Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot kill hanging scan on sites without SSL/TLS #108

Open
stitch opened this issue Jul 12, 2018 · 3 comments
Open

Cannot kill hanging scan on sites without SSL/TLS #108

stitch opened this issue Jul 12, 2018 · 3 comments

Comments

@stitch
Copy link
Contributor

stitch commented Jul 12, 2018

How to quit/kill/stop the script when it hangs? Is there a keyboard command, escape key that works?

The manual points out that:
"If the specified targets accepts connections but does not speak SSL, the connection will be closed after the system's TCP/IP-timeout. This script will hang (about 2-3 minutes)."

I've found that the hang is indefinite scanning a non-tls site with the following command:
docker run --rm -it owasp/o-saft --trace-key --legacy=quick +check arnhem.nl:80

As suggested the --ssl-error-max= (or --no-ssl-error) can be used. After the script hangs, this counter does not increase. Thus using a --ssl-error-max= with a too high value might be a risk of a hang. This is enough for a workaround for this issue 😄

docker run --rm -it owasp/o-saft --trace-key --legacy=quick +check arnhem.nl:80
=== reading: ./.o-saft.pl (RC-FILE done) ===
=== reading: /O-Saft/o-saft-dbx.pm (trace file done) ===
=== reading: /usr/local/share/perl5/site_perl/IO/Socket/SSL.pm (IO SSL module done) ===
=== reading: /usr/share/perl5/core_perl/Time/Local.pm (Time module done) ===
=== reading: /O-Saft/Net/SSLinfo.pm (O-Saft module done) ===
**WARNING: 143: SSL version 'TLSv13': not supported by Net::SSLeay; not checked
**WARNING: 066: 7 data and check outputs are disbaled due to use of '--no-out':
!!Hint: use  '--v'  for more information
!!Hint: do not use '--ignore-out=*' or '--no-out=*' options
**WARNING: 410: SSLv2 does not support SNI; checks skipped
!!Hint: use '--no-sni' for checking
**WARNING: 410: SSLv3 does not support SNI; checks skipped
!!Hint: use '--no-sni' for checking
**WARNING: 302: TLSv1: (31 of 193 ciphers checked) abort connection attempts after 5 max errors
!!Hint: use  --no-ssl-error  or  --ssl-error-max=  to continue connecting
**WARNING: 301: TLSv11: (8 of 193 ciphers checked) abort connection attempts after 10 total errors
!!Hint: use  --no-ssl-error  or  --ssl-error-max=  to continue connecting
**WARNING: 301: TLSv12: (21 of 193 ciphers checked) abort connection attempts after 10 total errors
!!Hint: use  --no-ssl-error  or  --ssl-error-max=  to continue connecting
^C
^C^C^C^C^C^C^C^C
^C^C^C^C^C^[^[^[^[^[^[
@EnDe
Copy link
Member

EnDe commented Jul 12, 2018

Ok, I'll answer according the subject of this issue: cannot kill hanging scan

Up to now, this is a known run-time issue, it's also documented.
Hence I'd like to mark this as "enhancement request".

@EnDe
Copy link
Member

EnDe commented Jul 12, 2018

according "How to quit/kill/stop the script when it hangs?"
Depends on your shell and/or operating system. In plain shell on *nix Ctrl-C should work. If it is in a VM, depends on your VM preferences too. If it is in docker, I guess you need to kill the container:
docker container kill
may be rm also works
docker container rm

@EnDe EnDe added the question label Nov 13, 2024
@EnDe
Copy link
Member

EnDe commented Nov 13, 2024

This problem still exists today (2024) with docker and even podman.
The only workaround known so far is to kill all corresponding docker and containerd, or podman and conman, processes.
In *IX world kill -9 ... must be used. Note that stoppping the dockerd daemon most likely also does not stop/kill all running processes.

As there is no way from the parent process to stop in a clean way, this issue should be closed but we keep it open as "question".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants