... | @@ -72,29 +72,6 @@ in the [knowledge base](http://support.arachni-scanner.com/kb/). |
... | @@ -72,29 +72,6 @@ in the [knowledge base](http://support.arachni-scanner.com/kb/). |
|
* [Example](#verbose_example)
|
|
* [Example](#verbose_example)
|
|
* [Debug (--debug)](#debug)
|
|
* [Debug (--debug)](#debug)
|
|
* [Only positives (--only-positives)](#only-positives)
|
|
* [Only positives (--only-positives)](#only-positives)
|
|
* [HTTP](#http)
|
|
|
|
* [User agent (--http-user-agent)](#http-user-agent)
|
|
|
|
* [Request concurrency (--http-request-concurrency)](#http-request-concurrency)
|
|
|
|
* [Request timeout (--http-request-timeout)](#http-request-timeout)
|
|
|
|
* [Request redirect limit (--http-request-redirect-limit)](#http-request-redirect-limit)
|
|
|
|
* [Request queue size (--http-request-queue-size)](#http-request-queue-size)
|
|
|
|
* [Request header (--http-request-header)](#http-request-header)
|
|
|
|
* [Example](#http-request-header_example)
|
|
|
|
* [Response max size (--http-response-max-size)](#http-response-max-size)
|
|
|
|
* [Cookie-jar (--http-cookie-jar)](#http-cookie-jar)
|
|
|
|
* [Cookie string (--http-cookie-string)](#http-cookie-string)
|
|
|
|
* [Example](#http-cookie-string_example)
|
|
|
|
* [Authentication username (--http-authentication-username)](#http-authentication-username)
|
|
|
|
* [Authentication password (--http-authentication-password)](#http-authentication-password)
|
|
|
|
* [Proxy (--http-proxy)](#http-proxy)
|
|
|
|
* [Proxy authentication (--http-proxy-authentication)](#http-proxy-authentication)
|
|
|
|
* [Proxy type (--http-proxy-type)](#http-proxy-type)
|
|
|
|
* [Session](#session)
|
|
|
|
* [Login check URL (--login-check-url)](#login-check-url)
|
|
|
|
* [Login check pattern (--login-check-pattern)](#login-check-pattern)
|
|
|
|
* [Profiles](#profiles)
|
|
|
|
* [Save (--profile-save-filepath)](#profile-save-filepath)
|
|
|
|
* [Load (--profile-load-filepath)](#profile-load-filepath)
|
|
|
|
* [Scope](#scope)
|
|
* [Scope](#scope)
|
|
* [Include (--scope-include-pattern)](#scope-include-pattern)
|
|
* [Include (--scope-include-pattern)](#scope-include-pattern)
|
|
* [Include subdomains (--scope-include-subdomains)](#scope-include-subdomains)
|
|
* [Include subdomains (--scope-include-subdomains)](#scope-include-subdomains)
|
... | @@ -121,6 +98,23 @@ in the [knowledge base](http://support.arachni-scanner.com/kb/). |
... | @@ -121,6 +98,23 @@ in the [knowledge base](http://support.arachni-scanner.com/kb/). |
|
* [With both methods (--with-both-meth)](#fuzz-methods)
|
|
* [With both methods (--with-both-meth)](#fuzz-methods)
|
|
* [Exclude vector (--audit-exclude-vector)](#audit-exclude-vector)
|
|
* [Exclude vector (--audit-exclude-vector)](#audit-exclude-vector)
|
|
* [Include vector (--audit-include-vector)](#audit-include-vector)
|
|
* [Include vector (--audit-include-vector)](#audit-include-vector)
|
|
|
|
* [HTTP](#http)
|
|
|
|
* [User agent (--http-user-agent)](#http-user-agent)
|
|
|
|
* [Request concurrency (--http-request-concurrency)](#http-request-concurrency)
|
|
|
|
* [Request timeout (--http-request-timeout)](#http-request-timeout)
|
|
|
|
* [Request redirect limit (--http-request-redirect-limit)](#http-request-redirect-limit)
|
|
|
|
* [Request queue size (--http-request-queue-size)](#http-request-queue-size)
|
|
|
|
* [Request header (--http-request-header)](#http-request-header)
|
|
|
|
* [Example](#http-request-header_example)
|
|
|
|
* [Response max size (--http-response-max-size)](#http-response-max-size)
|
|
|
|
* [Cookie-jar (--http-cookie-jar)](#http-cookie-jar)
|
|
|
|
* [Cookie string (--http-cookie-string)](#http-cookie-string)
|
|
|
|
* [Example](#http-cookie-string_example)
|
|
|
|
* [Authentication username (--http-authentication-username)](#http-authentication-username)
|
|
|
|
* [Authentication password (--http-authentication-password)](#http-authentication-password)
|
|
|
|
* [Proxy (--http-proxy)](#http-proxy)
|
|
|
|
* [Proxy authentication (--http-proxy-authentication)](#http-proxy-authentication)
|
|
|
|
* [Proxy type (--http-proxy-type)](#http-proxy-type)
|
|
* [Checks](#checks)
|
|
* [Checks](#checks)
|
|
* [List (--checks-list)](#checks-list)
|
|
* [List (--checks-list)](#checks-list)
|
|
* [Load (--checks)](#checks-checks)
|
|
* [Load (--checks)](#checks-checks)
|
... | @@ -134,6 +128,12 @@ in the [knowledge base](http://support.arachni-scanner.com/kb/). |
... | @@ -134,6 +128,12 @@ in the [knowledge base](http://support.arachni-scanner.com/kb/). |
|
* [Disable fingerprinting (--no-fingerprinting)](#no-fingerprinting)
|
|
* [Disable fingerprinting (--no-fingerprinting)](#no-fingerprinting)
|
|
* [Configure (--platforms)](#platforms-platforms)
|
|
* [Configure (--platforms)](#platforms-platforms)
|
|
* [Example](#platforms-platforms_example)
|
|
* [Example](#platforms-platforms_example)
|
|
|
|
* [Session](#session)
|
|
|
|
* [Login check URL (--login-check-url)](#login-check-url)
|
|
|
|
* [Login check pattern (--login-check-pattern)](#login-check-pattern)
|
|
|
|
* [Profiles](#profiles)
|
|
|
|
* [Save (--profile-save-filepath)](#profile-save-filepath)
|
|
|
|
* [Load (--profile-load-filepath)](#profile-load-filepath)
|
|
|
|
|
|
<h2 id='generic'><a href='#generic'>Generic</a></h2>
|
|
<h2 id='generic'><a href='#generic'>Generic</a></h2>
|
|
|
|
|
... | @@ -320,266 +320,32 @@ Cookie: ASP.NET_SessionId=e4h4wy45jmb5vkrg0wl1rj45;amSessionId=15420499882 |
... | @@ -320,266 +320,32 @@ Cookie: ASP.NET_SessionId=e4h4wy45jmb5vkrg0wl1rj45;amSessionId=15420499882 |
|
|
|
|
|
<h3 id='debug'><a href='#debug'>Debug (--debug)</a></h3>
|
|
<h3 id='debug'><a href='#debug'>Debug (--debug)</a></h3>
|
|
|
|
|
|
**Expects**: `integer`
|
|
**Expects**: `integer`
|
|
|
|
|
|
**Default**: `1`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
When this flag is enabled the system will output a lot of messages detailing what's happening internally.
|
|
|
|
The level/detail of the messages can be specified in the form of an integer between `1` and `3`.
|
|
|
|
|
|
|
|
If you don't want to be flooded by annoying and obscure messages, you can pipe debugging output to a separate file when running Arachni using:
|
|
|
|
|
|
|
|
```
|
|
|
|
arachni http://example.com --debug 2> debug.log
|
|
|
|
```
|
|
|
|
|
|
|
|
<h3 id='only-positives'><a href='#only-positives'>Only positives (--only-positives)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `<n/a>`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
This will suppress all messages except for for the ones denoting sucess -- usually regarding the discovery of some issue.
|
|
|
|
|
|
|
|
<h2 id='http'><a href='#http'>HTTP</a></h2>
|
|
|
|
|
|
|
|
<h3 id='http-user-agent'><a href='#http-user-agent'>User agent (--http-user-agent)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `"Arachni/<version>"`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
Specify a value for the `User-Agent` request header field.
|
|
|
|
|
|
|
|
<h3 id='http-request-concurrency'><a href='#http-request-concurrency'>Request concurrency (--http-request-concurrency)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `integer`
|
|
|
|
|
|
|
|
**Default**: `20`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Sets the maximum amount of requests to be active at any given time; this usually directly translates to the amount of open connections.
|
|
|
|
|
|
|
|
**Note**: If your scan seems unresponsive try lowering the limit to easy the server's burden.
|
|
|
|
|
|
|
|
**Warning**: Given enough bandwidth and a high enough concurrency setting the scan could cause a DoS.
|
|
|
|
Be careful when setting this option too high, don't kill your server.
|
|
|
|
|
|
|
|
<h3 id='http-request-timeout'><a href='#http-request-timeout'>Request timeout (--http-request-timeout)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `integer (milliseconds)`
|
|
|
|
|
|
|
|
**Default**: `50000`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Limit how long the client should wait for a response from the server.
|
|
|
|
|
|
|
|
<h3 id='http-request-redirect-limit'><a href='#http-request-redirect-limit'>Request redirect limit (--http-request-redirect-limit)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `integer`
|
|
|
|
|
|
|
|
**Default**: `5`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Limits the amount of redirects the client should follow for each request.
|
|
|
|
|
|
|
|
<h3 id='http-request-queue-size'><a href='#http-request-queue-size'>Request queue size (--http-request-queue-size)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `integer`
|
|
|
|
|
|
|
|
**Default**: `500`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Maximum amount of requests to keep in the client queue.
|
|
|
|
|
|
|
|
**Note**: More means better scheduling and better performance, less means less RAM consumption.
|
|
|
|
|
|
|
|
<h3 id='http-request-header'><a href='#http-request-header'>Request header (--http-request-header)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `yes`
|
|
|
|
|
|
|
|
|
|
|
|
Allows you to specify custom request headers in the form of key-value pairs.
|
|
|
|
|
|
|
|
<h4 id='http-request-header_example'><a href='#http-request-header_example'>Example</a></h4>
|
|
|
|
|
|
|
|
--http-request-header='field_name=field value'
|
|
|
|
|
|
|
|
<h3 id='http-response-max-size'><a href='#http-response-max-size'>Response max size (--http-response-max-size)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `integer`
|
|
|
|
|
|
|
|
**Default**: `infinite`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Limits the size of response bodies the client accepts. Essentially, the client will not download bodies of responses which have a `Content-Length` larger than the specified value.
|
|
|
|
|
|
|
|
<h3 id='http-cookie-jar'><a href='#http-cookie-jar'>Cookie jar (--http-cookie-jar)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `filepath`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Arachni allows you to pass your own cookies in the form of a Netscape cookie-jar file.
|
|
|
|
If you want to audit restricted parts of a website that are accessible only to logged in users you should pass the session cookies to Arachni.
|
|
|
|
|
|
|
|
There's a number of ways to do that, I've found that Firebug's export cookie feature works best.
|
|
|
|
|
|
|
|
**Note**: If you don't feel comfortable setting your own cookie-jar, you can use the `proxy` or `autologin` plugins to login to the web application.
|
|
|
|
|
|
|
|
<h3 id='http-cookie-string'><a href='#http-cookie-string'>Cookie string (--http-cookie-string)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Cookies, as a string, to be sent to the web application.
|
|
|
|
|
|
|
|
<h4 id='http-cookie-string_example'><a href='#http-cookie-string_example'>Example</a></h4>
|
|
|
|
|
|
|
|
--http-cookie-string='userid=19;sessionid=deadbeefbabe'
|
|
|
|
|
|
|
|
<h3 id='http-authentication-username'><a href='#http-authentication-username'>Authentication username (--http-authentication-username)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Username to use for HTTP authentication.
|
|
|
|
|
|
|
|
<h3 id='http-authentication-password'><a href='#http-authentication-password'>Authentication password (--http-authentication-password)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Password to use for HTTP authentication.
|
|
|
|
|
|
|
|
<h3 id='http-proxy'><a href='#http-proxy'>Proxy (--http-proxy)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `server:port`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Sets a proxy server for the client.
|
|
|
|
|
|
|
|
<h3 id='http-proxy-authentication'><a href='#http-proxy-authentication'>Proxy authentication (--http-proxy-auth)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `username:password`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Sets authentication credentials for the specified proxy server.
|
|
|
|
|
|
|
|
<h3 id='http-proxy-type'><a href='#http-proxy-type'>Proxy type (--http-proxy-type)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `http, http_1_0, socks4, socks5, socks4a`
|
|
|
|
|
|
|
|
**Default**: `auto`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Sets the protocol for the specified proxy server.
|
|
|
|
|
|
|
|
<h2 id='session'><a href='#session'>Session</a></h2>
|
|
|
|
|
|
|
|
<h3 id='login-check-url'><a href='#login-check-url'>Login check URL (--login-check-url)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
**Requires**: [login-check-pattern](#login-check-pattern)
|
|
|
|
|
|
|
|
The URL passed to this option will be used to verify that the system is still
|
|
|
|
logged in to the web application.
|
|
|
|
|
|
|
|
If the HTTP response body of URL matches the [login-check-pattern](#login-check-pattern)
|
|
|
|
this should indicate that the system is logged in.
|
|
|
|
|
|
|
|
<h3 id='login-check-pattern'><a href='#login-check-pattern'>Login check pattern (--login-check-pattern)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
**Requires**: [login-check-url](#login-check-url)
|
|
|
|
|
|
|
|
A pattern used against the body of the [login-check-url](#login-check-url) to
|
|
|
|
verify that the system is still logged in to the web application.
|
|
|
|
|
|
|
|
A positive match should indicate that the system is logged in.
|
|
|
|
|
|
|
|
<h2 id='profiles'><a href='#profiles'>Profiles</a></h2>
|
|
|
|
|
|
|
|
<h3 id='profile-save-filepath'><a href='#profile-save-filepath'>Save (--profile-save-filepath)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `filepath`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
**Default**: `1`
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
This option allows you to save your current running configuration, all the options passed to Arachni, to an Arachni Framework Profile (`.afp`) file.
|
|
When this flag is enabled the system will output a lot of messages detailing what's happening internally.
|
|
|
|
The level/detail of the messages can be specified in the form of an integer between `1` and `3`.
|
|
|
|
|
|
<h3 id='profile-load-filepath'><a href='#profile-load-filepath'>Load (--profile-load-filepath)</a></h3>
|
|
If you don't want to be flooded by annoying and obscure messages, you can pipe debugging output to a separate file when running Arachni using:
|
|
|
|
|
|
**Expects**: `filepath`
|
|
```
|
|
|
|
arachni http://example.com --debug 2> debug.log
|
|
|
|
```
|
|
|
|
|
|
|
|
<h3 id='only-positives'><a href='#only-positives'>Only positives (--only-positives)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `<n/a>`
|
|
|
|
|
|
**Default**: `disabled`
|
|
**Default**: `disabled`
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
This option allows you to load and run a saved profile.
|
|
This will suppress all messages except for for the ones denoting sucess -- usually regarding the discovery of some issue.
|
|
|
|
|
|
**Note**: This option does not impede your ability to specify more options or resave the profile.
|
|
|
|
|
|
|
|
<h2 id='scope'><a href='#scope'>Scope</a></h2>
|
|
<h2 id='scope'><a href='#scope'>Scope</a></h2>
|
|
|
|
|
... | @@ -896,6 +662,182 @@ Don't audit input vectors whose name matches the pattern. |
... | @@ -896,6 +662,182 @@ Don't audit input vectors whose name matches the pattern. |
|
|
|
|
|
Only audit input vectors whose name matches the pattern.
|
|
Only audit input vectors whose name matches the pattern.
|
|
|
|
|
|
|
|
|
|
|
|
<h2 id='http'><a href='#http'>HTTP</a></h2>
|
|
|
|
|
|
|
|
<h3 id='http-user-agent'><a href='#http-user-agent'>User agent (--http-user-agent)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `"Arachni/<version>"`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
Specify a value for the `User-Agent` request header field.
|
|
|
|
|
|
|
|
<h3 id='http-request-concurrency'><a href='#http-request-concurrency'>Request concurrency (--http-request-concurrency)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `integer`
|
|
|
|
|
|
|
|
**Default**: `20`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Sets the maximum amount of requests to be active at any given time; this usually directly translates to the amount of open connections.
|
|
|
|
|
|
|
|
**Note**: If your scan seems unresponsive try lowering the limit to easy the server's burden.
|
|
|
|
|
|
|
|
**Warning**: Given enough bandwidth and a high enough concurrency setting the scan could cause a DoS.
|
|
|
|
Be careful when setting this option too high, don't kill your server.
|
|
|
|
|
|
|
|
<h3 id='http-request-timeout'><a href='#http-request-timeout'>Request timeout (--http-request-timeout)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `integer (milliseconds)`
|
|
|
|
|
|
|
|
**Default**: `50000`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Limit how long the client should wait for a response from the server.
|
|
|
|
|
|
|
|
<h3 id='http-request-redirect-limit'><a href='#http-request-redirect-limit'>Request redirect limit (--http-request-redirect-limit)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `integer`
|
|
|
|
|
|
|
|
**Default**: `5`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Limits the amount of redirects the client should follow for each request.
|
|
|
|
|
|
|
|
<h3 id='http-request-queue-size'><a href='#http-request-queue-size'>Request queue size (--http-request-queue-size)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `integer`
|
|
|
|
|
|
|
|
**Default**: `500`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Maximum amount of requests to keep in the client queue.
|
|
|
|
|
|
|
|
**Note**: More means better scheduling and better performance, less means less RAM consumption.
|
|
|
|
|
|
|
|
<h3 id='http-request-header'><a href='#http-request-header'>Request header (--http-request-header)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `yes`
|
|
|
|
|
|
|
|
|
|
|
|
Allows you to specify custom request headers in the form of key-value pairs.
|
|
|
|
|
|
|
|
<h4 id='http-request-header_example'><a href='#http-request-header_example'>Example</a></h4>
|
|
|
|
|
|
|
|
--http-request-header='field_name=field value'
|
|
|
|
|
|
|
|
<h3 id='http-response-max-size'><a href='#http-response-max-size'>Response max size (--http-response-max-size)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `integer`
|
|
|
|
|
|
|
|
**Default**: `infinite`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Limits the size of response bodies the client accepts. Essentially, the client will not download bodies of responses which have a `Content-Length` larger than the specified value.
|
|
|
|
|
|
|
|
<h3 id='http-cookie-jar'><a href='#http-cookie-jar'>Cookie jar (--http-cookie-jar)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `filepath`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Arachni allows you to pass your own cookies in the form of a Netscape cookie-jar file.
|
|
|
|
If you want to audit restricted parts of a website that are accessible only to logged in users you should pass the session cookies to Arachni.
|
|
|
|
|
|
|
|
There's a number of ways to do that, I've found that Firebug's export cookie feature works best.
|
|
|
|
|
|
|
|
**Note**: If you don't feel comfortable setting your own cookie-jar, you can use the `proxy` or `autologin` plugins to login to the web application.
|
|
|
|
|
|
|
|
<h3 id='http-cookie-string'><a href='#http-cookie-string'>Cookie string (--http-cookie-string)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Cookies, as a string, to be sent to the web application.
|
|
|
|
|
|
|
|
<h4 id='http-cookie-string_example'><a href='#http-cookie-string_example'>Example</a></h4>
|
|
|
|
|
|
|
|
--http-cookie-string='userid=19;sessionid=deadbeefbabe'
|
|
|
|
|
|
|
|
<h3 id='http-authentication-username'><a href='#http-authentication-username'>Authentication username (--http-authentication-username)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Username to use for HTTP authentication.
|
|
|
|
|
|
|
|
<h3 id='http-authentication-password'><a href='#http-authentication-password'>Authentication password (--http-authentication-password)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Password to use for HTTP authentication.
|
|
|
|
|
|
|
|
<h3 id='http-proxy'><a href='#http-proxy'>Proxy (--http-proxy)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `server:port`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Sets a proxy server for the client.
|
|
|
|
|
|
|
|
<h3 id='http-proxy-authentication'><a href='#http-proxy-authentication'>Proxy authentication (--http-proxy-auth)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `username:password`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Sets authentication credentials for the specified proxy server.
|
|
|
|
|
|
|
|
<h3 id='http-proxy-type'><a href='#http-proxy-type'>Proxy type (--http-proxy-type)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `http, http_1_0, socks4, socks5, socks4a`
|
|
|
|
|
|
|
|
**Default**: `auto`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
Sets the protocol for the specified proxy server.
|
|
|
|
|
|
<h2 id='checks'><a href='#checks'>Checks</a></h2>
|
|
<h2 id='checks'><a href='#checks'>Checks</a></h2>
|
|
|
|
|
|
<h3 id='checks-list'><a href='#checks-list'>List (--checks-list)</a></h3>
|
|
<h3 id='checks-list'><a href='#checks-list'>List (--checks-list)</a></h3>
|
... | @@ -1014,6 +956,65 @@ Disables platform fingerprinting and results in all audit payloads being sent to |
... | @@ -1014,6 +956,65 @@ Disables platform fingerprinting and results in all audit payloads being sent to |
|
Explicitly sets the platforms for the remote web application. You can use this to help
|
|
Explicitly sets the platforms for the remote web application. You can use this to help
|
|
the system be more efficient in its scan.
|
|
the system be more efficient in its scan.
|
|
|
|
|
|
|
|
<h2 id='session'><a href='#session'>Session</a></h2>
|
|
|
|
|
|
|
|
<h3 id='login-check-url'><a href='#login-check-url'>Login check URL (--login-check-url)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
**Requires**: [login-check-pattern](#login-check-pattern)
|
|
|
|
|
|
|
|
The URL passed to this option will be used to verify that the system is still
|
|
|
|
logged in to the web application.
|
|
|
|
|
|
|
|
If the HTTP response body of URL matches the [login-check-pattern](#login-check-pattern)
|
|
|
|
this should indicate that the system is logged in.
|
|
|
|
|
|
|
|
<h3 id='login-check-pattern'><a href='#login-check-pattern'>Login check pattern (--login-check-pattern)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `string`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
**Requires**: [login-check-url](#login-check-url)
|
|
|
|
|
|
|
|
A pattern used against the body of the [login-check-url](#login-check-url) to
|
|
|
|
verify that the system is still logged in to the web application.
|
|
|
|
|
|
|
|
A positive match should indicate that the system is logged in.
|
|
|
|
|
|
|
|
<h2 id='profiles'><a href='#profiles'>Profiles</a></h2>
|
|
|
|
|
|
|
|
<h3 id='profile-save-filepath'><a href='#profile-save-filepath'>Save (--profile-save-filepath)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `filepath`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
This option allows you to save your current running configuration, all the options passed to Arachni, to an Arachni Framework Profile (`.afp`) file.
|
|
|
|
|
|
|
|
<h3 id='profile-load-filepath'><a href='#profile-load-filepath'>Load (--profile-load-filepath)</a></h3>
|
|
|
|
|
|
|
|
**Expects**: `filepath`
|
|
|
|
|
|
|
|
**Default**: `disabled`
|
|
|
|
|
|
|
|
**Multiple invocations?**: `no`
|
|
|
|
|
|
|
|
|
|
|
|
This option allows you to load and run a saved profile.
|
|
|
|
|
|
|
|
**Note**: This option does not impede your ability to specify more options or resave the profile.
|
|
|
|
|
|
<h2 id='cli_help_output'><a href='#cli_help_output'>CLI Help Output</a></h2>
|
|
<h2 id='cli_help_output'><a href='#cli_help_output'>CLI Help Output</a></h2>
|
|
|
|
|
|
```
|
|
```
|
... | | ... | |