... | ... | @@ -118,7 +118,7 @@ h3. Command reference |
|
|
# "Modules":#modules
|
|
|
## "List modules ==(--lsmod)==":#lsmod
|
|
|
##* "Example":#lsmod_example
|
|
|
## "Modules ==(--mods/-m)==":#mods
|
|
|
## "Modules ==(--modules/-m)==":#modules
|
|
|
##* "Example":#mods_example
|
|
|
# "Reports":#reports
|
|
|
## "List reports ==(--lsrep)==":#lsrep
|
... | ... | @@ -150,7 +150,7 @@ When verbosity is enabled Arachni will give you detailed information about what' |
|
|
h4(#verbosity_example). "Example":#verbosity_example
|
|
|
|
|
|
Let's give this a try:
|
|
|
<pre><code>arachni -p --mods=xss http://localhost/zapotek/tests/forms/xss.php</code></pre>
|
|
|
<pre><code>arachni -p --modules=xss http://localhost/zapotek/tests/forms/xss.php</code></pre>
|
|
|
|
|
|
This will load the XSS module and audit all the forms (-p) in "http://localhost/zapotek/tests/forms/xss.php".
|
|
|
|
... | ... | @@ -455,7 +455,7 @@ This option allows you to save your current running configuration, all the optio |
|
|
|
|
|
h4(#save-profile_example). "Example":#save-profile_example
|
|
|
|
|
|
<pre><code>arachni -pv --mods=xss http://site.com/ --save-profile=myprofile</code></pre>
|
|
|
<pre><code>arachni -pv --modules=xss http://site.com/ --save-profile=myprofile</code></pre>
|
|
|
|
|
|
|
|
|
h3(#load-profile). "Load profile ==(--load-profile)==":#load-profile
|
... | ... | @@ -498,7 +498,7 @@ h4(#exclude_example). "Example":#exclude_example |
|
|
In this simple example we tell Arachni to exclude all URLs that contain the string "xss".
|
|
|
Thus no further action was taken.
|
|
|
<pre><code>
|
|
|
$ arachni --mods=xss http://localhost/zapotek/tests/forms/xss.php --exclude=xss
|
|
|
$ arachni --modules=xss http://localhost/zapotek/tests/forms/xss.php --exclude=xss
|
|
|
Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
|
|
|
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
|
|
<zapotek@segfault.gr>
|
... | ... | @@ -861,7 +861,7 @@ Path: /home/zapotek/workspace/arachni/modules/audit/xss_path.rb |
|
|
</code></pre>
|
|
|
|
|
|
|
|
|
h3(#mods). "Modules ==(--mods/-m)==":#mods
|
|
|
h3(#modules). "Modules ==(--modules/-m)==":#modules
|
|
|
|
|
|
*Expects*: modname,modname,... OR '*'
|
|
|
*Default*: '*' -- all modules
|
... | ... | @@ -877,7 +877,7 @@ h4(#mods_example). "Example":#mods_example |
|
|
|
|
|
As CSV:
|
|
|
<pre><code>
|
|
|
$ arachni --mods=xss,sqli,path_traversal http://localhost/
|
|
|
$ arachni --modules=xss,sqli,path_traversal http://localhost/
|
|
|
</code></pre>
|
|
|
|
|
|
All modules:
|
... | ... | @@ -887,7 +887,7 @@ $ arachni http://localhost/ |
|
|
|
|
|
Excluding modules:
|
|
|
<pre><code>
|
|
|
$ arachni --mods=*,-backup_files,-xss http://www.test.com
|
|
|
$ arachni --modules=*,-backup_files,-xss http://www.test.com
|
|
|
</code></pre>
|
|
|
The above will load all modules except for the 'backup_files' and 'xss' modules.
|
|
|
|
... | ... | @@ -1127,7 +1127,7 @@ h4(#report_example). "Example":#report_example |
|
|
|
|
|
Running the HTML report with an outfile option:
|
|
|
<pre><code>
|
|
|
$ arachni --mods=xss http://localhost/~zapotek/tests/forms/xss.php --report=html:outfile=my_html_report.html
|
|
|
$ arachni --modules=xss http://localhost/~zapotek/tests/forms/xss.php --report=html:outfile=my_html_report.html
|
|
|
Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
|
|
|
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
|
|
<zapotek@segfault.gr>
|
... | ... | @@ -1481,7 +1481,7 @@ Arachni - Web Application Security Scanner Framework v0.4.1dev |
|
|
--load-profile=<filepath> Load a run profile from <filepath>.
|
|
|
(Can be used multiple times.)
|
|
|
(You can complement it with more options, except for:
|
|
|
* --mods
|
|
|
* --modules
|
|
|
* --redundant)
|
|
|
|
|
|
--show-profile Will output the running profile as CLI arguments.
|
... | ... | @@ -1581,7 +1581,7 @@ Arachni - Web Application Security Scanner Framework v0.4.1dev |
|
|
etc.
|
|
|
|
|
|
You can exclude modules by prefixing their name with a minus sign:
|
|
|
--mods=*,-backup_files,-xss
|
|
|
--modules=*,-backup_files,-xss
|
|
|
The above will load all modules except for the 'backup_files' and 'xss' modules.
|
|
|
|
|
|
Or mix and match:
|
... | ... | |