Skip to content
GitLab

Command line user interface · Changes

Page history
Updated Command-line-user-interface (markdown) authored by Tasos Laskos's avatar Tasos Laskos
Hide whitespace changes
Inline Side-by-side
guides/user/Command-line-user-interface.md
View page @ 90390dee
......@@ -72,29 +72,6 @@ in the [knowledge base](http://support.arachni-scanner.com/kb/).
* [Example](#verbose_example)
* [Debug (--debug)](#debug)
* [Only positives (--only-positives)](#only-positives)
* [HTTP](#http)
* [User agent (--http-user-agent)](#http-user-agent)
* [Request concurrency (--http-request-concurrency)](#http-request-concurrency)
* [Request timeout (--http-request-timeout)](#http-request-timeout)
* [Request redirect limit (--http-request-redirect-limit)](#http-request-redirect-limit)
* [Request queue size (--http-request-queue-size)](#http-request-queue-size)
* [Request header (--http-request-header)](#http-request-header)
* [Example](#http-request-header_example)
* [Response max size (--http-response-max-size)](#http-response-max-size)
* [Cookie-jar (--http-cookie-jar)](#http-cookie-jar)
* [Cookie string (--http-cookie-string)](#http-cookie-string)
* [Example](#http-cookie-string_example)
* [Authentication username (--http-authentication-username)](#http-authentication-username)
* [Authentication password (--http-authentication-password)](#http-authentication-password)
* [Proxy (--http-proxy)](#http-proxy)
* [Proxy authentication (--http-proxy-authentication)](#http-proxy-authentication)
* [Proxy type (--http-proxy-type)](#http-proxy-type)
* [Session](#session)
* [Login check URL (--login-check-url)](#login-check-url)
* [Login check pattern (--login-check-pattern)](#login-check-pattern)
* [Profiles](#profiles)
* [Save (--profile-save-filepath)](#profile-save-filepath)
* [Load (--profile-load-filepath)](#profile-load-filepath)
* [Scope](#scope)
* [Include (--scope-include-pattern)](#scope-include-pattern)
* [Include subdomains (--scope-include-subdomains)](#scope-include-subdomains)
......@@ -121,6 +98,23 @@ in the [knowledge base](http://support.arachni-scanner.com/kb/).
* [With both methods (--with-both-meth)](#fuzz-methods)
* [Exclude vector (--audit-exclude-vector)](#audit-exclude-vector)
* [Include vector (--audit-include-vector)](#audit-include-vector)
* [HTTP](#http)
* [User agent (--http-user-agent)](#http-user-agent)
* [Request concurrency (--http-request-concurrency)](#http-request-concurrency)
* [Request timeout (--http-request-timeout)](#http-request-timeout)
* [Request redirect limit (--http-request-redirect-limit)](#http-request-redirect-limit)
* [Request queue size (--http-request-queue-size)](#http-request-queue-size)
* [Request header (--http-request-header)](#http-request-header)
* [Example](#http-request-header_example)
* [Response max size (--http-response-max-size)](#http-response-max-size)
* [Cookie-jar (--http-cookie-jar)](#http-cookie-jar)
* [Cookie string (--http-cookie-string)](#http-cookie-string)
* [Example](#http-cookie-string_example)
* [Authentication username (--http-authentication-username)](#http-authentication-username)
* [Authentication password (--http-authentication-password)](#http-authentication-password)
* [Proxy (--http-proxy)](#http-proxy)
* [Proxy authentication (--http-proxy-authentication)](#http-proxy-authentication)
* [Proxy type (--http-proxy-type)](#http-proxy-type)
* [Checks](#checks)
* [List (--checks-list)](#checks-list)
* [Load (--checks)](#checks-checks)
......@@ -134,6 +128,12 @@ in the [knowledge base](http://support.arachni-scanner.com/kb/).
* [Disable fingerprinting (--no-fingerprinting)](#no-fingerprinting)
* [Configure (--platforms)](#platforms-platforms)
* [Example](#platforms-platforms_example)
* [Session](#session)
* [Login check URL (--login-check-url)](#login-check-url)
* [Login check pattern (--login-check-pattern)](#login-check-pattern)
* [Profiles](#profiles)
* [Save (--profile-save-filepath)](#profile-save-filepath)
* [Load (--profile-load-filepath)](#profile-load-filepath)
<h2 id='generic'><a href='#generic'>Generic</a></h2>
......@@ -320,266 +320,32 @@ Cookie: ASP.NET_SessionId=e4h4wy45jmb5vkrg0wl1rj45;amSessionId=15420499882
<h3 id='debug'><a href='#debug'>Debug (--debug)</a></h3>
**Expects**: `integer`
**Default**: `1`
**Multiple invocations?**: `no`
When this flag is enabled the system will output a lot of messages detailing what's happening internally.
The level/detail of the messages can be specified in the form of an integer between `1` and `3`.
If you don't want to be flooded by annoying and obscure messages, you can pipe debugging output to a separate file when running Arachni using:
```
arachni http://example.com --debug 2> debug.log
```
<h3 id='only-positives'><a href='#only-positives'>Only positives (--only-positives)</a></h3>
**Expects**: `<n/a>`
**Default**: `disabled`
**Multiple invocations?**: `no`
This will suppress all messages except for for the ones denoting sucess -- usually regarding the discovery of some issue.
<h2 id='http'><a href='#http'>HTTP</a></h2>
<h3 id='http-user-agent'><a href='#http-user-agent'>User agent (--http-user-agent)</a></h3>
**Expects**: `string`
**Default**: `"Arachni/<version>"`
**Multiple invocations?**: `no`
Specify a value for the `User-Agent` request header field.
<h3 id='http-request-concurrency'><a href='#http-request-concurrency'>Request concurrency (--http-request-concurrency)</a></h3>
**Expects**: `integer`
**Default**: `20`
**Multiple invocations?**: `no`
Sets the maximum amount of requests to be active at any given time; this usually directly translates to the amount of open connections.
**Note**: If your scan seems unresponsive try lowering the limit to easy the server's burden.
**Warning**: Given enough bandwidth and a high enough concurrency setting the scan could cause a DoS.
Be careful when setting this option too high, don't kill your server.
<h3 id='http-request-timeout'><a href='#http-request-timeout'>Request timeout (--http-request-timeout)</a></h3>
**Expects**: `integer (milliseconds)`
**Default**: `50000`
**Multiple invocations?**: `no`
Limit how long the client should wait for a response from the server.
<h3 id='http-request-redirect-limit'><a href='#http-request-redirect-limit'>Request redirect limit (--http-request-redirect-limit)</a></h3>
**Expects**: `integer`
**Default**: `5`
**Multiple invocations?**: `no`
Limits the amount of redirects the client should follow for each request.
<h3 id='http-request-queue-size'><a href='#http-request-queue-size'>Request queue size (--http-request-queue-size)</a></h3>
**Expects**: `integer`
**Default**: `500`
**Multiple invocations?**: `no`
Maximum amount of requests to keep in the client queue.
**Note**: More means better scheduling and better performance, less means less RAM consumption.
<h3 id='http-request-header'><a href='#http-request-header'>Request header (--http-request-header)</a></h3>
**Expects**: `string`
**Default**: `disabled`
**Multiple invocations?**: `yes`
Allows you to specify custom request headers in the form of key-value pairs.
<h4 id='http-request-header_example'><a href='#http-request-header_example'>Example</a></h4>
--http-request-header='field_name=field value'
<h3 id='http-response-max-size'><a href='#http-response-max-size'>Response max size (--http-response-max-size)</a></h3>
**Expects**: `integer`
**Default**: `infinite`
**Multiple invocations?**: `no`
Limits the size of response bodies the client accepts. Essentially, the client will not download bodies of responses which have a `Content-Length` larger than the specified value.
<h3 id='http-cookie-jar'><a href='#http-cookie-jar'>Cookie jar (--http-cookie-jar)</a></h3>
**Expects**: `filepath`
**Default**: `disabled`
**Multiple invocations?**: `no`
Arachni allows you to pass your own cookies in the form of a Netscape cookie-jar file.
If you want to audit restricted parts of a website that are accessible only to logged in users you should pass the session cookies to Arachni.
There's a number of ways to do that, I've found that Firebug's export cookie feature works best.
**Note**: If you don't feel comfortable setting your own cookie-jar, you can use the `proxy` or `autologin` plugins to login to the web application.
<h3 id='http-cookie-string'><a href='#http-cookie-string'>Cookie string (--http-cookie-string)</a></h3>
**Expects**: `string`
**Default**: `disabled`
**Multiple invocations?**: `no`
Cookies, as a string, to be sent to the web application.
<h4 id='http-cookie-string_example'><a href='#http-cookie-string_example'>Example</a></h4>
--http-cookie-string='userid=19;sessionid=deadbeefbabe'
<h3 id='http-authentication-username'><a href='#http-authentication-username'>Authentication username (--http-authentication-username)</a></h3>
**Expects**: `string`
**Default**: `disabled`
**Multiple invocations?**: `no`
Username to use for HTTP authentication.
<h3 id='http-authentication-password'><a href='#http-authentication-password'>Authentication password (--http-authentication-password)</a></h3>
**Expects**: `string`
**Default**: `disabled`
**Multiple invocations?**: `no`
Password to use for HTTP authentication.
<h3 id='http-proxy'><a href='#http-proxy'>Proxy (--http-proxy)</a></h3>
**Expects**: `server:port`
**Default**: `disabled`
**Multiple invocations?**: `no`
Sets a proxy server for the client.
<h3 id='http-proxy-authentication'><a href='#http-proxy-authentication'>Proxy authentication (--http-proxy-auth)</a></h3>
**Expects**: `username:password`
**Default**: `disabled`
**Multiple invocations?**: `no`
Sets authentication credentials for the specified proxy server.
<h3 id='http-proxy-type'><a href='#http-proxy-type'>Proxy type (--http-proxy-type)</a></h3>
**Expects**: `http, http_1_0, socks4, socks5, socks4a`
**Default**: `auto`
**Multiple invocations?**: `no`
Sets the protocol for the specified proxy server.
<h2 id='session'><a href='#session'>Session</a></h2>
<h3 id='login-check-url'><a href='#login-check-url'>Login check URL (--login-check-url)</a></h3>
**Expects**: `string`
**Default**: `disabled`
**Multiple invocations?**: `no`
**Requires**: [login-check-pattern](#login-check-pattern)
The URL passed to this option will be used to verify that the system is still
logged in to the web application.
If the HTTP response body of URL matches the [login-check-pattern](#login-check-pattern)
this should indicate that the system is logged in.
<h3 id='login-check-pattern'><a href='#login-check-pattern'>Login check pattern (--login-check-pattern)</a></h3>
**Expects**: `string`
**Default**: `disabled`
**Multiple invocations?**: `no`
**Requires**: [login-check-url](#login-check-url)
A pattern used against the body of the [login-check-url](#login-check-url) to
verify that the system is still logged in to the web application.
A positive match should indicate that the system is logged in.
<h2 id='profiles'><a href='#profiles'>Profiles</a></h2>
<h3 id='profile-save-filepath'><a href='#profile-save-filepath'>Save (--profile-save-filepath)</a></h3>
**Expects**: `filepath`
**Expects**: `integer`
**Default**: `disabled`
**Default**: `1`
**Multiple invocations?**: `no`
This option allows you to save your current running configuration, all the options passed to Arachni, to an Arachni Framework Profile (`.afp`) file.
When this flag is enabled the system will output a lot of messages detailing what's happening internally.
The level/detail of the messages can be specified in the form of an integer between `1` and `3`.
<h3 id='profile-load-filepath'><a href='#profile-load-filepath'>Load (--profile-load-filepath)</a></h3>
If you don't want to be flooded by annoying and obscure messages, you can pipe debugging output to a separate file when running Arachni using:
**Expects**: `filepath`
```
arachni http://example.com --debug 2> debug.log
```
<h3 id='only-positives'><a href='#only-positives'>Only positives (--only-positives)</a></h3>
**Expects**: `<n/a>`
**Default**: `disabled`
**Multiple invocations?**: `no`
This option allows you to load and run a saved profile.
**Note**: This option does not impede your ability to specify more options or resave the profile.
This will suppress all messages except for for the ones denoting sucess -- usually regarding the discovery of some issue.
<h2 id='scope'><a href='#scope'>Scope</a></h2>
......@@ -896,6 +662,182 @@ Don't audit input vectors whose name matches the pattern.
Only audit input vectors whose name matches the pattern.
<h2 id='http'><a href='#http'>HTTP</a></h2>
<h3 id='http-user-agent'><a href='#http-user-agent'>User agent (--http-user-agent)</a></h3>
**Expects**: `string`
**Default**: `"Arachni/<version>"`
**Multiple invocations?**: `no`
Specify a value for the `User-Agent` request header field.
<h3 id='http-request-concurrency'><a href='#http-request-concurrency'>Request concurrency (--http-request-concurrency)</a></h3>
**Expects**: `integer`
**Default**: `20`
**Multiple invocations?**: `no`
Sets the maximum amount of requests to be active at any given time; this usually directly translates to the amount of open connections.
**Note**: If your scan seems unresponsive try lowering the limit to easy the server's burden.
**Warning**: Given enough bandwidth and a high enough concurrency setting the scan could cause a DoS.
Be careful when setting this option too high, don't kill your server.
<h3 id='http-request-timeout'><a href='#http-request-timeout'>Request timeout (--http-request-timeout)</a></h3>
**Expects**: `integer (milliseconds)`
**Default**: `50000`
**Multiple invocations?**: `no`
Limit how long the client should wait for a response from the server.
<h3 id='http-request-redirect-limit'><a href='#http-request-redirect-limit'>Request redirect limit (--http-request-redirect-limit)</a></h3>
**Expects**: `integer`
**Default**: `5`
**Multiple invocations?**: `no`
Limits the amount of redirects the client should follow for each request.
<h3 id='http-request-queue-size'><a href='#http-request-queue-size'>Request queue size (--http-request-queue-size)</a></h3>
**Expects**: `integer`
**Default**: `500`
**Multiple invocations?**: `no`
Maximum amount of requests to keep in the client queue.
**Note**: More means better scheduling and better performance, less means less RAM consumption.
<h3 id='http-request-header'><a href='#http-request-header'>Request header (--http-request-header)</a></h3>
**Expects**: `string`
**Default**: `disabled`
**Multiple invocations?**: `yes`
Allows you to specify custom request headers in the form of key-value pairs.
<h4 id='http-request-header_example'><a href='#http-request-header_example'>Example</a></h4>
--http-request-header='field_name=field value'
<h3 id='http-response-max-size'><a href='#http-response-max-size'>Response max size (--http-response-max-size)</a></h3>
**Expects**: `integer`
**Default**: `infinite`
**Multiple invocations?**: `no`
Limits the size of response bodies the client accepts. Essentially, the client will not download bodies of responses which have a `Content-Length` larger than the specified value.
<h3 id='http-cookie-jar'><a href='#http-cookie-jar'>Cookie jar (--http-cookie-jar)</a></h3>
**Expects**: `filepath`
**Default**: `disabled`
**Multiple invocations?**: `no`
Arachni allows you to pass your own cookies in the form of a Netscape cookie-jar file.
If you want to audit restricted parts of a website that are accessible only to logged in users you should pass the session cookies to Arachni.
There's a number of ways to do that, I've found that Firebug's export cookie feature works best.
**Note**: If you don't feel comfortable setting your own cookie-jar, you can use the `proxy` or `autologin` plugins to login to the web application.
<h3 id='http-cookie-string'><a href='#http-cookie-string'>Cookie string (--http-cookie-string)</a></h3>
**Expects**: `string`
**Default**: `disabled`
**Multiple invocations?**: `no`
Cookies, as a string, to be sent to the web application.
<h4 id='http-cookie-string_example'><a href='#http-cookie-string_example'>Example</a></h4>
--http-cookie-string='userid=19;sessionid=deadbeefbabe'
<h3 id='http-authentication-username'><a href='#http-authentication-username'>Authentication username (--http-authentication-username)</a></h3>
**Expects**: `string`
**Default**: `disabled`
**Multiple invocations?**: `no`
Username to use for HTTP authentication.
<h3 id='http-authentication-password'><a href='#http-authentication-password'>Authentication password (--http-authentication-password)</a></h3>
**Expects**: `string`
**Default**: `disabled`
**Multiple invocations?**: `no`
Password to use for HTTP authentication.
<h3 id='http-proxy'><a href='#http-proxy'>Proxy (--http-proxy)</a></h3>
**Expects**: `server:port`
**Default**: `disabled`
**Multiple invocations?**: `no`
Sets a proxy server for the client.
<h3 id='http-proxy-authentication'><a href='#http-proxy-authentication'>Proxy authentication (--http-proxy-auth)</a></h3>
**Expects**: `username:password`
**Default**: `disabled`
**Multiple invocations?**: `no`
Sets authentication credentials for the specified proxy server.
<h3 id='http-proxy-type'><a href='#http-proxy-type'>Proxy type (--http-proxy-type)</a></h3>
**Expects**: `http, http_1_0, socks4, socks5, socks4a`
**Default**: `auto`
**Multiple invocations?**: `no`
Sets the protocol for the specified proxy server.
<h2 id='checks'><a href='#checks'>Checks</a></h2>
<h3 id='checks-list'><a href='#checks-list'>List (--checks-list)</a></h3>
......@@ -1014,6 +956,65 @@ Disables platform fingerprinting and results in all audit payloads being sent to
Explicitly sets the platforms for the remote web application. You can use this to help
the system be more efficient in its scan.
<h2 id='session'><a href='#session'>Session</a></h2>
<h3 id='login-check-url'><a href='#login-check-url'>Login check URL (--login-check-url)</a></h3>
**Expects**: `string`
**Default**: `disabled`
**Multiple invocations?**: `no`
**Requires**: [login-check-pattern](#login-check-pattern)
The URL passed to this option will be used to verify that the system is still
logged in to the web application.
If the HTTP response body of URL matches the [login-check-pattern](#login-check-pattern)
this should indicate that the system is logged in.
<h3 id='login-check-pattern'><a href='#login-check-pattern'>Login check pattern (--login-check-pattern)</a></h3>
**Expects**: `string`
**Default**: `disabled`
**Multiple invocations?**: `no`
**Requires**: [login-check-url](#login-check-url)
A pattern used against the body of the [login-check-url](#login-check-url) to
verify that the system is still logged in to the web application.
A positive match should indicate that the system is logged in.
<h2 id='profiles'><a href='#profiles'>Profiles</a></h2>
<h3 id='profile-save-filepath'><a href='#profile-save-filepath'>Save (--profile-save-filepath)</a></h3>
**Expects**: `filepath`
**Default**: `disabled`
**Multiple invocations?**: `no`
This option allows you to save your current running configuration, all the options passed to Arachni, to an Arachni Framework Profile (`.afp`) file.
<h3 id='profile-load-filepath'><a href='#profile-load-filepath'>Load (--profile-load-filepath)</a></h3>
**Expects**: `filepath`
**Default**: `disabled`
**Multiple invocations?**: `no`
This option allows you to load and run a saved profile.
**Note**: This option does not impede your ability to specify more options or resave the profile.
<h2 id='cli_help_output'><a href='#cli_help_output'>CLI Help Output</a></h2>
```
......