PatrOwl/Support

p00ki d4t yew?

@jdsec1_twitter

Going to carry on try get my patrowl scans working but will first see if any similar issues were had

p00ki d4t yew?

@jdsec1_twitter

So Im trying to create a new nmap scan to run but it doesnt seem to work - the management interface freezes up and starts loading but never really finishes the request.
I think I have my engines correctly set up ( tested both docker container name in API url & docker container IP: docker-nmap-001 and 172.18.0.7 )
Both the engine lights are green and i assume this means to show its good.

I can communicate with the engine from the patrowl-django container, which you can see here

[root@localhost scripts]# docker exec -it patrowl-django bash
root@d4f2ed7cd604:/opt/patrowl-manager# curl docker-nmap-001:5001/engines/nmap/status
{"page":"status","scanner":{"allowed_asset_types":["ip","domain","fqdn","url","ip-range","ip-subnet"],"description":"Network Scanner","name":"Nmap","options":{"aggressive_scan":{"type":"optional","value":"-T4"},"all_scan":{"type":"optional","value":"-A"},"detect_os":{"type":"optional","value":"-O --osscan-guess --max-os-tries 1"},"detect_service_version":{"type":"optional","value":"-sV"},"hosts":{"type":"required"},"no_dns":{"type":"optional","value":"-n"},"no_ping":{"type":"optional","value":"-Pn"},"perfs":{"type":"optional","value":"--defeat-rst-ratelimit"},"ping_scan":{"type":"optional","value":"-sP"},"ports":{"type":"optional","value":"-p"},"scan_udp":{"type":"optional","value":"-sU --max-retries 3"},"script":{"type":"optional","value":"--script"},"script_args":{"type":"optional","value":"--script-args"},"script_output_fields":{"type":"optional","value":[""]},"script_scan":{"type":"optional","value":"-sC"},"show_open_ports":{"type":"optional","value":"--open"},"slow_scan":{"type":"optional","value":"-T1"},"syn_scan":{"type":"optional","value":"-sS"},"tcp_scan":{"type":"optional","value":"-sT"}},"path":"/usr/bin/nmap","status":"READY","version":"1.0"},"scans":{},"status":"READY"}

in the patrowl-rabbitmq container i listed the queue to see if anything was getting there but it doesnt look that way:
Every 2.0s: rabbitmqctl list_queues | grep nmap 0dc6435c8682: Tue Feb 26 19:44:12 2019 scan-nmap 0 monitor-nmap 0 nmap-node@d4f2ed7cd604.celery.pidbox 0

Im not 100% sure of the flow of things or if im looking in the right place/

Nicolas Mattiocco

@MaKyOtOx

It seems the Manager correctly interact with the Nmap Engine

Which scan policy do you use ?

The rabbitmq output indicates the queues are correctly set but no messages have been sent to them

p00ki d4t yew?

@jdsec1_twitter

in this previous scan: NMAP List open ports (TCP/53,56,80,443,8080)

Ok thats what i figured

Nicolas Mattiocco

@MaKyOtOx

Dumb question: are you sure the Nmap engine is able to contact the targets ?

(I have been tricked more than once ...)

p00ki d4t yew?

@jdsec1_twitter

there's never a dumb quesiton when digging for bugs

let me check

yes - nmap can reach the subnet
so im thinking there is something happening between submission of SCAN request -> and inserting into the NMAP queue
manager -> RMQ -><- NMAP
___^^^

is there anything i should be aware of when trying to debug this locally?

"dev tips" :p

Nicolas Mattiocco

@MaKyOtOx

lol

Set the env variable LOGGING_LEVEL = "INFO,WARNING,ERROR,DEBUG"

when starting the PatrowlManager

Do you use the docker-compose ?

p00ki d4t yew?

@jdsec1_twitter

yeah,
ok so the docker env variable needs to be added?

` environment:

  - DB_PORT_5432_TCP_HOST=db
  - DEBUG=True
  - RABBIT_PORT_5672_TCP=rabbitmq:5672
  - LOGGING_LEVEL = "INFO,WARNING,ERROR,DEBUG"`

im assuming

Nicolas Mattiocco

@MaKyOtOx

Exactly

p00ki d4t yew?

@jdsec1_twitter

thanks
let the testing commence
thanks for the handholding Nicolas

Nicolas Mattiocco

@MaKyOtOx

The next step is to start a new scan and review the "Events" tab in the scan results

other tip (need to be improved): details of error message are displayed in tooltip popups (when you move you cursor on the error)

p00ki d4t yew?

@jdsec1_twitter

aargh had to readd my engine after upping my cotainers - and when i went back to edit the engine .. manager froze again...
patrowl-django | <ul class="errorlist"><li>title<ul class="errorlist"><li>This field is required.</li></ul></li><li>engine_policy<ul class="errorlist"><li>This field is required.</li></ul></li><li>scan_type<ul class="errorlist"><li>This field is required.</li></ul></li></ul> patrowl-django | <ul class="errorlist"><li>title<ul class="errorlist"><li>This field is required.</li></ul></li><li>engine_policy<ul class="errorlist"><li>This field is required.</li></ul></li><li>scan_type<ul class="errorlist"><li>This field is required.</li></ul></li></ul> patrowl-rabbitmq | 2019-02-26 20:05:09.016 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-rabbitmq | 2019-02-26 20:09:49.011 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-rabbitmq | 2019-02-26 20:14:29.012 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-rabbitmq | 2019-02-26 20:19:09.008 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-rabbitmq | 2019-02-26 20:23:49.013 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-rabbitmq | 2019-02-26 20:28:29.017 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-rabbitmq | 2019-02-26 20:33:09.015 [warning] <0.113.0> lager_error_logger_h dropped 9 messages in the last second that exceeded the limit of 1000 messages/sec patrowl-django | [2019-02-26 20:34:14 +0000] [54] [CRITICAL] WORKER TIMEOUT (pid:58) patrowl-django | [2019-02-26 21:34:14 +0000] [58] [INFO] Worker exiting (pid: 58) patrowl-django | [2019-02-26 20:34:15 +0000] [219] [INFO] Booting worker with pid: 219

are these MQ dropped messages normal?
lager_error_logger_h dropped 9 messages in the last second

FO] Worker exiting (pid: 58) . was from my request never finishing..

almost seems like there is a bottleneck with the manager - Would putting nginx infront of the manager as a reverse proxy maybe help with the requests, sessions management and connection caching? https://www.nginx.com/blog/maximizing-python-performance-with-nginx-parti-web-serving-and-caching/ .

BTW
Where would I see this "EVENTS" tab?

In scan results

p00ki d4t yew?

@jdsec1_twitter

weird -overlooked nginxs existance

Nicolas Mattiocco

@MaKyOtOx

There for example

p00ki d4t yew?

@jdsec1_twitter

thanks

theking750156

@theking750156

hello guys ,

did someone test to deploy patrowl on azure ? using a webapp for container ?

i'm trying to do it, not that easy

Jean Lien

@vuln3rs_gitlab

hello guys, did someone tried to deploy patrowl on an offline environment. I tried two different ways but they both failed. The first try was to pull the image from a local registry and then build the image -> when the volume "web" is built, it fail because it try to connect to registry-1.docker.io. The second try was to pull the image from an other system and save it to load it in my offline environment. It fails because it can't connect postgres, i don't know why . Do you have an idea to help me ?

Nicolas Mattiocco

@MaKyOtOx

Hi @vuln3rs_gitlab, for offline deployment using Docker images, several options are possible:
1/ download the GitHub repos and build the docker images
2/ synchronize your local registry with all required images: patrowl/patrowl-manager-community-edition, rabbitmq:3-alpine, postgres:11-alpine and nginx

Jean Lien

@vuln3rs_gitlab

Hi @MaKyOtOx . Thanks for your reply. I will try adding all the required images in my local registry. Now, I have just patrowl and postgres, but it's not the good version.

Nicolas Mattiocco

@MaKyOtOx

Keep us updated :)

Jean Lien

@vuln3rs_gitlab

;)

Jean Lien

@vuln3rs_gitlab

I solved my problem. Thanks. Now, I just have to configure the patrowl engines. Let's read the doc :)

Nicolas Mattiocco

@MaKyOtOx

What was the root causes ? and how did you solve it ? Thanks :)

htsec2019

@htsec2019

Hi any one recently configured patrowl with nessus?, namp seems to be working however other engines like nessus Arachni etc not working, tried both centos 7.6 and ubuntu

xytnba

@xytnba

@htsec2019 I have the same problem now. Have you solved it?

xytnba

@xytnba

@htsec2019 Could you share the method of configuring namp in patrowl? Here is too little sources to learn it that how edit the configured file in patrowl?

Nicolas Mattiocco

@MaKyOtOx

Hi all, could you please give us more details, share error messages and screenshots ?

MinhNamNguyen

@MinhNamNguyen

Hi
When i try to start all engines using the script " start-engines.sh", i got an error
"scripts/start-engines.sh: line 22: env/bin/python No such file or directory"
Do you know how i can resolve this problem?
Thank you

ArnoLille

@ArnoLille

HI, I just start PatrowlManager and PatrowlEngine NMAP,My goal is to scan one IP.. I created an asset (value 10.70.30.23/ Type IP), Add and nmap engine (Funct. Status Enabled Oper.State Ready)

ArnoLille

@ArnoLille

My scan fail with bad scanner status: ERROR, someone know how to investigate this error?

franruiz

@franruiz

Anyone alive? I'm trying to use v1.1.0 of Manager and 1.0.0 of Engines after trying several times with the latest version from Github with no luck.
With those versions I'm not able to make Engines go into Available State. Even though they are indeed ALIVE when querying them through HTTP or through the Info button on Manager. Absolute fresh install without any modifications. I indeed see permanent status requests onto one example engine -NMAP- but still they is not going available onto the Manager and thus it's not executing scans; it just enqueues them.

no further errors onto Manager's console or NMAP engine's one

Where communities thrive

People

Repo info

Activity