w3af-users

[W3af-users] incredibly slow crawling and auditing

[Vojtěch P. <kr...@gm...>]

Greetings,
I am testing a web application with lots of Javascript with W3AF. I use
spider_man to gather starting information and I use almost all audit
plugins but no other crawling plugins.
I browsed just through two pages and submitted one form with spider_man
to get some starting data.
Unfortunatelly W3AF scans the application for terribly long time. It
goes from for example 300 requests per minute to 10 per minute and still
going lower.
When I press enter during scanning it is showing still the same crawling
and auditing url, just the number of requests is dropping.
I can post you some more information about used plugins if you need it.
Why is this happening?
Thanks and best regards,
Vojta

Re: [W3af-users] incredibly slow crawling and auditing

[Andres R. <and...@gm...>]

On Fri, Jan 8, 2016 at 6:40 AM, Vojtěch Polášek <kr...@gm...> wrote:
> Greetings,
> I am testing a web application with lots of Javascript with W3AF. I use
> spider_man to gather starting information and I use almost all audit
> plugins but no other crawling plugins.
> I browsed just through two pages and submitted one form with spider_man
> to get some starting data.
> Unfortunatelly W3AF scans the application for terribly long time. It
> goes from for example 300 requests per minute to 10 per minute and still
> going lower.
> When I press enter during scanning it is showing still the same crawling
> and auditing url, just the number of requests is dropping.
> I can post you some more information about used plugins if you need it.
> Why is this happening?

I've seen this issue too, not sure why it happens, might be related
with [0] but I'm unsure.

[0] https://github.com/andresriancho/w3af/issues/12505

> Thanks and best regards,
> Vojta
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

Re: [W3af-users] incredibly slow crawling and auditing

[Vojtěch P. <kr...@gm...>]

Hi,
okay and can I offer any help with this? I have chosen W3AF as part of
my bachelor thesis and this presents a big problem for me, because I
can't test the provided application. Offcourse this is not the only reason.
Best regards,
Vojta


Dne 8.1.2016 v 12:41 Andres Riancho napsal(a):
> On Fri, Jan 8, 2016 at 6:40 AM, Vojtěch Polášek <kr...@gm...> wrote:
>> Greetings,
>> I am testing a web application with lots of Javascript with W3AF. I use
>> spider_man to gather starting information and I use almost all audit
>> plugins but no other crawling plugins.
>> I browsed just through two pages and submitted one form with spider_man
>> to get some starting data.
>> Unfortunatelly W3AF scans the application for terribly long time. It
>> goes from for example 300 requests per minute to 10 per minute and still
>> going lower.
>> When I press enter during scanning it is showing still the same crawling
>> and auditing url, just the number of requests is dropping.
>> I can post you some more information about used plugins if you need it.
>> Why is this happening?
> I've seen this issue too, not sure why it happens, might be related
> with [0] but I'm unsure.
>
> [0] https://github.com/andresriancho/w3af/issues/12505
>
>> Thanks and best regards,
>> Vojta
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> W3af-users mailing list
>> W3a...@li...
>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>

Re: [W3af-users] incredibly slow crawling and auditing

[Andrew K. <aki...@gm...>]

Here's a thought...  Install some memory dumping tool and dump the process
memory to see what is actually in it?  Might be faster than trial and error
and looking at each individual plugin and whittling away at features.

On Fri, Jan 8, 2016 at 6:51 AM, Vojtěch Polášek <kr...@gm...> wrote:

> Hi,
> okay and can I offer any help with this? I have chosen W3AF as part of
> my bachelor thesis and this presents a big problem for me, because I
> can't test the provided application. Offcourse this is not the only reason.
> Best regards,
> Vojta
>
>
> Dne 8.1.2016 v 12:41 Andres Riancho napsal(a):
> > On Fri, Jan 8, 2016 at 6:40 AM, Vojtěch Polášek <kr...@gm...>
> wrote:
> >> Greetings,
> >> I am testing a web application with lots of Javascript with W3AF. I use
> >> spider_man to gather starting information and I use almost all audit
> >> plugins but no other crawling plugins.
> >> I browsed just through two pages and submitted one form with spider_man
> >> to get some starting data.
> >> Unfortunatelly W3AF scans the application for terribly long time. It
> >> goes from for example 300 requests per minute to 10 per minute and still
> >> going lower.
> >> When I press enter during scanning it is showing still the same crawling
> >> and auditing url, just the number of requests is dropping.
> >> I can post you some more information about used plugins if you need it.
> >> Why is this happening?
> > I've seen this issue too, not sure why it happens, might be related
> > with [0] but I'm unsure.
> >
> > [0] https://github.com/andresriancho/w3af/issues/12505
> >
> >> Thanks and best regards,
> >> Vojta
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> _______________________________________________
> >> W3af-users mailing list
> >> W3a...@li...
> >> https://lists.sourceforge.net/lists/listinfo/w3af-users
> >
> >
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>

Re: [W3af-users] incredibly slow crawling and auditing

[Andres R. <and...@gm...>]

Been there, done that, not so easy as it sounds. See these repos with
tools I created to analyze w3af performance issues:

https://github.com/andresriancho/collector/
https://github.com/andresriancho/w3af-performance-analysis/

You (and anyone else on the list) is more than welcome to run these
tools, collect memory usage data and help me find the problem :)

On Fri, Jan 8, 2016 at 9:17 PM, Andrew King <aki...@gm...> wrote:
> Here's a thought...  Install some memory dumping tool and dump the process
> memory to see what is actually in it?  Might be faster than trial and error
> and looking at each individual plugin and whittling away at features.
>
> On Fri, Jan 8, 2016 at 6:51 AM, Vojtěch Polášek <kr...@gm...> wrote:
>>
>> Hi,
>> okay and can I offer any help with this? I have chosen W3AF as part of
>> my bachelor thesis and this presents a big problem for me, because I
>> can't test the provided application. Offcourse this is not the only
>> reason.
>> Best regards,
>> Vojta
>>
>>
>> Dne 8.1.2016 v 12:41 Andres Riancho napsal(a):
>> > On Fri, Jan 8, 2016 at 6:40 AM, Vojtěch Polášek <kr...@gm...>
>> > wrote:
>> >> Greetings,
>> >> I am testing a web application with lots of Javascript with W3AF. I use
>> >> spider_man to gather starting information and I use almost all audit
>> >> plugins but no other crawling plugins.
>> >> I browsed just through two pages and submitted one form with spider_man
>> >> to get some starting data.
>> >> Unfortunatelly W3AF scans the application for terribly long time. It
>> >> goes from for example 300 requests per minute to 10 per minute and
>> >> still
>> >> going lower.
>> >> When I press enter during scanning it is showing still the same
>> >> crawling
>> >> and auditing url, just the number of requests is dropping.
>> >> I can post you some more information about used plugins if you need it.
>> >> Why is this happening?
>> > I've seen this issue too, not sure why it happens, might be related
>> > with [0] but I'm unsure.
>> >
>> > [0] https://github.com/andresriancho/w3af/issues/12505
>> >
>> >> Thanks and best regards,
>> >> Vojta
>> >>
>> >>
>> >>
>> >> ------------------------------------------------------------------------------
>> >> _______________________________________________
>> >> W3af-users mailing list
>> >> W3a...@li...
>> >> https://lists.sourceforge.net/lists/listinfo/w3af-users
>> >
>> >
>>
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> W3af-users mailing list
>> W3a...@li...
>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3