guides/user/Command-line-user-interface.textile

@@ -150,9 +150,9 @@ When verbosity is enabled Arachni will give you detailed information about what'
 h4(#verbosity_example). "Example":#verbosity_example
 
 Let's give this a try:
-<pre><code>arachni -p --modules=xss http://localhost/zapotek/tests/forms/xss.php</code></pre>
+<pre><code>arachni --audit-forms --modules=xss http://testfire.net/ --link-count=1</code></pre>
 
-This will load the XSS module and audit all the forms (-p) in "http://localhost/zapotek/tests/forms/xss.php".
+This will load the XSS module and audit all the forms in "http://testfire.net/".
 
 *Verbose mode disabled*
 
@@ -166,27 +166,40 @@ Arachni's output messages are classified into several categories, each of them p
 _I won't bother with coloring during the examples._
 
 <pre><code>
-Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
-       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-                                      <zapotek@segfault.gr>
-               (With the support of the community and the Arachni Team.)
+Arachni - Web Application Security Scanner Framework v0.4.1dev
+   Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
 
-       Website:       http://github.com/Arachni/arachni
-       Documentation: http://github.com/Arachni/arachni/wiki
+           (With the support of the community and the Arachni Team.)
+
+   Website:       http://arachni-scanner.com
+   Documentation: http://arachni-scanner.com/wiki
 
 
- [*] Initing...
+ [*] Initialising...
+ [*] Waiting for plugins to settle...
+ [*] [HTTP: 200] http://testfire.net/
+ [*] Harvesting HTTP responses...
+ [~] Depending on server responsiveness and network conditions this may take a while.
 
- [*] [HTTP: 200] http://localhost/~zapotek/tests/forms/xss.php
- [*] XSS: Auditing form variable '__original_values__' of http://localhost/~zapotek/tests/forms/xss.php
- [*] XSS: Auditing form variable '__sample_values__' of http://localhost/~zapotek/tests/forms/xss.php
- [*] XSS: Auditing form variable 'xss' of http://localhost/~zapotek/tests/forms/xss.php
+ [*] Auditing: [HTTP: 200] http://testfire.net/
+ [*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
+ [*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
+ [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
  [*] Harvesting HTTP responses...
  [~] Depending on server responsiveness and network conditions this may take a while.
- [*] XSS: Analyzing response #0...
- [*] XSS: Analyzing response #1...
- [*] XSS: Analyzing response #2...
- [+] XSS: In form var 'xss'  ( http://localhost/~zapotek/tests/forms/xss.php )
+ [*] Profiler: Analyzing response #3...
+ [~] Trainer: Found 1 new links.
+ [*] Profiler: Analyzing response #4...
+ [*] Profiler: Analyzing response #5...
+ [*] XSS: Analyzing response #6...
+ [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
+ [*] XSS: Analyzing response #7...
+ [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
+ [*] XSS: Analyzing response #8...
+ [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
 </code></pre>
 
 *Verbose mode enabled*
@@ -196,31 +209,47 @@ See the extra information in this example.
 In this case the verbose messages give information about the inputs that discovered the XSS vulnerability.
 
 <pre><code>
-$ arachni -pv --mods=xss http://localhost/zapotek/tests/forms/xss.php
-Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
-       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-                                      <zapotek@segfault.gr>
-               (With the support of the community and the Arachni Team.)
+$ arachni -v --audit-forms --modules=xss http://testfire.net/ --link-count=1
+Arachni - Web Application Security Scanner Framework v0.4.1dev
+   Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
 
-       Website:       http://github.com/Arachni/arachni
-       Documentation: http://github.com/Arachni/arachni/wiki
+           (With the support of the community and the Arachni Team.)
 
+   Website:       http://arachni-scanner.com
+   Documentation: http://arachni-scanner.com/wiki
 
- [*] Initing...
 
- [*] [HTTP: 200] http://localhost/~zapotek/tests/forms/xss.php
- [*] XSS: Auditing form variable '__original_values__' of http://localhost/~zapotek/tests/forms/xss.php
- [*] XSS: Auditing form variable '__sample_values__' of http://localhost/~zapotek/tests/forms/xss.php
- [*] XSS: Auditing form variable 'xss' of http://localhost/~zapotek/tests/forms/xss.php
+ [*] Initialising...
+ [*] Waiting for plugins to settle...
+ [*] [HTTP: 200] http://testfire.net/
  [*] Harvesting HTTP responses...
  [~] Depending on server responsiveness and network conditions this may take a while.
- [*] XSS: Analyzing response #1...
- [*] XSS: Analyzing response #0...
- [*] XSS: Analyzing response #2...
- [+] XSS: In form var 'xss'  ( http://localhost/~zapotek/tests/forms/xss.php )
- [v] XSS: Injected string:      1<arachni_xss_6b2d88aad3eb1e606ee4814b39cc36bfb4f11146309edb4a580f6847acef1224
- [v] XSS: Verified string:      <arachni_xss_6b2d88aad3eb1e606ee4814b39cc36bfb4f11146309edb4a580f6847acef1224
- [v] XSS: Matched regular expression: (?-mix:<arachni_xss_6b2d88aad3eb1e606ee4814b39cc36bfb4f11146309edb4a580f6847acef1224)
+
+ [*] Auditing: [HTTP: 200] http://testfire.net/
+ [*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
+ [*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
+ [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] Harvesting HTTP responses...
+ [~] Depending on server responsiveness and network conditions this may take a while.
+ [*] Profiler: Analyzing response #3...
+ [~] Trainer: Found 1 new links.
+ [*] Profiler: Analyzing response #4...
+ [*] Profiler: Analyzing response #5...
+ [*] XSS: Analyzing response #6...
+ [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
+ [v] XSS: Injected string:	<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
+ [v] XSS: Verified string:	<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
+ [*] XSS: Analyzing response #7...
+ [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
+ [v] XSS: Injected string:	'-;<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
+ [v] XSS: Verified string:	'-;<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
+ [*] XSS: Analyzing response #8...
+ [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
+ [v] XSS: Injected string:	--> <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> <!--
+ [v] XSS: Verified string:	--> <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> <!--
 </code></pre>
 
 h3(#debug). "Debug mode ==(--debug)==":debug
@@ -498,37 +527,46 @@ h4(#exclude_example). "Example":#exclude_example
 In this simple example we tell Arachni to exclude all URLs that contain the string "xss".
 Thus no further action was taken.
 <pre><code>
-$ arachni --modules=xss http://localhost/zapotek/tests/forms/xss.php --exclude=xss
-Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
-       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-                                      <zapotek@segfault.gr>
-               (With the support of the community and the Arachni Team.)
+$ arachni http://testfire.net --modules=xss --exclude=testfire
+Arachni - Web Application Security Scanner Framework v0.4.1dev
+   Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+           (With the support of the community and the Arachni Team.)
 
-       Website:       http://github.com/Arachni/arachni
-       Documentation: http://github.com/Arachni/arachni/wiki
+   Website:       http://arachni-scanner.com
+   Documentation: http://arachni-scanner.com/wiki
 
 
  [~] No audit options were specified.
  [~]  -> Will audit links, forms and cookies.
- [*] Initing...
+
+ [*] Initialising...
+ [*] Waiting for plugins to settle...
+ [*] Resolver: Resolving hostnames...
+ [*] Resolver: Done!
+
+ [*] Dumping audit results in '2012-09-09 02.38.18 +0300.afr'.
+ [*] Done!
+
 
 ================================================================================
 
+
  [+] Web Application Security Report - Arachni Framework
 
- [~] Report generated on: 2010-11-24 14:43:53 +0000
- [~] Report false positives: http://github.com/Arachni/arachni/issues
+ [~] Report generated on: 2012-09-09 02:38:18 +0300
+ [~] Report false positives at: http://github.com/Arachni/arachni/issues
 
  [+] System settings:
  [~] ---------------
- [~] Version:  0.2.1
- [~] Revision: 0.2
- [~] Audit started on:  Wed Nov 24 14:43:53 2010
- [~] Audit finished on: Wed Nov 24 14:43:53 2010
- [~] Runtime: 00:00:00
+ [~] Version:  0.4.1dev
+ [~] Revision: 0.2.7
+ [~] Audit started on:  Sun Sep  9 02:38:15 2012
+ [~] Audit finished on: Sun Sep  9 02:38:16 2012
+ [~] Runtime: 00:00:01
 
- [~] URL: http://localhost/zapotek/tests/forms/xss.php
- [~] User agent: Arachni/0.2.1
+ [~] URL: http://testfire.net/
+ [~] User agent: Arachni/v0.4.1dev
 
  [*] Audited elements:
  [~] * Links
@@ -539,26 +577,35 @@ Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
 
  [*] Filters:
  [~]   Exclude:
- [~]     (?-mix:xss)
- [~]   Include:
- [~]     (?-mix:.*)
- [~]   Redundant:
-
- [*] Cookies:
+ [~]     (?-mix:testfire)
 
  [~] ===========================
 
- [+] 0 vulnerabilities were detected.
+ [+] 0 issues were detected.
 
 
+ [+] Plugin data:
+ [~] ---------------
 
- [*] Dumping audit results in '2010-11-24 14:43:53 +0000.afr'.
- [*] Done!
+
+ [~] 0.0% [=>                                                             ] 100%
+ [~] Est. remaining time: --:--:--
+
+ [~] Crawling, discovered 0 pages and counting.
 
  [~] Sent 0 requests.
  [~] Received and analyzed 0 responses.
- [~] In 00:00:00
+ [~] In 00:00:01
  [~] Average: 0 requests/second.
+
+ [~] Burst response time total    0
+ [~] Burst response count total   0
+ [~] Burst average response time  0
+ [~] Burst average                0 requests/second
+ [~] Timed-out requests           0
+ [~] Original max concurrency     20
+ [~] Throttled max concurrency    20
+
 </code></pre>
 
 h3(#include). "Include ==(--include/-i)==":#include
@@ -772,92 +819,125 @@ h4(#lsmod_example). "Example":#lsmod_example
 
 <pre><code>
 $ arachni --lsmod
-Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
-       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-                                      <zapotek@segfault.gr>
-               (With the support of the community and the Arachni Team.)
+Arachni - Web Application Security Scanner Framework v0.4.1dev
+   Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+           (With the support of the community and the Arachni Team.)
+
+   Website:       http://arachni-scanner.com
+   Documentation: http://arachni-scanner.com/wiki
+
+
+ [~] No modules were specified.
+ [~]  -> Will run all mods.
+
+ [~] No audit options were specified.
+ [~]  -> Will audit links, forms and cookies.
 
-       Website:       http://github.com/Arachni/arachni
-       Documentation: http://github.com/Arachni/arachni/wiki
 
 
  [~] Available modules:
 
- [*] xss_path:
+ [*] code_injection:
 --------------------
-Name:           XSSPath
-Description:    Cross-Site Scripting module for path injection
-Author:         zapotek
-Version:        0.1.2
+Name:		Code injection
+Description:	It tries to inject code snippets into the
+                web application and assess whether or not the injection
+                was successful.
+Elements:	form, link, cookie, header
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.6
 References:
- [~] ha.ckers           http://ha.ckers.org/xss.html
- [~] Secunia            http://secunia.com/advisories/9716/
+ [~] PHP		http://php.net/manual/en/function.eval.php
+ [~] Perl		http://perldoc.perl.org/functions/eval.html
+ [~] Python		http://docs.python.org/py3k/library/functions.html#eval
+ [~] ASP		http://www.aspdev.org/asp/asp-eval-execute/
+ [~] Ruby		http://en.wikipedia.org/wiki/Eval#Ruby
 Targets:
- [~] Generic            all
-Path:   /home/zapotek/workspace/arachni/modules/audit/xss_path.rb
-
- [*] ldapi:
+ [~] PHP
+ [~] Perl
+ [~] Python
+ [~] ASP
+ [~] Ruby
+Metasploitable:	unix/webapp/arachni_php_eval
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/code_injection.rb
+
+ [*] path_traversal:
 --------------------
-Name:           LDAPInjection
-Description:    It tries to force the web application to
-                return LDAP error messages in order to discover failures
-                in user input validation.
-Elements:       form, link, cookie
-Author:         Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-Version:        0.1
+Name:		PathTraversal
+Description:	It injects paths of common files (/etc/passwd and boot.ini)
+                and evaluates the existence of a path traversal vulnerability
+                based on the presence of relevant content in the HTML responses.
+Elements:	form, link, cookie, header
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.2.6
 References:
- [~] WASC               http://projects.webappsec.org/w/page/13246947/LDAP-Injection
- [~] OWASP              http://www.owasp.org/index.php/LDAP_injection
+ [~] OWASP		http://www.owasp.org/index.php/Path_Traversal
+ [~] WASC		http://projects.webappsec.org/Path-Traversal
 Targets:
- [~] Generic            all
-Path:   /home/zapotek/workspace/arachni/modules/audit/ldapi.rb
+ [~] Unix
+ [~] Windows
+ [~] Tomcat
+Metasploitable:	unix/webapp/arachni_path_traversal
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/path_traversal.rb
 
- [*] simple_cmd_exec:
+ [*] sqli_blind_rdiff:
 --------------------
-Name:           SimpleCmdExec
-Description:    Simple shell command execution recon module
-Elements:       form, link, cookie
-Author:         zapotek
-Version:        0.1.2
+Name:		Blind (rDiff) SQL Injection
+Description:	It uses rDiff analysis to decide how different inputs affect
+                the behavior of the the web pages.
+                Using that as a basis it extrapolates about what inputs are vulnerable to blind SQL injection.
+                (Note: This module may get confused by certain types of XSS vulnerabilities.
+                    If this module returns a positive result you should investigate nonetheless.)
+Elements:	link, form, cookie
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.3.2
 References:
- [~] OWASP              http://www.owasp.org/index.php/OS_Command_Injection
+ [~] OWASP		http://www.owasp.org/index.php/Blind_SQL_Injection
+ [~] MITRE - CAPEC		http://capec.mitre.org/data/definitions/7.html
 Targets:
- [~] Generic            all
-Metasploitable: unix/webapp/arachni_exec
-Path:   /home/zapotek/workspace/arachni/modules/audit/simple_cmd_exec.rb
+ [~] Generic
+Metasploitable:	unix/webapp/arachni_sqlmap
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/sqli_blind_rdiff.rb
 
 Hit <space> <enter> to continue, any other key to exit.
-Exiting...
 </code></pre>
 
 You can filter module listing like so:
 <pre><code>
-
 $ arachni --lsmod=xss --lsmod=path
-Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
-       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-                                      <zapotek@segfault.gr>
-               (With the support of the community and the Arachni Team.)
+Arachni - Web Application Security Scanner Framework v0.4.1dev
+   Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+           (With the support of the community and the Arachni Team.)
+
+   Website:       http://arachni-scanner.com
+   Documentation: http://arachni-scanner.com/wiki
+
+
+ [~] No modules were specified.
+ [~]  -> Will run all mods.
+
+ [~] No audit options were specified.
+ [~]  -> Will audit links, forms and cookies.
 
-       Website:       http://github.com/Arachni/arachni
-       Documentation: http://github.com/Arachni/arachni/wiki
 
 
  [~] Available modules:
 
  [*] xss_path:
 --------------------
-Name:           XSSPath
-Description:    Cross-Site Scripting module for path injection
-Author:         zapotek
-Version:        0.1.2
+Name:		XSSPath
+Description:	Cross-Site Scripting module for path injection
+Elements:	path
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.8
 References:
- [~] ha.ckers           http://ha.ckers.org/xss.html
- [~] Secunia            http://secunia.com/advisories/9716/
+ [~] ha.ckers		http://ha.ckers.org/xss.html
+ [~] Secunia		http://secunia.com/advisories/9716/
 Targets:
- [~] Generic            all
-Path:   /home/zapotek/workspace/arachni/modules/audit/xss_path.rb
-
+ [~] Generic
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/xss_path.rb
 </code></pre>
 
 
@@ -905,107 +985,157 @@ h4(#lsrep_example). "Example":#lsrep_example
 
 <pre><code>
 $ arachni --lsrep
-Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
-       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-                                      <zapotek@segfault.gr>
-               (With the support of the community and the Arachni Team.)
+Arachni - Web Application Security Scanner Framework v0.4.1dev
+   Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+           (With the support of the community and the Arachni Team.)
+
+   Website:       http://arachni-scanner.com
+   Documentation: http://arachni-scanner.com/wiki
+
+
+ [~] No modules were specified.
+ [~]  -> Will run all mods.
+
+ [~] No audit options were specified.
+ [~]  -> Will audit links, forms and cookies.
 
-       Website:       http://github.com/Arachni/arachni
-       Documentation: http://github.com/Arachni/arachni/wiki
 
 
  [~] Available reports:
 
+ [*] yaml:
+--------------------
+Name:		YAML Report
+Description:	Exports the audit results as a YAML file.
+Options:
+ [~] 	outfile - Where to save the report.
+ [~] 	Type:        string
+ [~] 	Default:     2012-09-09 02.41.03 +0300.yaml
+ [~] 	Required?:   false
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.1
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/yaml.rb
+
  [*] txt:
 --------------------
-Name:           Text report
-Description:    Exports a report as a plain text file.
+Name:		Text report
+Description:	Exports a report as a plain text file.
 Options:
- [~]    outfile - Where to save the report.
- [~]    Type:        string
- [~]    Default:     2010-11-24 15:30:38 +0000.txt
- [~]    Required?:   false
+ [~] 	outfile - Where to save the report.
+ [~] 	Type:        string
+ [~] 	Default:     2012-09-09 02.41.03 +0300.txt
+ [~] 	Required?:   false
 
-Author:         zapotek
-Version:        0.1
-Path:   /home/zapotek/workspace/arachni/reports/txt.rb
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.2.1
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/txt.rb
 
  [*] xml:
 --------------------
-Name:           XML report
-Description:    Exports a report as an XML file.
+Name:		XML report
+Description:	Exports a report as an XML file.
 Options:
- [~]    outfile - Where to save the report.
- [~]    Type:        string
- [~]    Default:     2010-11-24 15:30:38 +0000.xml
- [~]    Required?:   false
+ [~] 	outfile - Where to save the report.
+ [~] 	Type:        string
+ [~] 	Default:     2012-09-09 02.41.03 +0300.xml
+ [~] 	Required?:   false
 
-Author:         zapotek
-Version:        0.1
-Path:   /home/zapotek/workspace/arachni/reports/xml.rb
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.2.2
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/xml.rb
 
- [*] ap:
+ [*] metareport:
 --------------------
-Name:           AP
-Description:    Awesome prints an AuditStore hash.
-Author:         zapotek
-Version:        0.1
-Path:   /home/zapotek/workspace/arachni/reports/ap.rb
+Name:		Metareport
+Description:	Creates a file to be used with the Arachni MSF plug-in.
+Options:
+ [~] 	outfile - Where to save the report.
+ [~] 	Type:        string
+ [~] 	Default:     2012-09-09 02.41.03 +0300.msf
+ [~] 	Required?:   false
 
- [*] stdout:
---------------------
-Name:           Stdout
-Description:    Prints the results to standard output.
-Author:         zapotek
-Version:        0.2.1
-Path:   /home/zapotek/workspace/arachni/reports/stdout.rb
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.1
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/metareport.rb
 
- [*] metareport:
+ [*] afr:
 --------------------
-Name:           Metareport
-Description:    Creates a file to be used with the Arachni MSF plug-in.
+Name:		Arachni Framework Report
+Description:	Saves the file in the default Arachni Framework Report (.afr) format.
 Options:
- [~]    outfile - Where to save the report.
- [~]    Type:        string
- [~]    Default:     2010-11-24 15:30:38 +0000.msf
- [~]    Required?:   false
+ [~] 	outfile - Where to save the report.
+ [~] 	Type:        string
+ [~] 	Default:     2012-09-09 02.41.03 +0300.afr
+ [~] 	Required?:   false
 
-Author:         zapotek
-Version:        0.1
-Path:   /home/zapotek/workspace/arachni/reports/metareport.rb
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.1
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/afr.rb
 
  [*] html:
 --------------------
-Name:           HTML Report
-Description:    Exports a report as an HTML document.
+Name:		HTML Report
+Description:	Exports a report as an HTML document.
 Options:
- [~]    tpl - Template to use.
- [~]    Type:        path
- [~]    Default:     /home/zapotek/workspace/arachni/reports/html/default.tpl
- [~]    Required?:   false
+ [~] 	tpl - Template to use.
+ [~] 	Type:        path
+ [~] 	Default:     /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/html/default.erb
+ [~] 	Required?:   false
 
- [~]    outfile - Where to save the report.
- [~]    Type:        string
- [~]    Default:     2010-11-24 15:30:38 +0000.html
- [~]    Required?:   false
+ [~] 	outfile - Where to save the report.
+ [~] 	Type:        string
+ [~] 	Default:     2012-09-09 02.41.03 +0300.html
+ [~] 	Required?:   false
 
-Author:         zapotek
-Version:        0.1
-Path:   /home/zapotek/workspace/arachni/reports/html.rb
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.3.1
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/html.rb
 
- [*] afr:
+ [*] ap:
+--------------------
+Name:		AP
+Description:	Awesome prints an AuditStore hash.
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.1
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/ap.rb
+
+ [*] marshal:
+--------------------
+Name:		Marshal Report
+Description:	Exports the audit results as a Marshal file.
+Options:
+ [~] 	outfile - Where to save the report.
+ [~] 	Type:        string
+ [~] 	Default:     2012-09-09 02.41.03 +0300.marshal
+ [~] 	Required?:   false
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.1
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/marshal.rb
+
+ [*] json:
 --------------------
-Name:           Arachni Framework Report
-Description:    Saves the file in the default Arachni Framework Report (.afr) format.
+Name:		JSON Report
+Description:	Exports the audit results as a JSON file.
 Options:
- [~]    outfile - Where to save the report.
- [~]    Type:        string
- [~]    Default:     2010-11-24 15:30:38 +0000.afr
- [~]    Required?:   false
-
-Author:         zapotek
-Version:        0.1
-Path:   /home/zapotek/workspace/arachni/reports/afr.rb
+ [~] 	outfile - Where to save the report.
+ [~] 	Type:        string
+ [~] 	Default:     2012-09-09 02.41.03 +0300.json
+ [~] 	Required?:   false
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.1
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/json.rb
+
+ [*] stdout:
+--------------------
+Name:		Stdout
+Description:	Prints the results to standard output.
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.2.2
+Path:	/home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/stdout.rb
 </code></pre>
 
 h3(#repload). "Load a report ==(--repload)==":#repload
@@ -1021,63 +1151,63 @@ h4(#repload_example). "Example":#repload_example
 
 Load an AFR report file and send it to the "stdout" report.
 <pre><code>
-$ arachni --repload=2010-11-24\ 14\:52\:59\ +0000.afr --report=stdout
-Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
-       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-                                      <zapotek@segfault.gr>
-               (With the support of the community and the Arachni Team.)
+$ arachni --repload=2012-09-09\ 02.42.20\ +0300.afr
+Arachni - Web Application Security Scanner Framework v0.4.1dev
+   Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+           (With the support of the community and the Arachni Team.)
+
+   Website:       http://arachni-scanner.com
+   Documentation: http://arachni-scanner.com/wiki
 
-       Website:       http://github.com/Arachni/arachni
-       Documentation: http://github.com/Arachni/arachni/wiki
 
 
 
 ================================================================================
 
+
  [+] Web Application Security Report - Arachni Framework
 
- [~] Report generated on: 2010-11-24 14:53:42 +0000
- [~] Report false positives: http://github.com/Arachni/arachni/issues
+ [~] Report generated on: 2012-09-09 02:42:54 +0300
+ [~] Report false positives at: http://github.com/Arachni/arachni/issues
 
  [+] System settings:
  [~] ---------------
- [~] Version:  0.2.1
- [~] Revision: 0.2
- [~] Audit started on:  Wed Nov 24 14:52:59 2010
- [~] Audit finished on: Wed Nov 24 14:52:59 2010
- [~] Runtime: 00:00:00
+ [~] Version:  0.4.1dev
+ [~] Revision: 0.2.7
+ [~] Audit started on:  Sun Sep  9 02:42:15 2012
+ [~] Audit finished on: Sun Sep  9 02:42:18 2012
+ [~] Runtime: 00:00:03
 
- [~] URL: http://localhost/~zapotek/tests/forms/xss.php
- [~] User agent: Arachni/0.2.1
+ [~] URL: http://testfire.net/
+ [~] User agent: Arachni/v0.4.1dev
 
  [*] Audited elements:
- [~] * Links
  [~] * Forms
- [~] * Cookies
 
  [*] Modules: xss
 
- [*] Filters:
- [~]   Exclude:
- [~]   Include:
- [~]     (?-mix:.*)
- [~]   Redundant:
-
  [*] Cookies:
+ [~]   ASP.NET_SessionId = zdjkcj2t3qdmmw555alngpbm
+ [~]   amSessionId = 203429333847
 
  [~] ===========================
 
- [+] 1 vulnerabilities were detected.
+ [+] 1 issues were detected.
 
- [+] Cross-Site Scripting (XSS)
+ [+] [1] Cross-Site Scripting (XSS)
  [~] ~~~~~~~~~~~~~~~~~~~~
+ [~] ID Hash:  106295fcfffa8fea3664f8fb27defe5b81f3dfba2b54c5c7f2bcb63b36246359
  [~] Severity: High
- [~] URL:      http://localhost/~zapotek/tests/forms/xss.php
- [~] Elements: form
- [~] Variable: xss
+ [~] URL:      http://testfire.net/search.aspx
+ [~] Element:  form
+ [~] Method:   GET
+ [~] Tags:     xss, regexp, injection, script
+ [~] Variable: txtSearch
  [~] Description:
- [~] Client-side code, like JavaScript, can
-                    be injected into the web application.
+ [~] Client-side code (like JavaScript) can
+    be injected into the web application which is then returned to the user's browser.
+    This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
 
  [~] CWE: http://cwe.mitre.org/data/definitions/79.html
 
@@ -1090,28 +1220,70 @@ Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
  [*] Variations
  [~] ----------
  [~] Variation 1:
- [~] URL: http://localhost/~zapotek/tests/forms/xss.php
- [~] ID:  <arachni_xss_955420f4722f1116416100259a0ff352f269f15ba0db23cca38c1428ef2ab42d
- [~] Injected value:     1<arachni_xss_955420f4722f1116416100259a0ff352f269f15ba0db23cca38c1428ef2ab42d
- [~] Regular expression: (?-mix:<arachni_xss_955420f4722f1116416100259a0ff352f269f15ba0db23cca38c1428ef2ab42d)
- [~] Matched string:     <arachni_xss_955420f4722f1116416100259a0ff352f269f15ba0db23cca38c1428ef2ab42d
+ [~] URL: http://testfire.net/search.aspx
+ [~] Injected value:     <some_dangerous_input_851ed9aefabd36fc0ad7d0611c23e1ae561b7caaa28b42ef305a109c9f1cb639/>
+ [~] Regular expression:
+ [~] Matched string:     <some_dangerous_input_851ed9aefabd36fc0ad7d0611c23e1ae561b7caaa28b42ef305a109c9f1cb639/>
+
+
+
+ [+] Plugin data:
+ [~] ---------------
+
+
+ [*] Resolver
+ [~] ~~~~~~~~~~~~~~
+ [~] Description: Resolves vulnerable hostnames to IP addresses.
+
+ [~] testfire.net: 65.61.137.117
+
+ [*] Health map
+ [~] ~~~~~~~~~~~~~~
+ [~] Description: Generates a simple list of safe/unsafe URLs.
+
+ [~] Legend:
+ [+] No issues
+ [-] Has issues
+
+ [+] http://testfire.net/
+ [-] http://testfire.net/search.aspx
+
+ [~] Total: 2
+ [+] Without issues: 1
+ [-] With issues: 1 ( 50% )
+
+ [*] Profiler
+ [~] ~~~~~~~~~~~~~~
+ [~] Description: Examines the behavior of the web application gathering general statistics
+                and performs taint analysis to determine which inputs affect the output.
+
+                It does not perform any vulnerability assessment nor does it send attack payloads.
+
+ [~] Inputs affecting output:
+
+ [+] Form using the 'txtSearch' input at 'http://testfire.net/' pointing to 'http://testfire.net/search.aspx' using 'GET'.
+ [~] It was submitted using the following parameters:
+ [~]   * txtSearch	= arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1
+ [~]
+ [~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1':
+ [~]   * Body
 </code></pre>
 
 Load an AFR file and create an HTML report from it.
 <pre><code>
-$ arachni --repload=2010-11-24\ 14\:52\:59\ +0000.afr --report=html
-Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
-       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-                                      <zapotek@segfault.gr>
-               (With the support of the community and the Arachni Team.)
+$ arachni --repload=2012-09-09\ 02.42.20\ +0300.afr --report=html
+Arachni - Web Application Security Scanner Framework v0.4.1dev
+   Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+           (With the support of the community and the Arachni Team.)
 
-       Website:       http://github.com/Arachni/arachni
-       Documentation: http://github.com/Arachni/arachni/wiki
+   Website:       http://arachni-scanner.com
+   Documentation: http://arachni-scanner.com/wiki
 
 
 
  [*] Creating HTML report...
- [*] Saved in '2010-11-24 14:53:35 +0000.html'.
+ [*] Saved in '2012-09-09 02.43.42 +0300.html'.
 </code></pre>
 
 h3(#report). "Report ==(--report)==":#report
@@ -1127,41 +1299,97 @@ h4(#report_example). "Example":#report_example
 
 Running the HTML report with an outfile option:
 <pre><code>
-$ arachni --modules=xss http://localhost/~zapotek/tests/forms/xss.php --report=html:outfile=my_html_report.html
-Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
-       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-                                      <zapotek@segfault.gr>
-               (With the support of the community and the Arachni Team.)
+$ arachni http://testfire.net --link-count=1 --modules=xss --report=html:outfile=my_html_report.html
+Arachni - Web Application Security Scanner Framework v0.4.1dev
+   Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
 
-       Website:       http://github.com/Arachni/arachni
-       Documentation: http://github.com/Arachni/arachni/wiki
+           (With the support of the community and the Arachni Team.)
+
+   Website:       http://arachni-scanner.com
+   Documentation: http://arachni-scanner.com/wiki
 
 
  [~] No audit options were specified.
  [~]  -> Will audit links, forms and cookies.
- [*] Initing...
 
- [*] [HTTP: 200] http://localhost/~zapotek/tests/forms/xss.php
- [*] XSS: Auditing form variable '__original_values__' of http://localhost/~zapotek/tests/forms/xss.php
- [*] XSS: Auditing form variable '__sample_values__' of http://localhost/~zapotek/tests/forms/xss.php
- [*] XSS: Auditing form variable 'xss' of http://localhost/~zapotek/tests/forms/xss.php
+ [*] Initialising...
+ [*] Waiting for plugins to settle...
+ [*] [HTTP: 200] http://testfire.net/
  [*] Harvesting HTTP responses...
  [~] Depending on server responsiveness and network conditions this may take a while.
- [*] XSS: Analyzing response #2...
- [+] XSS: In form var 'xss'  ( http://localhost/~zapotek/tests/forms/xss.php )
- [*] XSS: Analyzing response #0...
- [*] XSS: Analyzing response #1...
+
+ [*] Auditing: [HTTP: 200] http://testfire.net/
+ [*] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
+ [*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
+ [*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
+ [*] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
+ [*] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
+ [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
+ [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
+ [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
+ [*] Harvesting HTTP responses...
+ [~] Depending on server responsiveness and network conditions this may take a while.
+ [*] Profiler: Analyzing response #3...
+ [*] Profiler: Analyzing response #4...
+ [~] Trainer: Found 1 new links.
+ [*] Profiler: Analyzing response #5...
+ [*] Profiler: Analyzing response #6...
+ [*] XSS: Analyzing response #9...
+ [*] XSS: Analyzing response #10...
+ [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
+ [*] XSS: Analyzing response #13...
+ [*] XSS: Analyzing response #14...
+ [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
+ [*] XSS: Analyzing response #17...
+ [*] XSS: Analyzing response #18...
+ [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
+ [*] Profiler: Analyzing response #8...
+ [*] Profiler: Analyzing response #7...
+ [*] XSS: Analyzing response #12...
+ [*] XSS: Analyzing response #11...
+ [*] XSS: Analyzing response #15...
+ [*] XSS: Analyzing response #16...
+ [*] XSS: Analyzing response #19...
+ [*] XSS: Analyzing response #20...
+
+ [*] Resolver: Resolving hostnames...
+ [*] Resolver: Done!
+
+ [*] Dumping audit results in '2012-09-09 02.45.19 +0300.afr'.
+ [*] Done!
 
  [*] Creating HTML report...
  [*] Saved in 'my_html_report.html'.
 
- [*] Dumping audit results in '2010-11-24 14:56:47 +0000.afr'.
- [*] Done!
+ [~] 100.0% [============================================================>] 100%
+ [~] Est. remaining time: --:--:--
 
- [~] Sent 3 requests.
- [~] Received and analyzed 3 responses.
- [~] In 00:00:00
- [~] Average: 56 requests/second.
+ [~] Crawler has discovered 2 pages.
+ [~] Audit limited to a max of 1 pages -- excluding 1 pages of Trainer feedback.
+
+ [~] Sent 25 requests.
+ [~] Received and analyzed 25 responses.
+ [~] In 00:00:04
+ [~] Average: 6 requests/second.
+
+ [~] Currently auditing           http://testfire.net/search.aspx?txtSearch=
+ [~] Burst response time total    0
+ [~] Burst response count total   0
+ [~] Burst average response time  0
+ [~] Burst average                0 requests/second
+ [~] Timed-out requests           0
+ [~] Original max concurrency     20
+ [~] Throttled max concurrency    20
 </code></pre>
 
 h2(#plugins). "Plugins":#plugins
@@ -1178,61 +1406,486 @@ h4(#lsplug_example). "Example":#lsplug_example
 
 <pre><code>
 $ arachni --lsplug
-Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
-       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-                                      <zapotek@segfault.gr>
-               (With the support of the community and the Arachni Team.)
+Arachni - Web Application Security Scanner Framework v0.4.1dev
+   Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+           (With the support of the community and the Arachni Team.)
+
+   Website:       http://arachni-scanner.com
+   Documentation: http://arachni-scanner.com/wiki
+
+
+ [~] No modules were specified.
+ [~]  -> Will run all mods.
+
+ [~] No audit options were specified.
+ [~]  -> Will audit links, forms and cookies.
 
-       Website:       http://github.com/Arachni/arachni
-       Documentation: http://github.com/Arachni/arachni/wiki
 
 
  [~] Available plugins:
 
+ [*] resolver:
+--------------------
+Name:		Resolver
+Description:	Resolves vulnerable hostnames to IP addresses.
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.1
+Path:	/home/zapotek/workspace/arachni/plugins/defaults/resolver.rb
+
+ [*] healthmap:
+--------------------
+Name:		Health map
+Description:	Generates a simple list of safe/unsafe URLs.
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.3
+Path:	/home/zapotek/workspace/arachni/plugins/defaults/healthmap.rb
+
+ [*] profiler:
+--------------------
+Name:		Profiler
+Description:	Examines the behavior of the web application gathering general statistics
+                and performs taint analysis to determine which inputs affect the output.
+
+                It does not perform any vulnerability assessment nor does it send attack payloads.
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.5
+Path:	/home/zapotek/workspace/arachni/plugins/defaults/profiler.rb
+
+ [*] uniformity:
+--------------------
+Name:		Uniformity (Lack of central sanitization)
+Description:	Analyzes the scan results and logs issues which persist across different pages.
+                This is usually a sign for a lack of a central/single point of input sanitization,
+                a bad coding practise.
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.2
+Path:	/home/zapotek/workspace/arachni/plugins/defaults/meta/uniformity.rb
+
+ [*] manual_verification:
+--------------------
+Name:		Issues requiring manual verification
+Description:	The HTTP responses of the issues logged by this plugin exhibit a suspicious pattern
+                even before any audit action has taken place -- this challenges the relevance of the audit procedure.
+
+                Thus, these issues require manual verification.
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.2
+Path:	/home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/manual_verification.rb
+
+ [*] timing_attacks:
+--------------------
+Name:		Timing attack anomalies
+Description:	Analyzes the scan results and logs issues that used timing attacks
+                while the affected web pages demonstrated an unusually high response time.
+                A situation which renders the logged issues inconclusive or (possibly) false positives.
+
+                Pages with high response times usually include heavy-duty processing
+                which makes them prime targets for Denial-of-Service attacks.
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.4
+Path:	/home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/timing_attacks.rb
+
+ [*] discovery:
+--------------------
+Name:		Discovery module response anomalies
+Description:	Analyzes the scan results and identifies issues logged by discovery modules
+                (i.e. modules that look for certain files and folders on the server),
+                while the server responses were exhibiting an anomalous factor of similarity.
+
+                There's a good chance that these issues are false positives.
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.2
+Path:	/home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/discovery.rb
+
+ [*] autothrottle:
+--------------------
+Name:		AutoThrottle
+Description:	Monitors HTTP response times and automatically
+                throttles the request concurrency in order to maintain stability
+                and avoid from killing the server.
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.3
+Path:	/home/zapotek/workspace/arachni/plugins/defaults/autothrottle.rb
+
+ [*] content_types:
+--------------------
+Name:		Content-types
+Description:	Logs content-types of server responses.
+                It can help you categorize and identify publicly available file-types
+                which in turn can help you identify accidentally leaked files.
+Options:
+ [~] 	exclude - Exclude content-types that match this regular expression.
+ [~] 	Type:        string
+ [~] 	Default:     text
+ [~] 	Required?:   false
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.4
+Path:	/home/zapotek/workspace/arachni/plugins/defaults/content_types.rb
+
+ [*] libnotify:
+--------------------
+Name:		libnotify
+Description:	Uses the libnotify library to send notifications for each discovered issue
+                and a summary at the end of the scan.
+Options:
+ [~] 	for_every_issue - Show every issue.
+ [~] 	Type:        bool
+ [~] 	Default:     true
+ [~] 	Required?:   false
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.1
+Path:	/home/zapotek/workspace/arachni/plugins/libnotify.rb
+
+ [*] cookie_collector:
+--------------------
+Name:		Cookie collector
+Description:	Monitors and collects cookies while establishing a timeline of changes.
+
+                WARNING: Highly discouraged when the audit includes cookies.
+                    It will log thousands of results leading to a huge report,
+                    highly increased memory and CPU usage.
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.5
+Path:	/home/zapotek/workspace/arachni/plugins/cookie_collector.rb
+
  [*] proxy:
 --------------------
-Name:           Proxy
-Description:    Gathers data based on user actions and exchanged HTTP
-                traffic and pushes that data to the framework's page-queue to be audited.
-                It also updates the framework cookies with the cookies of the HTTP requests and
-                responses, thus it can also be used to login to a web application.
+Name:		Proxy
+Description:
+                * Gathers data based on user actions and exchanged HTTP
+                    traffic and pushes that data to the framework's page-queue to be audited.
+                * Updates the framework cookies with the cookies of the HTTP requests and
+                    responses, thus it can also be used to login to a web application.
+                * Supports SSL interception.
+
+                To skip crawling and only audit elements discovered by using the proxy
+                set '--link-count=0'.
+Options:
+ [~] 	port - Port to bind to.
+ [~] 	Type:        port
+ [~] 	Default:     8282
+ [~] 	Required?:   false
+
+ [~] 	bind_address - IP address to bind to.
+ [~] 	Type:        address
+ [~] 	Default:     0.0.0.0
+ [~] 	Required?:   false
+
+ [~] 	timeout - How long to wait for a request to complete, in milliseconds.
+ [~] 	Type:        integer
+ [~] 	Default:     20000
+ [~] 	Required?:   false
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.2
+Path:	/home/zapotek/workspace/arachni/plugins/proxy.rb
+
+ [*] beep_notify:
+--------------------
+Name:		Beep notify
+Description:	It beeps when the scan finishes.
+Options:
+ [~] 	repeat - How many times to beep.
+ [~] 	Type:        integer
+ [~] 	Default:     4
+ [~] 	Required?:   false
+
+ [~] 	interval - How long to wait between beeps.
+ [~] 	Type:        float
+ [~] 	Default:     0.4
+ [~] 	Required?:   false
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1
+Path:	/home/zapotek/workspace/arachni/plugins/beep_notify.rb
+
+ [*] rescan:
+--------------------
+Name:		ReScan
+Description:	It uses the AFR report of a previous scan to
+                extract the sitemap in order to avoid a redundant crawl.
+
+Options:
+ [~] 	afr - Path to the AFR report.
+ [~] 	Type:        path
+ [~] 	Default:
+ [~] 	Required?:   true
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.2
+Path:	/home/zapotek/workspace/arachni/plugins/rescan.rb
+
+ [*] http_dicattack:
+--------------------
+Name:		HTTP dictionary attacker
+Description:	Uses wordlists to crack password protected directories.
+                If the cracking process is successful the found credentials will be set
+                framework-wide and used for the duration of the audit.
+                If that's not what you want set the crawler's link-count limit to "0".
+Options:
+ [~] 	username_list - File with a list of usernames (newline separated).
+ [~] 	Type:        path
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	password_list - File with a list of passwords (newline separated).
+ [~] 	Type:        path
+ [~] 	Default:
+ [~] 	Required?:   true
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.2
+Path:	/home/zapotek/workspace/arachni/plugins/http_dicattack.rb
+
+ [*] vector_feed:
+--------------------
+Name:		Vector feed
+Description:	Reads in vector data from which it creates elements to be audited.
+    Can be used to perform extremely specialized/narrow audits on a per vector/element basis.
+
+    Notes:
+        * To only audit the vectors in the feed you must set the 'link-count' limit to 0 to prevent crawling.
+        * Can handle multiple YAML documents.
+
+    Example YAML file:
+-
+  # you can pass pages to be audited by grep modules (and JS in the future)
+  type: page
+  url: http://localhost/
+  # response code
+  code: 200
+  # response headers
+  headers:
+    Content-Type: "text/html; charset=utf-8"
+  body: "HTML code goes here"
+
+-
+  # default type is link which has method get
+  #type: link
+  action: http://localhost/link
+  inputs:
+    my_param: "my val"
+
+-
+  # if a method is post it'll default to a form type
+  type: form
+  method: post
+  action: http://localhost/form
+  inputs:
+    post_this: "HUA!"
+    csrf: "my_csrf_token"
+  # do not fuzz/mutate/audit the following inputs (by name obviously)
+  skip:
+    - csrf
+
+# GET only
+-
+  type: cookie
+  action: http://localhost/cookie
+  inputs:
+    session_id: "43434234343sddsdsds"
+
+# GET only
+-
+  type: header
+  action: http://localhost/header
+  # only 1 input allowed, each header field=>value must be defined separately
+  inputs:
+    User-Agent: "Blah/2"
+
+
+Options:
+ [~] 	vectors -  Vector array (for configuration over RPC).
+ [~] 	Type:        abstract
+ [~] 	Default:
+ [~] 	Required?:   false
+
+ [~] 	yaml_string - A string of YAML serialized vectors (for configuration over RPC).
+ [~] 	Type:        string
+ [~] 	Default:
+ [~] 	Required?:   false
+
+ [~] 	yaml_file - A file containing the YAML serialized vectors.
+ [~] 	Type:        path
+ [~] 	Default:
+ [~] 	Required?:   false
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.2
+Path:	/home/zapotek/workspace/arachni/plugins/vector_feed.rb
+
+ [*] script:
+--------------------
+Name:		Script
+Description:	Loads and runs an external Ruby script under the scope of a plugin,
+                used for debugging and general hackery.
+
+                Will not work over RPC.
 Options:
- [~]    port - Port to bind to.
- [~]    Type:        port
- [~]    Default:     8282
- [~]    Required?:   false
+ [~] 	path - Path to the script.
+ [~] 	Type:        path
+ [~] 	Default:
+ [~] 	Required?:   true
 
- [~]    bind_address - IP address to bind to.
- [~]    Type:        address
- [~]    Default:     0.0.0.0
- [~]    Required?:   false
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.1
+Path:	/home/zapotek/workspace/arachni/plugins/script.rb
 
-Author:         Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-Version:        0.1
-Path:   /home/zapotek/workspace/arachni/plugins/proxy.rb
+ [*] email_notify:
+--------------------
+Name:		E-mail notify
+Description:	Sends a notification (and optionally a report) over SMTP at the end of the scan.
+Options:
+ [~] 	to - E-mail address of the receiver.
+ [~] 	Type:        string
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	cc - E-mail address to which to send a carbon copy of the notification.
+ [~] 	Type:        string
+ [~] 	Default:
+ [~] 	Required?:   false
+
+ [~] 	bcc - E-mail address for a blind carbon copy.
+ [~] 	Type:        string
+ [~] 	Default:
+ [~] 	Required?:   false
+
+ [~] 	from - E-mail address of the sender.
+ [~] 	Type:        string
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	server_address - Address of the SMTP server to use.
+ [~] 	Type:        address
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	server_port - SMTP port.
+ [~] 	Type:        port
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	tls - Use TLS/SSL?.
+ [~] 	Type:        bool
+ [~] 	Default:
+ [~] 	Required?:   false
+
+ [~] 	username - SMTP username.
+ [~] 	Type:        string
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	password - SMTP password.
+ [~] 	Type:        string
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	authentication - Authentication.
+ [~] 	Type:        string
+ [~] 	Default:     plain
+ [~] 	Required?:   false
+
+ [~] 	report - Report type to send as an attachment. (accepted: txt, xml, html, json, yaml, marshalnone)
+ [~] 	Type:        enum
+ [~] 	Default:     txt
+ [~] 	Required?:   false
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.2
+Path:	/home/zapotek/workspace/arachni/plugins/email_notify.rb
 
  [*] autologin:
 --------------------
-Name:           AutoLogin
-Description:    It looks for the login form in the user provided URL,
+Name:		AutoLogin
+Description:	It looks for the login form in the user provided URL,
                 merges its input fields with the user supplied parameters and sets the cookies
-                of the response and request as framework-wide cookies to be user by the spider later on.
+                of the response and request as framework-wide cookies to be used by the spider later on.
 
 Options:
- [~]    url - The URL that contains the login form.
- [~]    Type:        url
- [~]    Default:
- [~]    Required?:   true
+ [~] 	url - The URL that contains the login form.
+ [~] 	Type:        url
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	params - Form parameters to submit. ( username=user&password=pass )
+ [~] 	Type:        string
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	check - A pattern which will be used to verify a successful login.
+                    For example, if a logout link only appears when a user is logged in then it can be a perfect choice.
+ [~] 	Type:        string
+ [~] 	Default:
+ [~] 	Required?:   true
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.5
+Path:	/home/zapotek/workspace/arachni/plugins/autologin.rb
+
+ [*] waf_detector:
+--------------------
+Name:		WAF Detector
+Description:	Performs basic profiling on the web application
+                in order to assess the existence of a Web Application Firewall.
 
- [~]    params - Form parameters to submit. ( username=user&password=pass )
- [~]    Type:        string
- [~]    Default:
- [~]    Required?:   true
+                This is a 4 stage process:
+                   1. Grab the original page as is
+                   2. Send a lot of innocent (vanilla) strings in non-existent inputs so as to profile normal behavior
+                   3. Send a lot of suspicious (spicy) strings in non-existent inputs and check if behavior changes
+                   4. Make heads or tails of the gathered responses
 
-Author:         Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-Version:        0.1
-Path:   /home/zapotek/workspace/arachni/plugins/autologin.rb
+                 Steps 1 to 3 will be repeated _precision_ times (default: 5) and the responses will be averaged using rDiff analysis.
+Options:
+ [~] 	precision - Stage precision (how many times to perform each detection stage).
+ [~] 	Type:        integer
+ [~] 	Default:     5
+ [~] 	Required?:   false
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.2
+Path:	/home/zapotek/workspace/arachni/plugins/waf_detector.rb
 
+ [*] form_dicattack:
+--------------------
+Name:		Form dictionary attacker
+Description:	Uses wordlists to crack login forms.
+                If the cracking process is successful the found credentials will be set
+                framework-wide and used for the duration of the audit.
+                If that's not what you want set the crawler's link-count limit to "0".
+Options:
+ [~] 	username_list - File with a list of usernames (newline separated).
+ [~] 	Type:        path
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	password_list - File with a list of passwords (newline separated).
+ [~] 	Type:        path
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	username_field - The name of the username form field.
+ [~] 	Type:        string
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	password_field - The name of the password form field.
+ [~] 	Type:        string
+ [~] 	Default:
+ [~] 	Required?:   true
+
+ [~] 	login_verifier - A regular expression which will be used to verify a successful login.
+                    For example, if a logout link only appears when a user is logged in then it can be a perfect choice.
+ [~] 	Type:        string
+ [~] 	Default:
+ [~] 	Required?:   true
+
+Author:		Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+Version:	0.1.4
+Path:	/home/zapotek/workspace/arachni/plugins/form_dicattack.rb
 </code></pre>
 
 h3(#plugin). "Plugin ==(--plugin)==":#plugin
@@ -1248,84 +1901,131 @@ h4(#plugin_example). "Example":#plugin_example
 
 Excluding the logout URL and running the AutoLogin plugin to automatically login to a web application:
 <pre><code>
-$ arachni -m xss http://localhost/~zapotek/tests/forms/login.php \
--e logout \
---plugin=autologin:url=http://localhost/~zapotek/tests/forms/login.php,params='username=user&password=pass'
+$ arachni http://testfire.net --link-count=1 --modules=xss \
+    --plugin=autologin:url=http://testfire.net/bank/login.aspx,params='uid=jsmith&passw=Demo1234',check='Sign Off|MY ACCOUNT' \
+    -e logout
 
-Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
-       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-                                      <zapotek@segfault.gr>
-               (With the support of the community and the Arachni Team.)
+Arachni - Web Application Security Scanner Framework v0.4.1dev
+   Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
 
-       Website:       http://github.com/Arachni/arachni
-       Documentation: http://github.com/Arachni/arachni/wiki
+           (With the support of the community and the Arachni Team.)
+
+   Website:       http://arachni-scanner.com
+   Documentation: http://arachni-scanner.com/wiki
 
 
  [~] No audit options were specified.
  [~]  -> Will audit links, forms and cookies.
- [*] Initing...
+
+ [*] Initialising...
+ [~] AutoLogin: System paused.
  [*] Waiting for plugins to settle...
- [*] AutoLogin: Found log-in form with name: <n/a>
+ [*] AutoLogin: Found log-in form with name: login
  [+] AutoLogin: Form submitted successfully.
- [~] AutoLogin: Extracted cookies:
- [~] AutoLogin:   * PHPSESSID => 21698106459076a83e9eaae9cc752b25
-
- [*] [HTTP: 200] http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable '__original_values__' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable '__sample_values__' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable 'sql_inj' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable '__original_values__' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable '__sample_values__' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable 'rfi' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable '__original_values__' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable '__sample_values__' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable 'xss' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable '__original_values__' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable '__sample_values__' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable 'eval' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable '__original_values__' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable '__sample_values__' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing form variable 'os_command' of http://localhost/~zapotek/tests/forms/login.php
- [*] XSS: Auditing cookie variable 'PHPSESSID' of http://localhost/~zapotek/tests/forms/login.php
+ [~] AutoLogin: Cookies set to:
+ [~] AutoLogin:     * ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55
+ [~] AutoLogin:     * amSessionId = 204023334531
+ [~] AutoLogin:     * amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ=
+ [~] AutoLogin:     * amUserId = 100116014
+ [~] AutoLogin:     * amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9
+ [*] [HTTP: 200] http://testfire.net/
  [*] Harvesting HTTP responses...
  [~] Depending on server responsiveness and network conditions this may take a while.
- [*] XSS: Analyzing response #2...
- [*] XSS: Analyzing response #4...
- [*] XSS: Analyzing response #5...
- [*] XSS: Analyzing response #6...
- [*] XSS: Analyzing response #7...
- [*] XSS: Analyzing response #8...
- [*] XSS: Analyzing response #3...
- [*] XSS: Analyzing response #9...
- [*] XSS: Analyzing response #10...
- [+] XSS: In form var 'xss'  ( http://localhost/~zapotek/tests/forms/login.php )
- [*] XSS: Analyzing response #11...
- [*] XSS: Analyzing response #12...
- [*] XSS: Analyzing response #13...
- [*] XSS: Analyzing response #14...
- [*] XSS: Analyzing response #15...
- [*] XSS: Analyzing response #17...
- [*] XSS: Analyzing response #16...
+
+ [*] Auditing: [HTTP: 200] http://testfire.net/
+ [*] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
+ [*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
+ [*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
+ [*] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
+ [*] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
+ [*] Profiler: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
+ [*] Profiler: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
+ [*] Profiler: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
+ [*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
+ [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
+ [*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
+ [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
+ [*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
+ [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
+ [*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
+ [*] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
  [*] Harvesting HTTP responses...
  [~] Depending on server responsiveness and network conditions this may take a while.
+ [*] Profiler: Analyzing response #6...
+ [*] Profiler: Analyzing response #7...
+ [*] XSS: Analyzing response #26...
+ [*] XSS: Analyzing response #27...
+ [~] Trainer: Found 1 new links.
+ [*] Profiler: Analyzing response #9...
+ [*] Profiler: Analyzing response #8...
+ [*] XSS: Analyzing response #28...
+ [*] XSS: Analyzing response #15...
+ [*] XSS: Analyzing response #16...
+ [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
+ [*] XSS: Analyzing response #22...
+ [*] XSS: Analyzing response #30...
+ [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
+ [*] Profiler: Analyzing response #10...
+ [*] XSS: Analyzing response #31...
+ [*] XSS: Analyzing response #32...
+ [*] Profiler: Analyzing response #11...
+ [*] Profiler: Analyzing response #12...
+ [*] Profiler: Analyzing response #14...
+ [*] Profiler: Analyzing response #13...
+ [*] XSS: Analyzing response #33...
+ [*] XSS: Analyzing response #17...
+ [*] XSS: Analyzing response #18...
+ [*] XSS: Analyzing response #19...
+ [*] XSS: Analyzing response #34...
+ [*] XSS: Analyzing response #20...
+ [*] XSS: Analyzing response #21...
+ [*] XSS: Analyzing response #23...
+ [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
+ [*] XSS: Analyzing response #35...
+ [*] XSS: Analyzing response #24...
+ [*] XSS: Analyzing response #25...
+ [*] XSS: Analyzing response #29...
+
+ [*] Resolver: Resolving hostnames...
+ [*] Resolver: Done!
+
+
+ [*] Dumping audit results in '2012-09-09 02.48.17 +0300.afr'.
+ [*] Done!
+
 
 ================================================================================
 
+
  [+] Web Application Security Report - Arachni Framework
 
- [~] Report generated on: 2010-11-24 15:11:50 +0000
- [~] Report false positives: http://github.com/Arachni/arachni/issues
+ [~] Report generated on: 2012-09-09 02:48:17 +0300
+ [~] Report false positives at: http://github.com/Arachni/arachni/issues
 
  [+] System settings:
  [~] ---------------
- [~] Version:  0.2.1
- [~] Revision: 0.2
- [~] Audit started on:  Wed Nov 24 15:11:45 2010
- [~] Audit finished on: Wed Nov 24 15:11:49 2010
- [~] Runtime: 00:00:04
+ [~] Version:  0.4.1dev
+ [~] Revision: 0.2.7
+ [~] Audit started on:  Sun Sep  9 02:48:08 2012
+ [~] Audit finished on: Sun Sep  9 02:48:15 2012
+ [~] Runtime: 00:00:06
 
- [~] URL: http://localhost/~zapotek/tests/forms/login.php
- [~] User agent: Arachni/0.2.1
+ [~] URL: http://testfire.net/
+ [~] User agent: Arachni/v0.4.1dev
 
  [*] Audited elements:
  [~] * Links
@@ -1337,26 +2037,24 @@ Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
  [*] Filters:
  [~]   Exclude:
  [~]     (?-mix:logout)
- [~]   Include:
- [~]     (?-mix:.*)
- [~]   Redundant:
-
- [*] Cookies:
- [~]   PHPSESSID = 21698106459076a83e9eaae9cc752b25
 
  [~] ===========================
 
- [+] 1 vulnerabilities were detected.
+ [+] 2 issues were detected.
 
- [+] Cross-Site Scripting (XSS)
+ [+] [1] Cross-Site Scripting (XSS)
  [~] ~~~~~~~~~~~~~~~~~~~~
+ [~] ID Hash:  106295fcfffa8fea3664f8fb27defe5b81f3dfba2b54c5c7f2bcb63b36246359
  [~] Severity: High
- [~] URL:      http://localhost/~zapotek/tests/forms/login.php
- [~] Elements: form
- [~] Variable: xss
+ [~] URL:      http://testfire.net/search.aspx
+ [~] Element:  form
+ [~] Method:   GET
+ [~] Tags:     xss, regexp, injection, script
+ [~] Variable: txtSearch
  [~] Description:
- [~] Client-side code, like JavaScript, can
-                    be injected into the web application.
+ [~] Client-side code (like JavaScript) can
+    be injected into the web application which is then returned to the user's browser.
+    This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
 
  [~] CWE: http://cwe.mitre.org/data/definitions/79.html
 
@@ -1369,22 +2067,126 @@ Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
  [*] Variations
  [~] ----------
  [~] Variation 1:
- [~] URL: http://localhost/~zapotek/tests/forms/login.php
- [~] ID:  <arachni_xss_ccf5b233c901dd3023aac135acd390aef5d111699be6aa646710d5362417496a
- [~] Injected value:     1<arachni_xss_ccf5b233c901dd3023aac135acd390aef5d111699be6aa646710d5362417496a
- [~] Regular expression: (?-mix:<arachni_xss_ccf5b233c901dd3023aac135acd390aef5d111699be6aa646710d5362417496a)
- [~] Matched string:     <arachni_xss_ccf5b233c901dd3023aac135acd390aef5d111699be6aa646710d5362417496a
+ [~] URL: http://testfire.net/search.aspx
+ [~] Injected value:     <some_dangerous_input_0ee58e885a87d988553542c0e6c56bc258b7478d3d7c4157233792539add3ab9/>
+ [~] Regular expression:
+ [~] Matched string:     <some_dangerous_input_0ee58e885a87d988553542c0e6c56bc258b7478d3d7c4157233792539add3ab9/>
 
 
+ [+] [2] Cross-Site Scripting (XSS)
+ [~] ~~~~~~~~~~~~~~~~~~~~
+ [~] ID Hash:  2530b44f891ab1ebbdad206ceff0c82bee2bf038a978ebcb75f4fa34e9dca727
+ [~] Severity: High
+ [~] URL:      http://testfire.net/search.aspx?txtSearch=arachni_text
+ [~] Element:  link
+ [~] Method:   GET
+ [~] Tags:     xss, regexp, injection, script
+ [~] Variable: txtSearch
+ [~] Description:
+ [~] Client-side code (like JavaScript) can
+    be injected into the web application which is then returned to the user's browser.
+    This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
+
+ [~] CWE: http://cwe.mitre.org/data/definitions/79.html
 
+ [~] Requires manual verification?: false
 
- [*] Dumping audit results in '2010-11-24 15:11:50 +0000.afr'.
- [*] Done!
+ [~] References:
+ [~]   ha.ckers - http://ha.ckers.org/xss.html
+ [~]   Secunia - http://secunia.com/advisories/9716/
 
- [~] Sent 20 requests.
- [~] Received and analyzed 20 responses.
- [~] In 00:00:04
- [~] Average: 4 requests/second.
+ [*] Variations
+ [~] ----------
+ [~] Variation 1:
+ [~] URL: http://testfire.net/search.aspx?txtSearch=arachni_text
+ [~] Injected value:     '-;<some_dangerous_input_0ee58e885a87d988553542c0e6c56bc258b7478d3d7c4157233792539add3ab9/>
+ [~] Regular expression:
+ [~] Matched string:     '-;<some_dangerous_input_0ee58e885a87d988553542c0e6c56bc258b7478d3d7c4157233792539add3ab9/>
+
+
+
+ [+] Plugin data:
+ [~] ---------------
+
+
+ [*] Resolver
+ [~] ~~~~~~~~~~~~~~
+ [~] Description: Resolves vulnerable hostnames to IP addresses.
+
+ [~] testfire.net: 65.61.137.117
+
+ [*] Health map
+ [~] ~~~~~~~~~~~~~~
+ [~] Description: Generates a simple list of safe/unsafe URLs.
+
+ [~] Legend:
+ [+] No issues
+ [-] Has issues
+
+ [+] http://testfire.net/
+ [-] http://testfire.net/search.aspx
+ [-] http://testfire.net/search.aspx?txtSearch=arachni_text
+
+ [~] Total: 3
+ [+] Without issues: 1
+ [-] With issues: 2 ( 67% )
+
+ [*] Profiler
+ [~] ~~~~~~~~~~~~~~
+ [~] Description: Examines the behavior of the web application gathering general statistics
+                and performs taint analysis to determine which inputs affect the output.
+
+                It does not perform any vulnerability assessment nor does it send attack payloads.
+
+ [~] Inputs affecting output:
+
+ [+] Form using the 'txtSearch' input at 'http://testfire.net/' pointing to 'http://testfire.net/search.aspx' using 'GET'.
+ [~] It was submitted using the following parameters:
+ [~]   * txtSearch	= arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6
+ [~]
+ [~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6':
+ [~]   * Body
+ [+] Link using the 'txtSearch' input at 'http://testfire.net/search.aspx?txtSearch=arachni_text' pointing to 'http://testfire.net/search.aspx?txtSearch=arachni_text' using 'GET'.
+ [~] It was submitted using the following parameters:
+ [~]   * txtSearch	= arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056
+ [~]
+ [~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056':
+ [~]   * Body
+
+ [*] AutoLogin
+ [~] ~~~~~~~~~~~~~~
+ [~] Description: It looks for the login form in the user provided URL,
+                merges its input fields with the user supplied parameters and sets the cookies
+                of the response and request as framework-wide cookies to be used by the spider later on.
+
+
+ [+] Form submitted successfully.
+ [~] Cookies set to:
+ [~]     * ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55
+ [~]     * amSessionId = 204023334531
+ [~]     * amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ=
+ [~]     * amUserId = 100116014
+ [~]     * amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9
+
+ [~] 100.0% [============================================================>] 100%
+ [~] Est. remaining time: --:--:--
+
+ [~] Crawler has discovered 2 pages.
+ [~] Audit limited to a max of 1 pages -- excluding 1 pages of Trainer feedback.
+
+ [~] Sent 40 requests.
+ [~] Received and analyzed 40 responses.
+ [~] In 00:00:06
+ [~] Average: 6 requests/second.
+
+ [~] Currently auditing           http://testfire.net/search.aspx?txtSearch=arachni_text
+ [~] Burst response time total    0
+ [~] Burst response count total   0
+ [~] Burst average response time  0
+ [~] Burst average                0 requests/second
+ [~] Timed-out requests           0
+ [~] Original max concurrency     20
+ [~] Throttled max concurrency    20
 </code></pre>