Running into an issue when running the following command:
./janus-cli --docker-network host pull --source mythic -debug
I'm trying to pull logs from a Mythic server that ran for a three week engagement. There are a large amount of callbacks, tasks, etc. with large command output. I'm getting these errors from the mythic_graphql container on the Mythic server, looks like the query results are too large:
{
"detail": {
"http_info": {
"content_encoding": null,
"http_version": "HTTP/1.1",
"ip": "172.18.0.1",
"method": "POST",
"status": 200,
"url": "/v1/graphql/"
},
"operation": {
"error": {
"code": "unexpected",
"error":"database query error","internal":{"arguments":["(Oid 114,Just (\"{\\\"x-hasura-admin-operations\\\":\\\"{1}\\\",\\\"x-hasura-apitokens-id\\\":\\\"0\\\",\\\"x-hasura-current-operation-id\\\":\\\"1\\\",\\\"x-hasura
-current_operation\\\":\\\"\\\",\\\"x-hasura-operations\\\":\\\"{1}\\\",\\\"x-hasura-role\\\":\\\"mythic_admin\\\",\\\"x-hasura-user-id\\\":\\\"1\\\"}\",Binary))","(Oid 23,Just (\"\\NUL\\NUL\\NUL\\SOH\",
Binary))"],"error":{"description":"Cannot enlarge string buffer containing 1073439420 bytes by 1523180 more bytes.","exec_status":"FatalError","hint":null,"message":"out of memory","status_code":"54000"},
"prepared": true,
"statement":"SELECT coalesce(json_agg(\"root\" ), '[]' ) AS \"root\" FROM (SELECT row_to_json((SELECT \"_e\" FROM (SELECT \"_root.base\".\"id\" AS \"id\", \"_root.base\".\"task_id
\" AS \"task_id\", \"public\".\"response\"(\"_root.base\") AS \"response_text\", \"_root.base\".\"timestamp\" AS \"timestamp\" ) AS \"_e\" ) ) AS \"root\" FROM (SELECT * FROM \"public\".\"
response\" WHERE (((\"public\".\"response\".\"operation_id\") = ((($1->>'x-hasura-current-operation-id'))::integer)) AND (EXISTS (SELECT 1 FROM \"public\".\"task\" AS \"__be_0_task\" WHERE ((((\"__be
_0_task\".\"id\") = (\"public\".\"response\".\"task_id\")) AND ('true')) AND (((((\"__be_0_task\".\"operation_id\") = ((($1->>'x-hasura-current-operation-id'))::integer)) AND ('true')) AND ('true')) AND
((((\"__be_0_task\".\"operation_id\") = (($2)::integer)) AND ('true')) AND ('true')))) ))) ) AS \"_root.base\" ) AS \"_root\" "
},
"path": "$"
},
"query": {
"type": null
},
"query_execution_time": 9.003734432,
"request_id": "04bde9a7-96e9-4098-9179-f5b4354b2876",
"request_mode": "error",
"request_read_time": 2.49e-6,
"response_size": 1618,
"uncompressed_response_size": 1618,
"user_vars": {"x-hasura-admin-operations":"{
1
}","x-hasura-apitokens-id":"0","x-hasura-current-operation-id":"1","x-hasura-current_operation":"","x-hasura-operations":"{
1
}","x-hasura-role":"mythic_admin","x-hasura-user-id":"1"}},"request
_id":"04bde9a7-96e9-4098-9179-f5b4354b2876"},"level":"error","span_id":"fc01191df80d7576","timestamp":"2026-04-22T14: 12: 23.995+0000","trace_id":"5cadc857171bbc0f821faf58624b4460","type":"http-log"}And these debug logs from janus-cli:
DEBUG POST https://localhost:7445/v1/graphql/
DEBUG body: {"query":"query { response(where: { task: { operation_id: { _eq: 1 } } }) { id task_id response_text timestamp } }"}
DEBUG status: 200
DEBUG response: {"errors":[{"message":"database query error","extensions":{"path":"$","code":"unexpected"}}]}
error: Mythic pull failed: GraphQL error: database query error
Traceback (most recent call last):
File "/usr/local/lib/python3.13/site-packages/janus.py", line 334, in run_mythic
metadata = parser.run(
operation_id=operation_id,
...<4 lines>...
arguments_rule=policy.arguments_rule,
)
File "/usr/local/lib/python3.13/site-packages/Parsers/Mythic/mythic_pull.py", line 559, in run
task_events, result_events = self.normalize(operation_id)
~~~~~~~~~~~~~~^^^^^^^^^^^^^^
File "/usr/local/lib/python3.13/site-packages/Parsers/Mythic/mythic_pull.py", line 252, in normalize
responses = self.fetch_responses(operation_id)
File "/usr/local/lib/python3.13/site-packages/Parsers/Mythic/mythic_pull.py", line 184, in fetch_responses
data = self._execute_query(RESPONSES_QUERY % operation_id)
File "/usr/local/lib/python3.13/site-packages/Parsers/Mythic/mythic_pull.py", line 150, in _execute_query
raise RuntimeError(f"GraphQL error: {err_msg}")
RuntimeError: GraphQL error: database query error
Preflight: connectivity/auth (Mythic)...
Preflight: OK
Operation: Operation Chimera (ID: 1, slug: operation-chimera)
error: exit status 1
Is there a way to pull information with smaller queries?
Running into an issue when running the following command:
I'm trying to pull logs from a Mythic server that ran for a three week engagement. There are a large amount of callbacks, tasks, etc. with large command output. I'm getting these errors from the
mythic_graphqlcontainer on the Mythic server, looks like the query results are too large:{ "detail": { "http_info": { "content_encoding": null, "http_version": "HTTP/1.1", "ip": "172.18.0.1", "method": "POST", "status": 200, "url": "/v1/graphql/" }, "operation": { "error": { "code": "unexpected", "error":"database query error","internal":{"arguments":["(Oid 114,Just (\"{\\\"x-hasura-admin-operations\\\":\\\"{1}\\\",\\\"x-hasura-apitokens-id\\\":\\\"0\\\",\\\"x-hasura-current-operation-id\\\":\\\"1\\\",\\\"x-hasura -current_operation\\\":\\\"\\\",\\\"x-hasura-operations\\\":\\\"{1}\\\",\\\"x-hasura-role\\\":\\\"mythic_admin\\\",\\\"x-hasura-user-id\\\":\\\"1\\\"}\",Binary))","(Oid 23,Just (\"\\NUL\\NUL\\NUL\\SOH\", Binary))"],"error":{"description":"Cannot enlarge string buffer containing 1073439420 bytes by 1523180 more bytes.","exec_status":"FatalError","hint":null,"message":"out of memory","status_code":"54000"}, "prepared": true, "statement":"SELECT coalesce(json_agg(\"root\" ), '[]' ) AS \"root\" FROM (SELECT row_to_json((SELECT \"_e\" FROM (SELECT \"_root.base\".\"id\" AS \"id\", \"_root.base\".\"task_id \" AS \"task_id\", \"public\".\"response\"(\"_root.base\") AS \"response_text\", \"_root.base\".\"timestamp\" AS \"timestamp\" ) AS \"_e\" ) ) AS \"root\" FROM (SELECT * FROM \"public\".\" response\" WHERE (((\"public\".\"response\".\"operation_id\") = ((($1->>'x-hasura-current-operation-id'))::integer)) AND (EXISTS (SELECT 1 FROM \"public\".\"task\" AS \"__be_0_task\" WHERE ((((\"__be _0_task\".\"id\") = (\"public\".\"response\".\"task_id\")) AND ('true')) AND (((((\"__be_0_task\".\"operation_id\") = ((($1->>'x-hasura-current-operation-id'))::integer)) AND ('true')) AND ('true')) AND ((((\"__be_0_task\".\"operation_id\") = (($2)::integer)) AND ('true')) AND ('true')))) ))) ) AS \"_root.base\" ) AS \"_root\" " }, "path": "$" }, "query": { "type": null }, "query_execution_time": 9.003734432, "request_id": "04bde9a7-96e9-4098-9179-f5b4354b2876", "request_mode": "error", "request_read_time": 2.49e-6, "response_size": 1618, "uncompressed_response_size": 1618, "user_vars": {"x-hasura-admin-operations":"{ 1 }","x-hasura-apitokens-id":"0","x-hasura-current-operation-id":"1","x-hasura-current_operation":"","x-hasura-operations":"{ 1 }","x-hasura-role":"mythic_admin","x-hasura-user-id":"1"}},"request _id":"04bde9a7-96e9-4098-9179-f5b4354b2876"},"level":"error","span_id":"fc01191df80d7576","timestamp":"2026-04-22T14: 12: 23.995+0000","trace_id":"5cadc857171bbc0f821faf58624b4460","type":"http-log"}And these debug logs from
janus-cli:Is there a way to pull information with smaller queries?