Skip to content
GitLab

Command line user interface · Changes

Page history
Fixing markdown authored by Tasos Laskos's avatar Tasos Laskos
Hide whitespace changes
Inline Side-by-side
guides/user/Command-line-user-interface.md
View page @ 55929b98
......@@ -157,7 +157,7 @@ in your gems path._
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Outputs the Arachni banner and version information.
......@@ -168,7 +168,7 @@ Outputs the Arachni banner and version information.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
When verbosity is enabled Arachni will give you detailed information about what's going on during the whole process.
......@@ -298,7 +298,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
When this flag is enabled the system will output a lot of messages detailing what's happening internally.
......@@ -415,7 +415,7 @@ $ cat debug.log
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
This will suppress all messages except for positive matches -- vulnerabilities.
......@@ -426,7 +426,7 @@ This will suppress all messages except for positive matches -- vulnerabilities.
**Default**: `60`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Limit how many concurrent HTTP request are sent.
......@@ -441,7 +441,7 @@ Limit how many concurrent HTTP request are sent.
**Default**: `50000`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Limit how long the HTTP client should wait for a response from the server.
......@@ -452,7 +452,7 @@ Limit how long the HTTP client should wait for a response from the server.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Forces the system to only follow HTTPS URLs.
......@@ -464,7 +464,7 @@ _(Target URL must be an HTTPS one as well.)_
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Arachni allows you to pass your own cookies in the form of a Netscape cookie-jar file.
......@@ -482,7 +482,7 @@ You should also take a look at the _--exclude-cookie_ option discussed later.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Cookies, as a string, to be sent to the web application.
......@@ -499,7 +499,7 @@ Cookies, as a string, to be sent to the web application.
**Default**: `"Arachni/<version>"`
**Multiple invocations**: no
**Multiple invocations?**: `no`
You can pass your own user agent string which will be sent to the webserver under audit.
......@@ -511,7 +511,7 @@ Default is _Arachni/&lt;version&gt;_.
**Default**: `disabled`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
Allows you to specify custom headers in the form of key-value pairs.
......@@ -529,7 +529,7 @@ Allows you to specify custom headers in the form of key-value pairs.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
The string passed to this option will be included in the user-agent string and be the value of the "From" HTTP header field.
......@@ -548,7 +548,7 @@ The _--authed-by_ value should contain information about the person who authoriz
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
*Requires*: "login-check-pattern":#login-check-pattern
......@@ -564,7 +564,7 @@ this should indicate that the scanner is logged in.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
*Requires*: "login-check-url":#login-check-url
......@@ -581,7 +581,7 @@ A positive match should indicate that the scanner is logged in.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
This option allows you to save your current running configuration, all the options passed to Arachni, to an Arachni Framework Profile (.afp) file.
......@@ -599,7 +599,7 @@ This option allows you to save your current running configuration, all the optio
**Default**: `disabled`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
This option allows you to load and run a saved profile.
......@@ -617,7 +617,7 @@ The load profile option does not restrict your ability to specify more options o
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
This option will output the running configuration as a string of command line arguments.
......@@ -635,7 +635,7 @@ This option will output the running configuration as a string of command line ar
**Default**: `disabled`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
The _--exclude_ option expects a regular expression or plain string and excludes URLs matching that expression from the crawling process.
......@@ -734,7 +734,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
**Default**: `disabled`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
The _--exclude-page_ option expects a regular expression or plain string
......@@ -746,7 +746,7 @@ and excludes pages whose content matching that expression from the crawl process
**Default**: `'.*'`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
This is the exact oposite of the _--exclude_ option.
......@@ -758,7 +758,7 @@ When a regular expression is passed to the _--include_ option, *only* URLs match
**Default**: `disabled`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
The redundant option expects a regular expression and a counter, like so:
......@@ -776,7 +776,7 @@ This option is useful when auditing a website that has a lot of redundant pages
**Default**: `disabled (with a value of 10 if none has been specified)`
**Multiple invocations**: no
**Multiple invocations?**: `no`
The auto-redundant option sets the limit of how many URLs with identical parameters
......@@ -813,7 +813,7 @@ http://test.com/path.php?stuff=blah&stuff2=1
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
This flag will cause Arachni to follow links to subdomains.
......@@ -824,7 +824,7 @@ This flag will cause Arachni to follow links to subdomains.
**Default**: `infinite`
**Multiple invocations**: no
**Multiple invocations?**: `no`
It specifies how deep into the site structure the crawler should go.
......@@ -835,7 +835,7 @@ It specifies how deep into the site structure the crawler should go.
**Default**: `infinite`
**Multiple invocations**: no
**Multiple invocations?**: `no`
It specifies how many links the crawler should follow.
......@@ -846,7 +846,7 @@ It specifies how many links the crawler should follow.
**Default**: `infinite`
**Multiple invocations**: no
**Multiple invocations?**: `no`
It specifies how many redirects the crawler should follow.
......@@ -857,7 +857,7 @@ It specifies how many redirects the crawler should follow.
**Default**: `disabled`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
Allows you to extend the scope of the audit by supplementing the paths discovered by the crawler with the paths in the file.
......@@ -869,7 +869,7 @@ The file must contains one path per line.
**Default**: `disabled`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
Uses the paths contained in file instead of performing a crawl.
......@@ -883,7 +883,7 @@ Uses the paths contained in file instead of performing a crawl.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Tells Arachni to audit the link elements of the page and their variables.
......@@ -894,7 +894,7 @@ Tells Arachni to audit the link elements of the page and their variables.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Tells Arachni to audit the form elements of the page and their inputs.
......@@ -905,7 +905,7 @@ Tells Arachni to audit the form elements of the page and their inputs.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Tells Arachni to audit the cookies of the page.
......@@ -916,7 +916,7 @@ Tells Arachni to audit the cookies of the page.
**Default**: `disabled`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
Tells Arachni to exclude -- not audit -- a cookie by name.
......@@ -932,7 +932,7 @@ This is very unlikely but it's better to err on the side of caution.
**Default**: `disabled`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
Tells Arachni to exclude -- not audit -- an input vector by name.
......@@ -943,7 +943,7 @@ Tells Arachni to exclude -- not audit -- an input vector by name.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Tells Arachni to audit the HTTP headers of the page.
......@@ -959,7 +959,7 @@ Tells Arachni to audit the HTTP headers of the page.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
If enabled Arachni will submit all links and forms of the page along with the cookie permutations.
......@@ -972,7 +972,7 @@ If enabled Arachni will submit all links and forms of the page along with the co
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
If enabled Arachni will submit all links and forms using both the _GET_ and _POST_
......@@ -986,7 +986,7 @@ HTTP request methods.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Disables inclusion of binary HTTP response bodies in the audit.
......@@ -1001,7 +1001,7 @@ Disables inclusion of binary HTTP response bodies in the audit.
**Default**: `disabled OR .*`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
Tells Arachni to list all available modules based on the regular expressions provided and exit.
......@@ -1142,7 +1142,7 @@ Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/xs
**Default**: `'*' -- all modules`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Tells Arachni which modules to load.
......@@ -1183,7 +1183,7 @@ The above will load all modules except for the 'backup_files' and 'xss' modules.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Lists all available reports.
......@@ -1353,7 +1353,7 @@ Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/stdout.r
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Tells Arachni to load an Arachni Framework Report (.afr) file.
......@@ -1508,7 +1508,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
**Default**: `stdout`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
Tells Arachni which report component to use.
......@@ -1621,7 +1621,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Lists all available plugins.
......@@ -2120,7 +2120,7 @@ Path: /home/zapotek/workspace/arachni/plugins/form_dicattack.rb
**Default**: `disabled`
**Multiple invocations**: yes
**Multiple invocations?**: `yes`
Tells Arachni which plugin components to run.
......@@ -2429,7 +2429,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Tells Arachni to send all requests via a proxy server.
......@@ -2440,7 +2440,7 @@ Tells Arachni to send all requests via a proxy server.
**Default**: `disabled`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Tells Arachni authenticate itself with the proxy server using the supplied username and password.
......@@ -2451,7 +2451,7 @@ Tells Arachni authenticate itself with the proxy server using the supplied usern
**Default**: `disabled OR http`
**Multiple invocations**: no
**Multiple invocations?**: `no`
Tells Arachni what protocol to use to connect and comunicate with the proxy server.
......