Re: [W3af-users] Blocked scan & error database

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Miguel,

    Please read inline,

On Thu, Feb 19, 2015 at 5:49 AM, Miguel Ángel Martínez Martínez
<mig...@ho...> wrote:
> Hallo!,
>
> I am a beginner user regarding W3af. I am scanning several external web
> pages with the following configuration:
>
> profile: full_audit / OWASP_TOP10
> max_requests_per_second: 2

That's REALLY LOW, 2 requests per second is going to slow down the
scan horribly.

> 1. The scan of a specific web page takes a lot to finish and in the end,
> this error happens:
>
> Database disk image is malformed

Are you able to reproduce this every time you run the scan? If so,
please follow this [0] guide to report a bug with all the info we'll
need to fix it

[0] http://docs.w3af.org/en/latest/report-a-bug.html

> As a result, the html report has no content.
>
> 2. The scan of another web page finishes very quickly (it takes less than a
> minute), but I am afraid that it's being blocked.
>
> **IMPORTANT** The following error was detected by w3af and couldn't be
> resolved: w3af found too many consecutive errors while performing HTTP
> requests. In most cases this means that the remote web server is not
> reachable anymore, the network is down, or a WAF is blocking our tests. The
> last error message was "HTTP timeout error after 10.0 seconds."
>
> How can I try to evade the system that is blocking the test?

If it finishes so quickly the remote system might be blocking
connections based on the user agent, you can try to change that in
w3af's configuration.

> Thanks & regards.
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>

-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3