Comments (5)
epi052
commented on July 27, 2024
@Raywando Good morning, and thank you for the report! It looks like this is a target I won't be able to test against to reproduce (judging by your blocking of the domain), so I'd like to ask a few questions:
- What OS are you using?
- What is the output of
ulimit -Snandulimit -Hnon your system? - How many directories were being scanned when you took the screenshot above?
Looking at your screenshot, I see No file descriptors available which is why I'd like to see your system's open file limit with the ulimit commands. That particular problem can be solved by increasing the number of open files your OS allows. On my Kali install, the default was 1024, and I know some MacOS installs use 256 😕. There are a few options to increase the number of open files, but I'll show one here and link to more (linux assumed).
Edit /etc/security/limits.conf to include the two lines below. * is all users. hard and soft indicate the hard and soft limits for the OS. nofile is the number of open files option.
/etc/security/limits.conf
-------------------------
...
* soft nofile 4096
* hard nofile 8192
...
I'm not arguing that you saw 100% CPU usage. I also agree that limiting the number of recursive calls with a queue is likely the correct approach to resolving that particular situation. However, I do think you have two things going on at once, and would like to see what happens when we eliminate one of them.
If you're willing and able, I'd love to hear what happens when you increase your open file limit and rescan. Thanks again!
from feroxbuster.
epi052
commented on July 27, 2024
I modified the title of the issue to drive folks here that have the no file descriptors available error message, since a solution to that is provided. I'll open an issue to update the readme with a section on open files here soon.
from feroxbuster.
Raywando
commented on July 27, 2024
Hi @epi052, Thanks for the response.
Here is the information you asked for
And my machine is Linux - Ubuntu 18.04
Although I only got these errors when my CPU usage was %100 used, so I don't think there is anything else wrong. As for the domain, I can send it to you somehow privately if you want so you can test it yourself since it contains a lot of recursions (Maybe on Twitter. My handle: @Raywando).
Thanks again for the efforts!
from feroxbuster.
epi052
commented on July 27, 2024
I'd recommend upping your soft limit to something like 4096 by running ulimit -n 4096. CPU usage and open file exhaustion are two separate problems. I've personally had roughly 12 directories (default -t 50) being scanned concurrently without seeing the open file limit hit; after having set my limit to 4096 (also ubuntu). The exact number for the file limit will vary based on your exact setup and the scan performed, but 4096 is pretty reasonable in my opinion.
I have been watching the CPU usage during testing and still agree that it could use some tuning.
Try raising your soft limit and let me know how it goes. Thanks again!
from feroxbuster.
epi052
commented on July 27, 2024
Removed no file descriptors available from the title, as the README has been updated with a section for that problem specifically.
from feroxbuster.
Related Issues (20)
- [FEATURE REQUEST] Implementation of scan time limits per individual url when fuzzing in parallel HOT 12
- [BUG] Links are not recursed HOT 1
- [BUG] Directories are not enumerated if directory has no trailing slash HOT 5
- [BUG] deb file seems not in Releases section HOT 5
- [BUG] Redirect loop at /robots.txt causes application to hang HOT 5
- Can't Open Wordlist HOT 3
- [FEATURE REQUEST] Option to include banner in output file HOT 3
- FeroxBuster giving no result for the existing directory HOT 7
- emojis are not showing up in the banner HOT 2
- [FEATURE REQUEST] improve json logs for post processing HOT 8
- errors HOT 2
- [FEATURE REQUEST] Include Raw Request instead of Headers HOT 1
- [FEATURE REQUEST] Improved POSTs requests (1): automatic Content-type HOT 1
- [FEATURE REQUEST] Improved POSTs requests (2): automatic POST HTTP verb when using --data HOT 6
- [BUG] Mishandling of whitespace for supplied request headers HOT 5
- [FEATURE REQUEST] Add the option for including a custom suffix in URLs HOT 2
- [BUG] Internet slow down after using feroxbuster HOT 5
- [FEATURE REQUEST] Making it usable with terminator, just as gobuster HOT 1
- [FEATURE REQUEST] Specify config file to use via flags HOT 2
- [FEATURE REQUEST] Is there an option to not go for another request before the tool didn't receive a response from the server HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from feroxbuster.