Clone wiki


Home | Installation | Usage | DerbyCon Talk | FAQ

Memory / Bandwidth Issues:

  • try reducing the number of threads in conf/ - nthreads
  • a sweet spot for the PWNPlug is 10 threads
  • for slow connections or slow loading sites, try increasing the ss_delay in conf/

Large websites (spider timeouts, crawl taking forever)

  • try using a smaller scope using --blacklist-urls or --alt-domains
  • use preset 1 or 2 (-S<preset>)
  • Presets can be viewed in conf/

Q: Why are there multiple entries for just one hostname?

A: NMap can provide multiple 'hostnames' for each host. Among these are PTR(reverse DNS lookup), and the hostname(usually not present). RAWR throws the IP and the hostname(if provided) into the mix and removes any duplicates. If the Bing>DNS function is run, you may have 50+ more to work with *per IP*. Visiting these destinations in a browser can give you as many different pages if, for example, the site is on shared hosting. While there is consideration for shared hosting (html report switches to selection by hostname if all IPs are the same), I wanted RAWR to provide all of the information possible, so each one of these is included separately in the report. Future plans include the use of a nosqlite database, so we can keep track of hosts and remove duplicates before the enumeration phase.

Q: What's this mean? -> "phantomjs: error while loading shared libraries: cannot open shared object file: No such file or directory"

A: (From the phantomJS site) There are some base libraries necessary for rendering (FreeType, Fontconfig) and the basic font files are available in the system. I've come across some headless servers that don't have these libraries installed.

For Ubuntu Linux:

  • sudo apt-get install build-essential chrpath git-core libssl-dev libfontconfig1-dev

For Amazon EC2 AMI and CentOS/RHEL 6:

  • sudo yum install gcc gcc-c++ make openssl-devel freetype-devel fontconfig-devel*

Q: Why don't images show up in the HTML for IE10, chrome, etc.?

A: These browsers don't allow local file calls. Since we're pulling the images out of your scan folder, they're not allowed by default. You can make a few changes to some of these browsers to allow for it, but I haven't researched the methods for each one at this time.