Skip to content
GitLab

Command line user interface · Changes

Page history
Updated CLI user guide authored by Tasos Laskos's avatar Tasos Laskos
Show whitespace changes
Inline Side-by-side
guides/user/Command-line-user-interface.textile
View page @ 3fd84f7f
h2. Version 0.4.1 h2. Version 0.4.2
There are a lot of options, customizations and tweaks you can use but fear not and don't let yourself be overwhelmed. There are a lot of options, customizations and tweaks you can use but fear not and don't let yourself be overwhelmed.
...@@ -70,12 +70,14 @@ h3. Command reference ...@@ -70,12 +70,14 @@ h3. Command reference
"Command Line Interface help output":#cli_help_output "Command Line Interface help output":#cli_help_output
# "General":#general # "General":#general
## "Version ==(--version)==":#version
## "Verbosity ==(-v)==":#verbosity ## "Verbosity ==(-v)==":#verbosity
##* "Example":#verbosity_example ##* "Example":#verbosity_example
## "Debug mode ==(--debug)==":#debug ## "Debug mode ==(--debug)==":#debug
## "Only positives ==(--only-positives)==":#only-positives ## "Only positives ==(--only-positives)==":#only-positives
## "HTTP request limit ==(--http-req-limit)==":#http-req-limit ## "HTTP request limit ==(--http-req-limit)==":#http-req-limit
## "HTTP request timeout ==(--http-timeout)==":#http-timeout ## "HTTP request timeout ==(--http-timeout)==":#http-timeout
## "HTTPS only ==(--https-only)==":#https-only
## "Cookie jar ==(--cookie-jar)==":#cookie-jar ## "Cookie jar ==(--cookie-jar)==":#cookie-jar
## "Cookie string ==(--cookie-string)==":#cookie-string ## "Cookie string ==(--cookie-string)==":#cookie-string
## "User agent ==(--user-agent)==":#user-agent ## "User agent ==(--user-agent)==":#user-agent
...@@ -95,6 +97,8 @@ h3. Command reference ...@@ -95,6 +97,8 @@ h3. Command reference
# "Crawler":#crawler # "Crawler":#crawler
## "Exclude ==(--exclude/-e)==":#exclude ## "Exclude ==(--exclude/-e)==":#exclude
##* "Example":#exclude_example ##* "Example":#exclude_example
## "Exclude page by content ==(--exclude-page)==":#exclude-page
##* "Example":#exclude-page_example
## "Include ==(--include/-i)==":#include ## "Include ==(--include/-i)==":#include
## "Redundant ==(--redundant)==":#redundant ## "Redundant ==(--redundant)==":#redundant
## "Audo-redundant ==(--auto-redundant)==":#auto-redundant ## "Audo-redundant ==(--auto-redundant)==":#auto-redundant
...@@ -140,6 +144,14 @@ h3. Command reference ...@@ -140,6 +144,14 @@ h3. Command reference
h2(#general). "General":#general h2(#general). "General":#general
h3(#version). "Version ==(--version)==":#version
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
Outputs the Arachni banner and version information.
h3(#verbosity). "Verbosity ==(-v)==":#verbosity h3(#verbosity). "Verbosity ==(-v)==":#verbosity
*Expects*: <n/a> *Expects*: <n/a>
...@@ -167,7 +179,7 @@ Arachni's output messages are classified into several categories, each of them p ...@@ -167,7 +179,7 @@ Arachni's output messages are classified into several categories, each of them p
_I won't bother with coloring during the examples._ _I won't bother with coloring during the examples._
<pre><code> <pre><code>
Arachni - Web Application Security Scanner Framework v0.4.1dev Arachni - Web Application Security Scanner Framework v0.4.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -211,7 +223,7 @@ In this case the verbose messages give information about the inputs that discove ...@@ -211,7 +223,7 @@ In this case the verbose messages give information about the inputs that discove
<pre><code> <pre><code>
$ arachni -v --audit-forms --modules=xss http://testfire.net/ --link-count=1 $ arachni -v --audit-forms --modules=xss http://testfire.net/ --link-count=1
Arachni - Web Application Security Scanner Framework v0.4.1dev Arachni - Web Application Security Scanner Framework v0.4.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -391,6 +403,15 @@ h3(#http-timeout). "HTTP timeout ==(--http-timeout)==":#http-timeout ...@@ -391,6 +403,15 @@ h3(#http-timeout). "HTTP timeout ==(--http-timeout)==":#http-timeout
Limit how long the HTTP client should wait for a response from the server. Limit how long the HTTP client should wait for a response from the server.
h3(#https-only). "HTTP timeout ==(--https-only)==":#https-only
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
Forces the system to only follow HTTPS URLs.
_(Target URL must be an HTTPS one as well.)_
h3(#cookie-jar). "Cookie jar ==(--cookie-jar)==":#cookie-jar h3(#cookie-jar). "Cookie jar ==(--cookie-jar)==":#cookie-jar
*Expects*: cookiejar file *Expects*: cookiejar file
...@@ -537,7 +558,7 @@ In this simple example we tell Arachni to exclude all URLs that contain the stri ...@@ -537,7 +558,7 @@ In this simple example we tell Arachni to exclude all URLs that contain the stri
Thus no further action was taken. Thus no further action was taken.
<pre><code> <pre><code>
$ arachni http://testfire.net --modules=xss --exclude=testfire $ arachni http://testfire.net --modules=xss --exclude=testfire
Arachni - Web Application Security Scanner Framework v0.4.1dev Arachni - Web Application Security Scanner Framework v0.4.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -575,7 +596,7 @@ Arachni - Web Application Security Scanner Framework v0.4.1dev ...@@ -575,7 +596,7 @@ Arachni - Web Application Security Scanner Framework v0.4.1dev
[~] Runtime: 00:00:01 [~] Runtime: 00:00:01
[~] URL: http://testfire.net/ [~] URL: http://testfire.net/
[~] User agent: Arachni/v0.4.1dev [~] User agent: Arachni/v0.4.2
[*] Audited elements: [*] Audited elements:
[~] * Links [~] * Links
...@@ -617,6 +638,15 @@ Arachni - Web Application Security Scanner Framework v0.4.1dev ...@@ -617,6 +638,15 @@ Arachni - Web Application Security Scanner Framework v0.4.1dev
</code></pre> </code></pre>
h3(#exclude-page). "Exclude page by content ==(--exclude-page)==":#exclude-page
*Expects*: regexp
*Default*: disabled
*Multiple invocations?*: yes
The _==--exclude-page==_ option expects a regular expression or plain string
and excludes pages whose content matching that expression from the crawl process.
h3(#include). "Include ==(--include/-i)==":#include h3(#include). "Include ==(--include/-i)==":#include
*Expects*: regexp *Expects*: regexp
...@@ -828,7 +858,7 @@ h4(#lsmod_example). "Example":#lsmod_example ...@@ -828,7 +858,7 @@ h4(#lsmod_example). "Example":#lsmod_example
<pre><code> <pre><code>
$ arachni --lsmod $ arachni --lsmod
Arachni - Web Application Security Scanner Framework v0.4.1dev Arachni - Web Application Security Scanner Framework v0.4.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -915,7 +945,7 @@ Hit <space> <enter> to continue, any other key to exit. ...@@ -915,7 +945,7 @@ Hit <space> <enter> to continue, any other key to exit.
You can filter module listing like so: You can filter module listing like so:
<pre><code> <pre><code>
$ arachni --lsmod=xss --lsmod=path $ arachni --lsmod=xss --lsmod=path
Arachni - Web Application Security Scanner Framework v0.4.1dev Arachni - Web Application Security Scanner Framework v0.4.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -994,7 +1024,7 @@ h4(#lsrep_example). "Example":#lsrep_example ...@@ -994,7 +1024,7 @@ h4(#lsrep_example). "Example":#lsrep_example
<pre><code> <pre><code>
$ arachni --lsrep $ arachni --lsrep
Arachni - Web Application Security Scanner Framework v0.4.1dev Arachni - Web Application Security Scanner Framework v0.4.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -1161,7 +1191,7 @@ h4(#repload_example). "Example":#repload_example ...@@ -1161,7 +1191,7 @@ h4(#repload_example). "Example":#repload_example
Load an AFR report file and send it to the "stdout" report. Load an AFR report file and send it to the "stdout" report.
<pre><code> <pre><code>
$ arachni --repload=2012-09-09\ 02.42.20\ +0300.afr $ arachni --repload=2012-09-09\ 02.42.20\ +0300.afr
Arachni - Web Application Security Scanner Framework v0.4.1dev Arachni - Web Application Security Scanner Framework v0.4.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -1189,7 +1219,7 @@ Arachni - Web Application Security Scanner Framework v0.4.1dev ...@@ -1189,7 +1219,7 @@ Arachni - Web Application Security Scanner Framework v0.4.1dev
[~] Runtime: 00:00:03 [~] Runtime: 00:00:03
[~] URL: http://testfire.net/ [~] URL: http://testfire.net/
[~] User agent: Arachni/v0.4.1dev [~] User agent: Arachni/v0.4.2
[*] Audited elements: [*] Audited elements:
[~] * Forms [~] * Forms
...@@ -1281,7 +1311,7 @@ Arachni - Web Application Security Scanner Framework v0.4.1dev ...@@ -1281,7 +1311,7 @@ Arachni - Web Application Security Scanner Framework v0.4.1dev
Load an AFR file and create an HTML report from it. Load an AFR file and create an HTML report from it.
<pre><code> <pre><code>
$ arachni --repload=2012-09-09\ 02.42.20\ +0300.afr --report=html $ arachni --repload=2012-09-09\ 02.42.20\ +0300.afr --report=html
Arachni - Web Application Security Scanner Framework v0.4.1dev Arachni - Web Application Security Scanner Framework v0.4.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -1309,7 +1339,7 @@ h4(#report_example). "Example":#report_example ...@@ -1309,7 +1339,7 @@ h4(#report_example). "Example":#report_example
Running the HTML report with an outfile option: Running the HTML report with an outfile option:
<pre><code> <pre><code>
$ arachni http://testfire.net --link-count=1 --modules=xss --report=html:outfile=my_html_report.html $ arachni http://testfire.net --link-count=1 --modules=xss --report=html:outfile=my_html_report.html
Arachni - Web Application Security Scanner Framework v0.4.1dev Arachni - Web Application Security Scanner Framework v0.4.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -1415,7 +1445,7 @@ h4(#lsplug_example). "Example":#lsplug_example ...@@ -1415,7 +1445,7 @@ h4(#lsplug_example). "Example":#lsplug_example
<pre><code> <pre><code>
$ arachni --lsplug $ arachni --lsplug
Arachni - Web Application Security Scanner Framework v0.4.1dev Arachni - Web Application Security Scanner Framework v0.4.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -1914,7 +1944,7 @@ $ arachni http://testfire.net --link-count=1 --modules=xss \ ...@@ -1914,7 +1944,7 @@ $ arachni http://testfire.net --link-count=1 --modules=xss \
--plugin=autologin:url=http://testfire.net/bank/login.aspx,params='uid=jsmith&passw=Demo1234',check='Sign Off|MY ACCOUNT' \ --plugin=autologin:url=http://testfire.net/bank/login.aspx,params='uid=jsmith&passw=Demo1234',check='Sign Off|MY ACCOUNT' \
-e logout -e logout
Arachni - Web Application Security Scanner Framework v0.4.1dev Arachni - Web Application Security Scanner Framework v0.4.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -2034,7 +2064,7 @@ Arachni - Web Application Security Scanner Framework v0.4.1dev ...@@ -2034,7 +2064,7 @@ Arachni - Web Application Security Scanner Framework v0.4.1dev
[~] Runtime: 00:00:06 [~] Runtime: 00:00:06
[~] URL: http://testfire.net/ [~] URL: http://testfire.net/
[~] User agent: Arachni/v0.4.1dev [~] User agent: Arachni/v0.4.2
[*] Audited elements: [*] Audited elements:
[~] * Links [~] * Links
...@@ -2229,7 +2259,7 @@ h2(#cli_help_output). "CLI Help Output":#cli_help_output ...@@ -2229,7 +2259,7 @@ h2(#cli_help_output). "CLI Help Output":#cli_help_output
<pre><code> <pre><code>
$ arachni -h $ arachni -h
Arachni - Web Application Security Scanner Framework v0.4.1dev Arachni - Web Application Security Scanner Framework v0.4.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
......