|
|
|
## Version 0.4.6
|
|
|
|
## Version 1.0
|
|
|
|
|
|
|
|
There are a lot of options, customizations and tweaks you can use but fear not and don't let yourself be overwhelmed.
|
|
|
|
|
|
|
|
This guide will walk you through each and every one of them and teach you how to use them in order to make your scans as efficient as possible.
|
|
|
|
|
|
|
|
_If you intend to scan big and complex sites it's best that you read through this guide and evaluate all available options._
|
| ... | ... | @@ -20,42 +19,41 @@ You can simply run Arachni like so: |
|
|
|
|
|
|
|
$ arachni http://test.com
|
|
|
|
|
|
|
|
which will load all modules, the plugins under `/plugins/defaults` and audit
|
|
|
|
which will load all checks, the plugins under `/plugins/defaults` and audit
|
|
|
|
all forms, links and cookies.
|
|
|
|
|
|
|
|
In the following example all modules will be run against _http://test.com_,
|
|
|
|
auditing links/forms/cookies and following subdomains --with verbose output enabled.
|
|
|
|
In the following example, all checks will be run against _http://test.com_,
|
|
|
|
auditing links/forms/cookies and following subdomains while also printing verbose mesages.
|
|
|
|
|
|
|
|
The results of the audit will be saved in the the file _test.com.afr_.
|
|
|
|
The results of the scan will be saved in the the file `test.com.afr`.
|
|
|
|
|
|
|
|
$ arachni -fv http://test.com --report=afr:outfile=test.com.afr
|
|
|
|
arachni --verbose --scope-include-subdomains http://test.com --report-save-path=test.com.afr
|
|
|
|
|
|
|
|
The Arachni Framework Report (.afr) file can later be loaded by Arachni to
|
|
|
|
create a report, like so:
|
|
|
|
The Arachni Framework Report (`.afr`) file can later be used to create reports in several formats, like so:
|
|
|
|
|
|
|
|
$ arachni --repload=test.com.afr --report=html:outfile=my_report.html
|
|
|
|
arachni_reporter test.com.afr --report=html:outfile=my_report.html
|
|
|
|
|
|
|
|
or any other report type as shown by:
|
|
|
|
To see all available reporter components run:
|
|
|
|
|
|
|
|
$ arachni --lsrep
|
|
|
|
arachni_reporter --reporters-list
|
|
|
|
|
|
|
|
#### You can make module loading easier by using wildcards (*) and exclusions (-).
|
|
|
|
#### You can make check loading easier by using wildcards (*) and exclusions (-).
|
|
|
|
|
|
|
|
To load all `xss` modules using a wildcard:
|
|
|
|
To load all `xss` checks using a wildcard:
|
|
|
|
|
|
|
|
$ arachni http://example.net --modules=xss*
|
|
|
|
arachni http://example.net --checks=xss*
|
|
|
|
|
|
|
|
To load all _audit_ modules using a wildcard:
|
|
|
|
To load all active checks using a wildcard:
|
|
|
|
|
|
|
|
$ arachni http://example.net --modules=audit/*
|
|
|
|
arachni http://example.net --checks=active/*
|
|
|
|
|
|
|
|
To exclude only the _csrf_ module:
|
|
|
|
To exclude only the `csrf` check:
|
|
|
|
|
|
|
|
$ arachni http://example.net --modules=*,-csrf
|
|
|
|
arachni http://example.net --checks=*,-csrf
|
|
|
|
|
|
|
|
Or you can mix and match; to run everything but the _xss_ modules:
|
|
|
|
Or you can mix and match; to run everything but the `xss` checks:
|
|
|
|
|
|
|
|
$ arachni http://example.net --modules=*,-xss*
|
|
|
|
arachni http://example.net --checks=*,-xss*
|
|
|
|
|
|
|
|
#### Performing a full scan quickly
|
|
|
|
|
| ... | ... | |
