed Feb 12 09:37:56 2020 - debug] error_pages.grep(uri="http://localhost:9090/DMIoG") took 0.24s to run [Wed Feb 12 09:37:56 2020 - debug] oracle.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:56 2020 - debug] feeds.grep(uri="http://localhost:9090/DMIoG") took 0.00s to run [Wed Feb 12 09:37:56 2020 - debug] xss.audit(did="8TeEVX4i", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:56 2020 - debug] GET http://localhost:9090/module/paymentsuccess.py returned HTTP code "404" (id=1090,from_cache=0,grep=1,rtt=0.22,did=adW6I9mf) [Wed Feb 12 09:37:56 2020 - debug] xst.audit(did="iboxBRf0", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:56 2020 - debug] xst.audit(did="iboxBRf0",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.00s to run [Wed Feb 12 09:37:56 2020 - debug] ssl_certificate.audit(did="CrRpG9br", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:56 2020 - debug] ssl_certificate.audit(did="CrRpG9br",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.00s to run [Wed Feb 12 09:37:56 2020 - debug] GET http://localhost:9090/includes/pay.aspx returned HTTP code "404" (id=1086,from_cache=0,grep=1,rtt=0.42,did=xi6orqwh) [Wed Feb 12 09:37:56 2020 - debug] POST http://localhost:9090/module/completepay.aspx returned HTTP code "404" (id=1085,from_cache=0,grep=1,rtt=0.61,did=InJEWcEc) [Wed Feb 12 09:37:57 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:57 2020 - debug] GET http://localhost:9090/learn/vulnerability/a6_sec_misconf returned HTTP code "200" (id=1091,from_cache=0,grep=1,rtt=0.12,did=1p1O81sy) [Wed Feb 12 09:37:57 2020 - debug] GET http://localhost:9090/servlet/return.aspx returned HTTP code "404" (id=1092,from_cache=0,grep=1,rtt=0.28,did=PHXVMakA) [Wed Feb 12 09:37:57 2020 - debug] preg_replace.audit(did="946zXN5q", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:57 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:57 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:946zXN5q) [Wed Feb 12 09:37:57 2020 - debug] xss.audit(did="8TeEVX4i",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.10s to run [Wed Feb 12 09:37:57 2020 - debug] mx_injection.audit(did="a8Rx8aZ6", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:57 2020 - debug] analyze_cookies.grep(uri="http://localhost:9090/DMIoG") took 0.34s to run [Wed Feb 12 09:37:57 2020 - debug] GET http://localhost:9090/learn/vulnerability/a6_sec_misconf returned HTTP code "200" (id=1094,from_cache=0,grep=1,rtt=0.15,did=StpLRaJn) [Wed Feb 12 09:37:57 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 130. [Wed Feb 12 09:37:57 2020 - debug] GET http://localhost:9090/modules/paymentcomplete.aspx returned HTTP code "404" (id=1096,from_cache=0,grep=1,rtt=0.16,did=Q6VzkMwE) [Wed Feb 12 09:37:57 2020 - debug] global_redirect.audit(did="ODoSvHLQ",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 1.55s to run [Wed Feb 12 09:37:57 2020 - debug] response_splitting.audit(did="YbNbHFYj", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:57 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:57 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:a8Rx8aZ6) [Wed Feb 12 09:37:57 2020 - debug] GET http://www.google.com/xhtml?q=site:localhost inurl:zebra.conf intext:password -sample -test -tutorial -download&start=0 returned HTTP code "200" (id=1093,from_cache=0,grep=1,rtt=0.82,did=OWbtLg3H) [Wed Feb 12 09:37:57 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 478, 'reject-seen-url': 262, 'reject-out-of-scope': 12, 'accept': 173} [Wed Feb 12 09:37:57 2020 - debug] preg_replace.audit(did="946zXN5q",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.21s to run [Wed Feb 12 09:37:57 2020 - debug] rfd.audit(did="3RXPTP6e", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:57 2020 - debug] URL "http://localhost:9090/learn/vulnerability/a6_sec_misconf" is not vulnerable to RFD because response content-type is "text/html" and content-disposition header is missing, response id 1021 [Wed Feb 12 09:37:57 2020 - debug] rfd.audit(did="3RXPTP6e",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.00s to run [Wed Feb 12 09:37:57 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:57 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:sZOd9Dqk) [Wed Feb 12 09:37:57 2020 - debug] ssi.audit(did="sZOd9Dqk",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 1.02s to run [Wed Feb 12 09:37:57 2020 - debug] POST http://localhost:9090/inc/success.py returned HTTP code "404" (id=1102,from_cache=0,grep=1,rtt=0.22,did=Aj55yzJm) [Wed Feb 12 09:37:57 2020 - debug] POST http://localhost:9090/servlet/finished.jsp returned HTTP code "404" (id=1099,from_cache=0,grep=1,rtt=0.05,did=DZ9S6UHU) [Wed Feb 12 09:37:57 2020 - debug] htaccess_methods.audit(did="vqm3nayZ",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 1.35s to run [Wed Feb 12 09:37:57 2020 - debug] rfi.audit(did="6goxwzgw", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:58 2020 - debug] GET http://localhost:9090/servlet/validatepayment.py returned HTTP code "404" (id=1103,from_cache=0,grep=1,rtt=0.19,did=JtG5Cz2a) [Wed Feb 12 09:37:58 2020 - debug] mx_injection.audit(did="a8Rx8aZ6",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.32s to run [Wed Feb 12 09:37:58 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 131. [Wed Feb 12 09:37:58 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:58 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:YbNbHFYj) [Wed Feb 12 09:37:58 2020 - debug] frontpage.audit(did="ZD9eFN2e", uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") [Wed Feb 12 09:37:58 2020 - debug] GET http://localhost:9090/module/paymentsuccessful.py returned HTTP code "404" (id=1101,from_cache=0,grep=1,rtt=0.13,did=qp4EKLWN) [Wed Feb 12 09:37:58 2020 - debug] detailed.has_active_session() and detailed.login() [Wed Feb 12 09:37:58 2020 - debug] [auth.detailed] Checking if session for user admin is active (did: JdfDwx3H) [Wed Feb 12 09:37:58 2020 - debug] response_splitting.audit(did="YbNbHFYj",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.26s to run [Wed Feb 12 09:37:58 2020 - debug] frontpage.audit(did="ZD9eFN2e",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.04s to run [Wed Feb 12 09:37:58 2020 - debug] GET http://localhost:9090/modules/validation.aspx returned HTTP code "404" (id=1097,from_cache=0,grep=1,rtt=0.13,did=6lYks0ak) [Wed Feb 12 09:37:58 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:37:58 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:6goxwzgw) [Wed Feb 12 09:37:58 2020 - debug] RFI using local web server for URL: http://localhost:9090/learn/vulnerability/a6_sec_misconf [Wed Feb 12 09:37:59 2020 - debug] GET http://localhost:9090/inc/transactioncomplete.aspx returned HTTP code "404" (id=1106,from_cache=0,grep=1,rtt=0.38,did=A6WuJv1q) [Wed Feb 12 09:37:59 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 132. [Wed Feb 12 09:37:59 2020 - debug] GET http://localhost:9090/inc/return.py returned HTTP code "404" (id=1107,from_cache=0,grep=1,rtt=0.07,did=GG3e0ocH) [Wed Feb 12 09:37:59 2020 - debug] POST http://localhost:9090/servlet/valid.pl returned HTTP code "404" (id=1095,from_cache=0,grep=1,rtt=0.18,did=wIbtKBy7) [Wed Feb 12 09:37:59 2020 - debug] POST http://localhost:9090/modules/complete.py returned HTTP code "404" (id=1098,from_cache=0,grep=1,rtt=0.47,did=MpDpqpJd) [Wed Feb 12 09:37:59 2020 - debug] localhost:9090 connection pool stats (free:50 / in_use:3 / max:50 / total:53) [Wed Feb 12 09:37:59 2020 - debug] Connections with more in use time: (d49dc8e833c97ce2, 0.30 sec) (a5419411797e137e, 0.23 sec) (084f56a9dda1c119, 0.01 sec) [Wed Feb 12 09:37:59 2020 - debug] POST http://localhost:9090/modules/finished.pl returned HTTP code "404" (id=1100,from_cache=0,grep=1,rtt=0.15,did=08e5TftY) [Wed Feb 12 09:37:59 2020 - debug] POST http://localhost:9090/includes/payment.pl returned HTTP code "404" (id=1104,from_cache=0,grep=1,rtt=0.30,did=pE2UVKpC) [Wed Feb 12 09:37:59 2020 - debug] POST http://localhost:9090/modules/validatepayment.pl returned HTTP code "404" (id=1111,from_cache=0,grep=1,rtt=0.19,did=eXK1Y1Xx) [Wed Feb 12 09:38:00 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 133. [Wed Feb 12 09:38:00 2020 - debug] POST http://localhost:9090/includes/pay.pl returned HTTP code "404" (id=1108,from_cache=0,grep=1,rtt=0.23,did=F3ukBOx8) [Wed Feb 12 09:38:00 2020 - debug] POST http://localhost:9090/servlet/return.pl returned HTTP code "404" (id=1112,from_cache=0,grep=1,rtt=0.06,did=MjEuM8aJ) [Wed Feb 12 09:38:00 2020 - debug] POST http://localhost:9090/module/paymentsuccess.jsp returned HTTP code "404" (id=1110,from_cache=0,grep=1,rtt=0.19,did=YkY9LweT) [Wed Feb 12 09:38:00 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a6_sec_misconf" () [Wed Feb 12 09:38:00 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:6goxwzgw) [Wed Feb 12 09:38:00 2020 - debug] GET http://localhost:9090/servlet/success.aspx returned HTTP code "404" (id=1105,from_cache=0,grep=1,rtt=0.19,did=z3mKkoZ6) [Wed Feb 12 09:38:00 2020 - debug] GET http://localhost:9090/modules/validatepay.py returned HTTP code "404" (id=1113,from_cache=0,grep=1,rtt=0.28,did=t1ymrDIN) [Wed Feb 12 09:38:00 2020 - debug] GET http://localhost:9090/module/successful.py returned HTTP code "404" (id=1109,from_cache=0,grep=1,rtt=0.12,did=CI6K6SVs) [Wed Feb 12 09:38:00 2020 - debug] rfi.audit(did="6goxwzgw",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 0.78s to run [Wed Feb 12 09:38:00 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 134. [Wed Feb 12 09:38:00 2020 - debug] GET http://localhost:9090/includes/transactioncomplete.py returned HTTP code "404" (id=1115,from_cache=0,grep=1,rtt=0.15,did=gPCF2za3) [Wed Feb 12 09:38:00 2020 - debug] POST http://localhost:9090/servlet/validation.jsp returned HTTP code "404" (id=1114,from_cache=0,grep=1,rtt=0.13,did=52clxkfG) [Wed Feb 12 09:38:01 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 135. [Wed Feb 12 09:38:01 2020 - debug] GET http://localhost:9090/learn/vulnerability/a6_sec_misconf returned HTTP code "200" (id=1116,from_cache=0,grep=1,rtt=0.48,did=1p1O81sy) [Wed Feb 12 09:38:01 2020 - debug] cors_origin.audit(did="1p1O81sy",uri="http://localhost:9090/learn/vulnerability/a6_sec_misconf") took 2.62s to run (0.60s 22% sending HTTP requests) [Wed Feb 12 09:38:01 2020 - debug] POST http://localhost:9090/modules/paymentcomplete.pl returned HTTP code "404" (id=1123,from_cache=0,grep=1,rtt=0.18,did=ObXRZ9vB) [Wed Feb 12 09:38:02 2020 - debug] POST http://localhost:9090/modules/validation.pl returned HTTP code "404" (id=1125,from_cache=0,grep=1,rtt=0.08,did=s4cvxYce) [Wed Feb 12 09:38:02 2020 - debug] GET http://localhost:9090/includes/validpay.py returned HTTP code "404" (id=1119,from_cache=0,grep=1,rtt=0.36,did=15uGMLxT) [Wed Feb 12 09:38:02 2020 - debug] GET http://localhost:9090/modules/trxcomplete.py returned HTTP code "404" (id=1122,from_cache=0,grep=1,rtt=0.36,did=wIV7FyHH) [Wed Feb 12 09:38:02 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 486, 'reject-seen-url': 273, 'reject-out-of-scope': 13, 'accept': 178} [Wed Feb 12 09:38:02 2020 - debug] GET http://localhost:9090/module/validate.aspx returned HTTP code "404" (id=1120,from_cache=0,grep=1,rtt=0.32,did=X5OyiUlR) [Wed Feb 12 09:38:02 2020 - debug] GET http://localhost:9090/inc/paid.aspx returned HTTP code "404" (id=1124,from_cache=0,grep=1,rtt=0.12,did=TBannthe) [Wed Feb 12 09:38:02 2020 - debug] POST http://localhost:9090/servlet/validatepayment.jsp returned HTTP code "404" (id=1117,from_cache=0,grep=1,rtt=0.24,did=kZQpFRv8) [Wed Feb 12 09:38:02 2020 - debug] GET http://localhost:9090/learn/vulnerability/a10_logging returned HTTP code "200" (id=1118,from_cache=0,grep=0,rtt=0.18,did=wTsJgHQX) [Wed Feb 12 09:38:02 2020 - debug] The framework has 116 active threads. [Wed Feb 12 09:38:02 2020 - debug] GET http://localhost:9090/includes/completepayment.aspx returned HTTP code "404" (id=1127,from_cache=0,grep=1,rtt=0.19,did=aBQ8tVn6) [Wed Feb 12 09:38:02 2020 - debug] GET http://localhost:9090/module/completepay.aspx returned HTTP code "404" (id=1129,from_cache=0,grep=1,rtt=0.32,did=rcbQtRhH) [Wed Feb 12 09:38:02 2020 - debug] file_upload.audit(did="0uEsJM7t", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:02 2020 - debug] file_upload.audit(did="0uEsJM7t",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.00s to run [Wed Feb 12 09:38:02 2020 - debug] localhost:9090 connection pool stats (free:48 / in_use:5 / max:50 / total:53) [Wed Feb 12 09:38:02 2020 - debug] Connections with more in use time: (a5419411797e137e, 0.43 sec) (084f56a9dda1c119, 0.35 sec) (20c6fb7a85d275d0, 0.30 sec) (ff37903b27d7f8f9, 0.11 sec) (f5adb0c09c70ca09, 0.05 sec) [Wed Feb 12 09:38:02 2020 - debug] POST http://localhost:9090/module/paymentsuccessful.jsp returned HTTP code "404" (id=1128,from_cache=0,grep=1,rtt=0.41,did=zI3Azufp) [Wed Feb 12 09:38:02 2020 - debug] GET http://localhost:9090/learn/vulnerability/a1_injection returned HTTP code "200" (id=1121,from_cache=0,grep=0,rtt=0.16,did=JdfDwx3H) [Wed Feb 12 09:38:02 2020 - debug] [auth.detailed] User "admin" is currently logged into the application (did: JdfDwx3H) [Wed Feb 12 09:38:02 2020 - debug] detailed._login() took 1.53s to run [Wed Feb 12 09:38:02 2020 - debug] GET http://www.bing.com/search?q=@localhost.&FORM=PERE&first=291 returned HTTP code "200" (id=1126,from_cache=0,grep=0,rtt=1.37,did=pAhVv04N) [Wed Feb 12 09:38:02 2020 - debug] POST http://localhost:9090/inc/transactioncomplete.pl returned HTTP code "404" (id=1130,from_cache=0,grep=1,rtt=0.17,did=ZfKDlGDl) [Wed Feb 12 09:38:02 2020 - debug] POST http://localhost:9090/servlet/success.pl returned HTTP code "404" (id=1132,from_cache=0,grep=1,rtt=0.08,did=YtCNJU6C) [Wed Feb 12 09:38:02 2020 - debug] POST http://localhost:9090/inc/return.jsp returned HTTP code "404" (id=1134,from_cache=0,grep=1,rtt=0.21,did=Jdl4D7xJ) [Wed Feb 12 09:38:02 2020 - debug] POST http://localhost:9090/modules/validatepay.jsp returned HTTP code "404" (id=1133,from_cache=0,grep=1,rtt=0.09,did=g5QLxf6K) [Wed Feb 12 09:38:02 2020 - debug] GET http://localhost:9090/modules/complete.py returned HTTP code "404" (id=1135,from_cache=0,grep=1,rtt=0.24,did=WjmD4OB6) [Wed Feb 12 09:38:02 2020 - debug] csrf.audit(did="OFFqLEzG", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:02 2020 - debug] csrf.audit(did="OFFqLEzG",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.00s to run [Wed Feb 12 09:38:02 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 136. [Wed Feb 12 09:38:02 2020 - debug] POST http://localhost:9090/module/validate.pl returned HTTP code "404" (id=1138,from_cache=0,grep=1,rtt=0.07,did=iAO5gJOB) [Wed Feb 12 09:38:02 2020 - debug] deserialization.audit(did="tx8rmjdH", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:02 2020 - debug] os_commanding.audit(did="TS3QJaAO", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:02 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:TS3QJaAO) [Wed Feb 12 09:38:02 2020 - debug] GET http://localhost:9090/includes/paid.py returned HTTP code "404" (id=1137,from_cache=0,grep=1,rtt=0.44,did=IXbY9pkj) [Wed Feb 12 09:38:02 2020 - debug] POST http://localhost:9090/module/successful.jsp returned HTTP code "404" (id=1131,from_cache=0,grep=1,rtt=0.13,did=omsan8tB) [Wed Feb 12 09:38:02 2020 - debug] GET http://localhost:9090/inc/success.py returned HTTP code "404" (id=1136,from_cache=0,grep=1,rtt=0.14,did=U7DxbRyW) [Wed Feb 12 09:38:02 2020 - debug] POST http://localhost:9090/includes/validpay.jsp returned HTTP code "404" (id=1140,from_cache=0,grep=1,rtt=0.11,did=o7sPcCD7) [Wed Feb 12 09:38:02 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:03 2020 - debug] GET http://localhost:9090/module/final.aspx returned HTTP code "404" (id=1141,from_cache=0,grep=1,rtt=0.17,did=lQ0dnz18) [Wed Feb 12 09:38:03 2020 - debug] lfi.audit(did="TdDq5lOw", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:03 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:TdDq5lOw) [Wed Feb 12 09:38:03 2020 - debug] deserialization.audit(did="tx8rmjdH",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.21s to run [Wed Feb 12 09:38:03 2020 - debug] sqli.audit(did="lmGgYxe7", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:03 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:lmGgYxe7) [Wed Feb 12 09:38:03 2020 - debug] GET http://localhost:9090/includes/pay.pl returned HTTP code "404" (id=1145,from_cache=0,grep=1,rtt=0.25,did=ZMLyeXoB) [Wed Feb 12 09:38:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:03 2020 - debug] GET http://localhost:9090/servlet/valid.pl returned HTTP code "404" (id=1139,from_cache=0,grep=1,rtt=0.37,did=kXLUzSg1) [Wed Feb 12 09:38:03 2020 - debug] POST http://localhost:9090/modules/trxcomplete.jsp returned HTTP code "404" (id=1144,from_cache=0,grep=1,rtt=0.26,did=wyVUr4yi) [Wed Feb 12 09:38:03 2020 - debug] POST http://localhost:9090/includes/transactioncomplete.jsp returned HTTP code "404" (id=1147,from_cache=0,grep=1,rtt=0.50,did=G4HfWMTC) [Wed Feb 12 09:38:03 2020 - debug] GET http://localhost:9090/modules/finished.pl returned HTTP code "404" (id=1142,from_cache=0,grep=1,rtt=0.28,did=6qLcRiH7) [Wed Feb 12 09:38:03 2020 - debug] os_commanding.audit(did="TS3QJaAO",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.29s to run [Wed Feb 12 09:38:03 2020 - debug] lfi.audit(did="TdDq5lOw",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.10s to run [Wed Feb 12 09:38:03 2020 - debug] blind_sqli.audit(did="9Xq0JWEx", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:03 2020 - debug] GET http://www.google.com/search?q=site:localhost inurl:zebra.conf intext:password -sample -test -tutorial -download&start=0&sa=N&hl=en returned HTTP code "200" (id=1146,from_cache=0,grep=1,rtt=0.78,did=jLRqCCjY) [Wed Feb 12 09:38:03 2020 - debug] sqli.audit(did="lmGgYxe7",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.17s to run [Wed Feb 12 09:38:03 2020 - debug] POST http://localhost:9090/includes/completepayment.pl returned HTTP code "404" (id=1148,from_cache=0,grep=1,rtt=0.09,did=jDR2EbUv) [Wed Feb 12 09:38:03 2020 - debug] phishing_vector.audit(did="R2lfJKJ3", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:03 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:R2lfJKJ3) [Wed Feb 12 09:38:03 2020 - debug] POST http://localhost:9090/inc/paid.pl returned HTTP code "404" (id=1153,from_cache=0,grep=1,rtt=0.27,did=73mZgD8a) [Wed Feb 12 09:38:03 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 137. [Wed Feb 12 09:38:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:03 2020 - debug] blind_sqli.audit(did="9Xq0JWEx",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.11s to run [Wed Feb 12 09:38:03 2020 - debug] Finished audit.phishing_vector (did=R2lfJKJ3) [Wed Feb 12 09:38:03 2020 - debug] phishing_vector.audit(did="R2lfJKJ3",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.04s to run [Wed Feb 12 09:38:03 2020 - debug] Google search for: 'site:localhost inurl:zebra.conf intext:password -sample -test -tutorial -download' returned 0 unique results [Wed Feb 12 09:38:03 2020 - debug] generic.audit(did="51u68ex7", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:03 2020 - debug] generic.audit(did="51u68ex7",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.00s to run [Wed Feb 12 09:38:03 2020 - debug] format_string.audit(did="X2rkfnI4", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:03 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:03 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:X2rkfnI4) [Wed Feb 12 09:38:03 2020 - debug] format_string.audit(did="X2rkfnI4",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.02s to run [Wed Feb 12 09:38:03 2020 - debug] GET http://localhost:9090/inc/validpay.aspx returned HTTP code "404" (id=1143,from_cache=0,grep=1,rtt=0.18,did=HR1qmKpJ) [Wed Feb 12 09:38:03 2020 - debug] http_in_body.grep(uri="http://localhost:9090/DMIoG") took 3.93s to run [Wed Feb 12 09:38:03 2020 - debug] GET http://localhost:9090/inc/valid.py returned HTTP code "404" (id=1151,from_cache=0,grep=1,rtt=0.28,did=he1tKpnw) [Wed Feb 12 09:38:03 2020 - debug] url_session.grep(uri="http://localhost:9090/DMIoG") took 3.38s to run [Wed Feb 12 09:38:03 2020 - debug] Updating socket timeout for localhost from 3.00 to 3.00 seconds [Wed Feb 12 09:38:03 2020 - debug] html_comments.grep(uri="http://localhost:9090/DMIoG") took 3.56s to run [Wed Feb 12 09:38:03 2020 - debug] form_autocomplete.grep(uri="http://localhost:9090/DMIoG") took 3.57s to run [Wed Feb 12 09:38:03 2020 - debug] http_auth_detect.grep(uri="http://localhost:9090/DMIoG") took 3.53s to run [Wed Feb 12 09:38:03 2020 - debug] strange_parameters.grep(uri="http://localhost:9090/DMIoG") took 3.53s to run [Wed Feb 12 09:38:03 2020 - debug] form_cleartext_password.grep(uri="http://localhost:9090/DMIoG") took 3.58s to run [Wed Feb 12 09:38:04 2020 - debug] POST http://localhost:9090/module/completepay.pl returned HTTP code "404" (id=1149,from_cache=0,grep=1,rtt=0.16,did=LbWKIIWz) [Wed Feb 12 09:38:04 2020 - debug] GET http://localhost:9090/modules/validation.pl returned HTTP code "404" (id=1154,from_cache=0,grep=1,rtt=0.11,did=Jt9G0ypi) [Wed Feb 12 09:38:04 2020 - debug] GET http://localhost:9090/servlet/validation.jsp returned HTTP code "404" (id=1150,from_cache=0,grep=1,rtt=0.14,did=9HopnOv2) [Wed Feb 12 09:38:04 2020 - debug] POST http://localhost:9090/modules/complete.jsp returned HTTP code "404" (id=1152,from_cache=0,grep=1,rtt=0.28,did=LugXim6H) [Wed Feb 12 09:38:04 2020 - debug] GET http://localhost:9090/servlet/success.pl returned HTTP code "404" (id=1155,from_cache=0,grep=1,rtt=0.12,did=ZGnjDPzr) [Wed Feb 12 09:38:04 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 138. [Wed Feb 12 09:38:04 2020 - debug] GET http://localhost:9090/module/paymentsuccessful.jsp returned HTTP code "404" (id=1156,from_cache=0,grep=1,rtt=0.09,did=lRuXZ8Fu) [Wed Feb 12 09:38:04 2020 - debug] websocket_hijacking.audit(did="8YKAZR7K", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:04 2020 - debug] websocket_hijacking.audit(did="8YKAZR7K",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.08s to run [Wed Feb 12 09:38:04 2020 - debug] shell_shock.audit(did="Ao4zD4Cf", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:04 2020 - debug] GET http://localhost:9090/servlet/validatepayment.jsp returned HTTP code "404" (id=1158,from_cache=0,grep=1,rtt=0.20,did=eYr45gXh) [Wed Feb 12 09:38:04 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 139. [Wed Feb 12 09:38:04 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 140. [Wed Feb 12 09:38:04 2020 - debug] memcachei.audit(did="wcoxqWAM", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:04 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:04 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:wcoxqWAM) [Wed Feb 12 09:38:04 2020 - debug] symfony.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] POST http://localhost:9090/inc/success.jsp returned HTTP code "404" (id=1157,from_cache=0,grep=1,rtt=0.19,did=GZD2lS2U) [Wed Feb 12 09:38:04 2020 - debug] svn_users.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] wsdl_greper.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] private_ip.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] cross_domain_js.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] xss_protection_header.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] memcachei.audit(did="wcoxqWAM",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.05s to run [Wed Feb 12 09:38:04 2020 - debug] expect_ct.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] POST http://localhost:9090/includes/paid.jsp returned HTTP code "404" (id=1159,from_cache=0,grep=1,rtt=0.38,did=F3dSJcay) [Wed Feb 12 09:38:04 2020 - debug] un_ssl.audit(did="rx54Bdw0", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:04 2020 - debug] un_ssl.audit(did="rx54Bdw0",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] POST http://localhost:9090/includes/pay.php3 returned HTTP code "404" (id=1160,from_cache=0,grep=1,rtt=0.27,did=awTMTZrK) [Wed Feb 12 09:38:04 2020 - debug] file_upload.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] motw.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] meta_generator.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] retirejs.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] code_disclosure.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] serialized_object.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] blank_body.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] path_disclosure.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] strange_http_codes.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] credit_cards.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] websockets_links.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] csp.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] dom_xss.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] localhost:9090 connection pool stats (free:50 / in_use:3 / max:50 / total:53) [Wed Feb 12 09:38:04 2020 - debug] Connections with more in use time: (a5419411797e137e, 0.30 sec) (084f56a9dda1c119, 0.06 sec) (20c6fb7a85d275d0, 0.06 sec) [Wed Feb 12 09:38:04 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 141. [Wed Feb 12 09:38:04 2020 - debug] GET http://localhost:9090/modules/paymentcomplete.pl returned HTTP code "404" (id=1161,from_cache=0,grep=1,rtt=0.45,did=bgOAcC0I) [Wed Feb 12 09:38:04 2020 - debug] strict_transport_security.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] keys.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] clamav.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] ldapi.audit(did="eR44OXrP", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:04 2020 - debug] buffer_overflow.audit(did="3sO9bdo4", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:04 2020 - debug] dot_net_event_validation.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] objects.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] error_500.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] meta_tags.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] password_profiling.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] click_jacking.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:04 2020 - debug] directory_indexing.grep(uri="http://localhost:9090/ntop/") took 0.01s to run [Wed Feb 12 09:38:04 2020 - debug] lang.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:05 2020 - debug] POST http://localhost:9090/modules/finished.php3 returned HTTP code "404" (id=1162,from_cache=0,grep=1,rtt=0.22,did=5cwWMK1i) [Wed Feb 12 09:38:05 2020 - debug] redos.audit(did="IWXcKqyb", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:05 2020 - debug] POST http://localhost:9090/module/final.pl returned HTTP code "404" (id=1164,from_cache=0,grep=1,rtt=0.13,did=xUjl3LYP) [Wed Feb 12 09:38:05 2020 - debug] POST http://localhost:9090/servlet/valid.php3 returned HTTP code "404" (id=1165,from_cache=0,grep=1,rtt=0.11,did=2eRCU9vL) [Wed Feb 12 09:38:05 2020 - debug] GET http://localhost:9090/module/paymentsuccess.jsp returned HTTP code "404" (id=1167,from_cache=0,grep=1,rtt=0.36,did=p7oXC9vg) [Wed Feb 12 09:38:05 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:05 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:05 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:eR44OXrP) [Wed Feb 12 09:38:05 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 142. [Wed Feb 12 09:38:05 2020 - debug] vulners_db.grep(uri="http://localhost:9090/ntop/") took 0.31s to run [Wed Feb 12 09:38:05 2020 - debug] hash_analysis.grep(uri="http://localhost:9090/ntop/") took 0.00s to run [Wed Feb 12 09:38:05 2020 - debug] GET http://localhost:9090/module/successful.jsp returned HTTP code "404" (id=1166,from_cache=0,grep=1,rtt=0.17,did=eINDpyHp) [Wed Feb 12 09:38:05 2020 - debug] xpath.audit(did="kHx4LH5S", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:05 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:05 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:kHx4LH5S) [Wed Feb 12 09:38:05 2020 - debug] global_redirect.audit(did="S0SduGjU", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:05 2020 - debug] GET http://localhost:9090/modules/trxcomplete.jsp returned HTTP code "404" (id=1168,from_cache=0,grep=1,rtt=0.18,did=yhEP0Qqj) [Wed Feb 12 09:38:05 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:05 2020 - debug] send_mutants_in_threads will send 0 HTTP requests (did:S0SduGjU) [Wed Feb 12 09:38:05 2020 - debug] buffer_overflow.audit(did="3sO9bdo4",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.50s to run [Wed Feb 12 09:38:05 2020 - debug] POST http://localhost:9090/servlet/validation.rb returned HTTP code "404" (id=1170,from_cache=0,grep=1,rtt=0.20,did=WIeYWmIn) [Wed Feb 12 09:38:05 2020 - debug] GET http://localhost:9090/servlet/finished.jsp returned HTTP code "404" (id=1163,from_cache=0,grep=1,rtt=0.17,did=3e9QOdWd) [Wed Feb 12 09:38:05 2020 - debug] POST http://localhost:9090/inc/valid.jsp returned HTTP code "404" (id=1171,from_cache=0,grep=1,rtt=0.16,did=7dZFE9qv) [Wed Feb 12 09:38:05 2020 - debug] http_in_body.grep(uri="http://localhost:9090/ntop/") took 0.92s to run [Wed Feb 12 09:38:06 2020 - debug] form_autocomplete.grep(uri="http://localhost:9090/ntop/") took 0.74s to run [Wed Feb 12 09:38:06 2020 - debug] POST http://localhost:9090/servlet/validatepayment.rb returned HTTP code "404" (id=1169,from_cache=0,grep=1,rtt=0.19,did=SHWzDrg9) [Wed Feb 12 09:38:06 2020 - debug] url_session.grep(uri="http://localhost:9090/ntop/") took 0.62s to run [Wed Feb 12 09:38:06 2020 - debug] cors_origin.audit(did="dyXDtEef", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:06 2020 - debug] form_cleartext_password.grep(uri="http://localhost:9090/ntop/") took 0.83s to run [Wed Feb 12 09:38:06 2020 - debug] Created 0 mutants for "Method: GET | http://localhost:9090/learn/vulnerability/a10_logging" () [Wed Feb 12 09:38:06 2020 - debug] error_pages.grep(uri="http://localhost:9090/ntop/") took 0.27s to run [Wed Feb 12 09:38:06 2020 - debug] ldapi.audit(did="eR44OXrP",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.80s to run [Wed Feb 12 09:38:06 2020 - debug] strange_parameters.grep(uri="http://localhost:9090/ntop/") took 0.67s to run [Wed Feb 12 09:38:06 2020 - debug] html_comments.grep(uri="http://localhost:9090/ntop/") took 0.81s to run [Wed Feb 12 09:38:06 2020 - debug] http_auth_detect.grep(uri="http://localhost:9090/ntop/") took 0.77s to run [Wed Feb 12 09:38:06 2020 - debug] xpath.audit(did="kHx4LH5S",uri="http://localhost:9090/learn/vulnerability/a10_logging") took 0.27s to run [Wed Feb 12 09:38:06 2020 - debug] CachedQueue.put() will write a 'int' item to the GrepIn DiskDict. This uses more CPU and disk IO than storing in memory but will avoid high memory usage issues. The current GrepIn DiskDict size is 143. [Wed Feb 12 09:38:06 2020 - debug] Worker with ID GrepWorker(0w4luJLJ) is idle. [Wed Feb 12 09:38:06 2020 - debug] Worker with ID GrepWorker(YkMMRUeq) is idle. [Wed Feb 12 09:38:06 2020 - debug] Worker with ID GrepWorker(XRNlNlu5) is idle. [Wed Feb 12 09:38:06 2020 - debug] Worker with ID GrepWorker(SyXCPA2t) is idle. [Wed Feb 12 09:38:06 2020 - debug] Worker with ID GrepWorker(2XKnj13Q) is idle. [Wed Feb 12 09:38:06 2020 - debug] Worker with ID GrepWorker(xNlctAVQ) is idle. [Wed Feb 12 09:38:06 2020 - debug] Worker with ID GrepWorker(qExgSbEO) is idle. [Wed Feb 12 09:38:06 2020 - debug] Worker with ID GrepWorker(MDWE44QH) is idle. [Wed Feb 12 09:38:06 2020 - debug] 80% of GrepWorker workers are idle. [Wed Feb 12 09:38:06 2020 - debug] GrepWorker worker pool internal thread state: (worker: True, task: True, result: True) [Wed Feb 12 09:38:06 2020 - debug] htaccess_methods.audit(did="zXK47Vxj", uri="http://localhost:9090/learn/vulnerability/a10_logging") [Wed Feb 12 09:38:06 2020 - debug] Worker with ID WorkerThread(eMhX1dy3) has been running job 1445 for 16.56 seconds. The job is: _send_requests(((, , , , , , , , , kwargs={}) [Wed Feb 12 09:38:06 2020 - debug] Worker with ID CrawlInfraWorker(6gcxf74d) has been running job 532 for 29.27 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:38:06 2020 - debug] Worker with ID CrawlInfraWorker(NjMjnrCb) has been running job 627 for 17.58 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:38:06 2020 - debug] Worker with ID CrawlInfraWorker(SVfxFVXP) has been running job 54 for 62.92 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:38:06 2020 - debug] Worker with ID CrawlInfraWorker(br5sQhGq) has been running job 550 for 28.91 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:38:06 2020 - debug] Worker with ID CrawlInfraWorker(N5yqeDHB) has been running job 247 for 47.32 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:38:06 2020 - debug] Worker with ID CrawlInfraWorker(XyVz5jPE) has been running job 267 for 39.70 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:38:06 2020 - debug] Worker with ID CrawlInfraWorker(ubgDPgOi) has been running job 606 for 20.69 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:38:06 2020 - debug] Worker with ID CrawlInfraWorker(z6MGDQIP) has been running job 461 for 38.15 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:38:06 2020 - debug] Worker with ID CrawlInfraWorker(1i39mCZz) has been running job 127 for 61.93 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:38:06 2020 - debug] 0% of CrawlInfraWorker workers are idle. [Wed Feb 12 09:38:06 2020 - debug] CrawlInfraWorker worker pool internal thread state: (worker: True, task: True, result: True) [Wed Feb 12 09:38:06 2020 - debug] CrawlInfraWorker worker pool has 99 tasks in inqueue and 0 tasks in outqueue [Wed Feb 12 09:38:06 2020 - debug] Worker with ID WorkerThread(lqDVDrY6) has been running job 1445 for 16.51 seconds. The job is: _send_requests(((, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , kwargs={}) [Wed Feb 12 09:39:12 2020 - debug] Worker with ID CrawlInfraWorker(6gcxf74d) has been running job 532 for 59.50 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:39:12 2020 - debug] Worker with ID CrawlInfraWorker(NjMjnrCb) has been running job 627 for 47.82 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:39:12 2020 - debug] Worker with ID CrawlInfraWorker(SVfxFVXP) has been running job 54 for 93.15 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:39:12 2020 - debug] Worker with ID CrawlInfraWorker(br5sQhGq) has been running job 550 for 59.15 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:39:12 2020 - debug] Worker with ID CrawlInfraWorker(N5yqeDHB) has been running job 247 for 77.55 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:39:12 2020 - debug] Worker with ID CrawlInfraWorker(XyVz5jPE) has been running job 267 for 69.93 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:39:13 2020 - debug] Worker with ID CrawlInfraWorker(ubgDPgOi) has been running job 606 for 50.92 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:39:13 2020 - debug] Worker with ID CrawlInfraWorker(z6MGDQIP) has been running job 628 for 21.77 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:39:13 2020 - debug] Worker with ID CrawlInfraWorker(1i39mCZz) has been running job 127 for 92.16 seconds. The job is: _discover_worker(, , kwargs={}) [Wed Feb 12 09:39:13 2020 - debug] 0% of CrawlInfraWorker workers are idle. [Wed Feb 12 09:39:13 2020 - debug] CrawlInfraWorker worker pool internal thread state: (worker: True, task: True, result: True) [Wed Feb 12 09:39:13 2020 - debug] CrawlInfraWorker worker pool has 99 tasks in inqueue and 0 tasks in outqueue [Wed Feb 12 09:39:13 2020 - debug] POST http://localhost:9090/inc/validatepay returned HTTP code "404" (id=1746,from_cache=0,grep=1,rtt=0.25,did=loMhd6B6) [Wed Feb 12 09:39:13 2020 - debug] Grep consumer should_grep() stats: {'reject-seen-body': 751, 'reject-seen-url': 578, 'reject-out-of-scope': 21, 'accept': 200} [Wed Feb 12 09:39:13 2020 - debug] Worker with ID WorkerThread(lqDVDrY6) has been running job 1445 for 46.84 seconds. The job is: _send_requests(((, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,