Troubleshooting Guide

Common issues and solutions for Apache Sling Auditor.

Common Issues

Scan Takes Too Long

Symptoms:

• Scan hangs or takes excessive time
• Progress indicators stall

Solutions:

• Use

  1	--mode quick

  for faster scans
• Reduce

  1

  --threads

  (try 3-5 instead of default 5)
• Increase

  1

  --timeout

  if getting timeouts
• Check network connectivity to target
• Use smaller wordlists for path enumeration

Example:

1
python auditor.py -t http://target.com:4502 --mode quick --threads 3

Connection Errors

Symptoms:

1
2
Request error: Connection refused
Request timeout: http://target.com:4502

Solutions:

• Verify target URL is correct (include

  1

  http://

  or

  1

  https://

  )
• Check network connectivity:

  1	ping target.com

• Verify port is open:

  1	telnet target.com 4502

  or

  1	nc -zv target.com 4502

• Check firewall rules
• Use

  1

  -k

  flag for SSL certificate issues
• Increase

  1

  --timeout

  value (default is 10 seconds)

Example:

1
python auditor.py -t https://target.com:4503 -k --timeout 30

SSL Certificate Errors

Symptoms:

1
2
SSL: CERTIFICATE_VERIFY_FAILED
SSL error: certificate verify failed

Solutions:

• Use

  1

  -k

  or

  1	--insecure

  flag to bypass SSL verification
• Verify certificate manually
• Check if using self-signed certificates

Example:

1
python auditor.py -t https://target.com:4503 -k

Security Note: Only use

1

-k

Memory Usage High

Symptoms:

• High memory consumption during scans
• System becomes slow
• Out of memory errors

Solutions:

• Reduce

  1

  --threads

  (lower concurrency = less memory)
• Use smaller wordlists
• Process wordlists in batches
• Close other applications
• Use

  1	--mode quick

  or

  1	--mode stealth

  (fewer concurrent requests)

Example:

1
python auditor.py -t http://target.com:4502 --threads 2 --wordlist small_wordlist.txt

Default Credentials Not Being Tested

Symptoms:

• Credentials from

  1	config/audit_config.yaml

  not tested
• No credential testing results in report

Cause: Default credentials are only tested if authentication-required paths (401/403 responses) are detected first.

Solutions:

1. Use full scan mode to check all endpoints:

   1
   python auditor.py -t http://target.com:4502 --mode full
   

2. Manually test credentials:

   1
   python auditor.py -t http://target.com:4502 -u admin -p admin
   

3. Enable brute force (tests credentials regardless):

   1
   python auditor.py -t http://target.com:4502 --brute-force
   

Configuration Errors

Symptoms:

1
2
KeyError: 'security_checks'
KeyError: 'configuration'

Cause: Missing or incomplete configuration sections in

1

config/audit_config.yaml

Solutions:

• Keep the default

  1	config/audit_config.yaml

  as a template
• Only modify specific sections, don’t remove entire sections
• Verify YAML syntax (indentation, formatting)
• Check that all referenced sections exist

Example Fix:

1
2
3
4
5
# Ensure this section exists
security_checks:
  configuration:
    check_dispatcher: true
    check_replication: true

Too Many False Positives

Symptoms:

• Many vulnerabilities reported that aren’t real
• Inaccurate detection results

Solutions:

• Use

  1	--mode stealth

  for more accurate results
• Review configuration in

  1	config/audit_config.yaml

• Adjust detection patterns
• Use

  1

  -v

  (verbose) to see detection logic
• Manually verify findings
• Use

  1

  --exploit

  to validate vulnerabilities

Example:

1
python auditor.py -t http://target.com:4502 --mode stealth -v

Rate Limiting Detected

Symptoms:

• Many 429 (Too Many Requests) responses
• Account lockouts during brute force
• Slow responses

Solutions:

• Use

  1	--mode stealth

  (5 req/s instead of 20)
• Reduce

  1

  --threads

  (try 2-3)
• Increase delays in

  1	config/audit_config.yaml

• Use proxy with rate limiting
• Add delays between requests

Example:

1
python auditor.py -t http://target.com:4502 --mode stealth --threads 2

No Exploit Outputs Generated

Symptoms:

• 1

  --exploit

  flag used but no PoC files created
• Missing exploit directories

Solutions:

• Verify vulnerabilities were detected (check JSON report)
• Ensure

  1

  --exploit

  flag was used
• Check output directory permissions
• Review scan results for detected CVEs
• Some CVEs may not have exploitation capabilities

Example:

1
2
3
4
5
# First detect vulnerabilities
python auditor.py -t http://target.com:4502

# Then exploit if vulnerabilities found
python auditor.py -t http://target.com:4502 --exploit -v

Wordlist Not Loading

Symptoms:

1
2
Wordlist file not found: wordlists/paths.txt
Error loading wordlist: [Errno 2] No such file or directory

Solutions:

• Verify wordlist file path is correct
• Use absolute path if relative path doesn’t work
• Check file permissions
• Ensure wordlist file exists
• Verify file format (one path per line, starting with

  1

  /

  )

Example:

1
2
3
4
5
# Use absolute path
python auditor.py -t http://target.com:4502 --wordlist /full/path/to/wordlist.txt

# Or relative path from project root
python auditor.py -t http://target.com:4502 --wordlist wordlists/sling_paths.txt

Invalid URL Error

Symptoms:

1
Error: Target URL must include scheme (http:// or https://)

Solutions:

• Always include protocol (

  1

  http://

  or

  1

  https://

  )
• Check URL format:

  1	http://hostname:port

  or

  1	https://hostname:port

• Verify no extra spaces or characters

Example:

1
2
3
4
5
6
# Correct
python auditor.py -t http://target.com:4502

# Incorrect
python auditor.py -t target.com:4502
python auditor.py -t http://target.com:4502/

Import Errors

Symptoms:

1
2
ModuleNotFoundError: No module named 'aiohttp'
ImportError: No module named 'rich'

Solutions:

• Install dependencies:

  1	pip install -r requirements.txt

• Use virtual environment:

  1
  2
  3
  python -m venv venv
  source venv/bin/activate  # On Windows: .\venv\Scripts\activate
  pip install -r requirements.txt
  

• Verify Python version (requires Python 3.7+)

Report Files Not Generated

Symptoms:

• No report files in

  1	scan_results/

  directory
• Missing JSON report

Solutions:

• Check output directory permissions
• Verify scan completed successfully (check console output)
• Specify custom output directory:

  1	-o /path/to/output

• Check disk space
• Review error messages in verbose mode

Example:

1
python auditor.py -t http://target.com:4502 -o /custom/output/path -v

Performance Optimization

For Fast Targets

1
2
3
4
python auditor.py -t http://target.com:4502 \
  --threads 10 \
  --timeout 5 \
  --mode full

For Slow Targets

1
2
3
4
python auditor.py -t http://target.com:4502 \
  --threads 3 \
  --timeout 30 \
  --mode stealth

For Large Wordlists

1
2
3
4
python auditor.py -t http://target.com:4502 \
  --wordlist large_wordlist.txt \
  --threads 5 \
  --mode full

Getting Help

If you encounter issues not covered here:

1. Check verbose output: Use

   1

   -v

   flag for detailed information
2. Review JSON report: Check

   1	scan_results/

   for detailed error information
3. Verify configuration: Ensure

   1	config/audit_config.yaml

   is valid
4. Test connectivity: Verify you can reach the target manually
5. Check logs: Review console output for error messages

Error Message Reference

1

Target URL must include scheme

1

Connection refused

1

Request timeout

1

--timeout

1

SSL: CERTIFICATE_VERIFY_FAILED

1

-k

1

KeyError: 'section'

1

config/audit_config.yaml

1

Wordlist file not found

1

ModuleNotFoundError

1

pip install -r requirements.txt

Still having issues? Check the Usage Guide or review the Configuration Guide!