... | @@ -39,23 +39,23 @@ or any other report type as shown by: |
... | @@ -39,23 +39,23 @@ or any other report type as shown by: |
|
|
|
|
|
$ arachni --lsrep
|
|
$ arachni --lsrep
|
|
|
|
|
|
#### You can make module loading easier by using wildcards (**) and exclusions (-).
|
|
#### You can make module loading easier by using wildcards (*) and exclusions (-).
|
|
|
|
|
|
To load all `xss` modules using a wildcard:
|
|
To load all `xss` modules using a wildcard:
|
|
|
|
|
|
$ arachni http://example.net --modules=xss**
|
|
$ arachni http://example.net --modules=xss*
|
|
|
|
|
|
To load all _audit_ modules using a wildcard:
|
|
To load all _audit_ modules using a wildcard:
|
|
|
|
|
|
$ arachni http://example.net --modules=audit/**
|
|
$ arachni http://example.net --modules=audit/*
|
|
|
|
|
|
To exclude only the _csrf_ module:
|
|
To exclude only the _csrf_ module:
|
|
|
|
|
|
$ arachni http://example.net --modules=**,-csrf
|
|
$ arachni http://example.net --modules=*,-csrf
|
|
|
|
|
|
Or you can mix and match; to run everything but the _xss_ modules:
|
|
Or you can mix and match; to run everything but the _xss_ modules:
|
|
|
|
|
|
$ arachni http://example.net --modules=**,-xss**
|
|
$ arachni http://example.net --modules=*,-xss*
|
|
|
|
|
|
#### Performing a full scan quickly
|
|
#### Performing a full scan quickly
|
|
|
|
|
... | @@ -76,94 +76,94 @@ in your gems path._ |
... | @@ -76,94 +76,94 @@ in your gems path._ |
|
|
|
|
|
[Command Line Interface help output](#cli_help_output)
|
|
[Command Line Interface help output](#cli_help_output)
|
|
|
|
|
|
** [General](#general)
|
|
* [General](#general)
|
|
** [Version (--version)](#version)
|
|
* [Version (--version)](#version)
|
|
** [Verbosity (-v)](#verbosity)
|
|
* [Verbosity (-v)](#verbosity)
|
|
** [Example](#verbosity_example)
|
|
* [Example](#verbosity_example)
|
|
** [Debug mode (--debug)](#debug)
|
|
* [Debug mode (--debug)](#debug)
|
|
** [Only positives (--only-positives)](#only-positives)
|
|
* [Only positives (--only-positives)](#only-positives)
|
|
** [HTTP request limit (--http-req-limit)](#http-req-limit)
|
|
* [HTTP request limit (--http-req-limit)](#http-req-limit)
|
|
** [HTTP request timeout (--http-timeout)](#http-timeout)
|
|
* [HTTP request timeout (--http-timeout)](#http-timeout)
|
|
** [HTTPS only (--https-only)](#https-only)
|
|
* [HTTPS only (--https-only)](#https-only)
|
|
** [Cookie jar (--cookie-jar)](#cookie-jar)
|
|
* [Cookie jar (--cookie-jar)](#cookie-jar)
|
|
** [Cookie string (--cookie-string)](#cookie-string)
|
|
* [Cookie string (--cookie-string)](#cookie-string)
|
|
** [User agent (--user-agent)](#user-agent)
|
|
* [User agent (--user-agent)](#user-agent)
|
|
** [Custom header (--custom-header)](#custom-header)
|
|
* [Custom header (--custom-header)](#custom-header)
|
|
** [Example](#custom-header_example)
|
|
* [Example](#custom-header_example)
|
|
** [Authorized by (--authed-by)](#authed-by)
|
|
* [Authorized by (--authed-by)](#authed-by)
|
|
** [Example](#authed-by_example)
|
|
* [Example](#authed-by_example)
|
|
** [Login check URL (--login-check-url)](#login-check-url)
|
|
* [Login check URL (--login-check-url)](#login-check-url)
|
|
** [Login check pattern (--login-check-pattern)](#login-check-pattern)
|
|
* [Login check pattern (--login-check-pattern)](#login-check-pattern)
|
|
** [Profiles](#profiles)
|
|
* [Profiles](#profiles)
|
|
** [Save profile (--save-profile)](#save-profile)
|
|
* [Save profile (--save-profile)](#save-profile)
|
|
** [Example](#save-profile_example)
|
|
* [Example](#save-profile_example)
|
|
** [Load profile (--load-profile)](#load-profile)
|
|
* [Load profile (--load-profile)](#load-profile)
|
|
** [Example](#load-profile_example)
|
|
* [Example](#load-profile_example)
|
|
** [Show profile (--show-profile)](#show-profile)
|
|
* [Show profile (--show-profile)](#show-profile)
|
|
** [Example](#show-profile_example)
|
|
* [Example](#show-profile_example)
|
|
** [Crawler](#crawler)
|
|
* [Crawler](#crawler)
|
|
** [Exclude (--exclude/-e)](#exclude)
|
|
* [Exclude (--exclude/-e)](#exclude)
|
|
** [Example](#exclude_example)
|
|
* [Example](#exclude_example)
|
|
** [Exclude page by content (--exclude-page)](#exclude-page)
|
|
* [Exclude page by content (--exclude-page)](#exclude-page)
|
|
** [Example](#exclude-page_example)
|
|
* [Example](#exclude-page_example)
|
|
** [Include (--include/-i)](#include)
|
|
* [Include (--include/-i)](#include)
|
|
** [Redundant (--redundant)](#redundant)
|
|
* [Redundant (--redundant)](#redundant)
|
|
** [Audo-redundant (--auto-redundant)](#auto-redundant)
|
|
* [Audo-redundant (--auto-redundant)](#auto-redundant)
|
|
** [Example](#auto-redundant_example)
|
|
* [Example](#auto-redundant_example)
|
|
** [Follow subdomains (-f/--follow-subdomains)](#follow-subdomains)
|
|
* [Follow subdomains (-f/--follow-subdomains)](#follow-subdomains)
|
|
** [Depth limit (--depth)](#depth)
|
|
* [Depth limit (--depth)](#depth)
|
|
** [Link count limit (--link-count)](#link-count)
|
|
* [Link count limit (--link-count)](#link-count)
|
|
** [Redirect limit (--redirect-limit)](#redirect-limit)
|
|
* [Redirect limit (--redirect-limit)](#redirect-limit)
|
|
** [Extend paths (--extend-paths)](#extend-paths)
|
|
* [Extend paths (--extend-paths)](#extend-paths)
|
|
** [Restrict paths (--restrict-paths)](#restrict-paths)
|
|
* [Restrict paths (--restrict-paths)](#restrict-paths)
|
|
** [Auditor](#auditor)
|
|
* [Auditor](#auditor)
|
|
** [Audit links (--audit-links/-g)](#audit-links)
|
|
* [Audit links (--audit-links/-g)](#audit-links)
|
|
** [Audit forms (--audit-forms/-p)](#audit-forms)
|
|
* [Audit forms (--audit-forms/-p)](#audit-forms)
|
|
** [Audit cookies (--audit-cookies/-c)](#audit-cookies)
|
|
* [Audit cookies (--audit-cookies/-c)](#audit-cookies)
|
|
** [Exclude cookie (--exclude-cookie)](#exclude-cookie)
|
|
* [Exclude cookie (--exclude-cookie)](#exclude-cookie)
|
|
** [Exclude vector (--exclude-vector)](#exclude-vector)
|
|
* [Exclude vector (--exclude-vector)](#exclude-vector)
|
|
** [Audit headers (--audit-headers)](#audit-headers)
|
|
* [Audit headers (--audit-headers)](#audit-headers)
|
|
** [Coverage](#coverage)
|
|
* [Coverage](#coverage)
|
|
** [Audit cookies extensively (--audit-cookies-extensively)](#audit-cookies-extensively)
|
|
* [Audit cookies extensively (--audit-cookies-extensively)](#audit-cookies-extensively)
|
|
** [Fuzz methods (--fuzz-methods)](#fuzz-methods)
|
|
* [Fuzz methods (--fuzz-methods)](#fuzz-methods)
|
|
** [Exclude binaries (--exclude-binaries)](#exclude-binaries)
|
|
* [Exclude binaries (--exclude-binaries)](#exclude-binaries)
|
|
** [Modules](#modules)
|
|
* [Modules](#modules)
|
|
** [List modules (--lsmod)](#lsmod)
|
|
* [List modules (--lsmod)](#lsmod)
|
|
** [Example](#lsmod_example)
|
|
* [Example](#lsmod_example)
|
|
** [Modules (--modules/-m)](#modules)
|
|
* [Modules (--modules/-m)](#modules)
|
|
** [Example](#mods_example)
|
|
* [Example](#mods_example)
|
|
** [Reports](#reports)
|
|
* [Reports](#reports)
|
|
** [List reports (--lsrep)](#lsrep)
|
|
* [List reports (--lsrep)](#lsrep)
|
|
** [Example](#lsrep_example)
|
|
* [Example](#lsrep_example)
|
|
** [Load a report (--repload)](#repload)
|
|
* [Load a report (--repload)](#repload)
|
|
** [Example](#repload_example)
|
|
* [Example](#repload_example)
|
|
** [Report (--report)](#report)
|
|
* [Report (--report)](#report)
|
|
** [Example](#report_example)
|
|
* [Example](#report_example)
|
|
** [Plugins](#plugins)
|
|
* [Plugins](#plugins)
|
|
** [List plugins (--lsplug)](#lsplug)
|
|
* [List plugins (--lsplug)](#lsplug)
|
|
** [Example](#lsplug_example)
|
|
* [Example](#lsplug_example)
|
|
** [Load a plugin (--plugin)](#plugin)
|
|
* [Load a plugin (--plugin)](#plugin)
|
|
** [Example](#plugin_example)
|
|
* [Example](#plugin_example)
|
|
** [Proxy](#proxy)
|
|
* [Proxy](#proxy)
|
|
** [Proxy server (--proxy)](#proxy_server)
|
|
* [Proxy server (--proxy)](#proxy_server)
|
|
** [Proxy authentication (--proxy-auth)](#proxy-auth)
|
|
* [Proxy authentication (--proxy-auth)](#proxy-auth)
|
|
** [Proxy type (--proxy-type)](#proxy-type)
|
|
* [Proxy type (--proxy-type)](#proxy-type)
|
|
|
|
|
|
<h2 id='general'><a href='#general'>General</a></h2>
|
|
<h2 id='general'><a href='#general'>General</a></h2>
|
|
|
|
|
|
<h3 id='version'><a href='#version'>Version (--version)</a></h3>
|
|
<h3 id='version'><a href='#version'>Version (--version)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Outputs the Arachni banner and version information.
|
|
Outputs the Arachni banner and version information.
|
|
|
|
|
|
<h3 id='verbosity'><a href='#verbosity'>Verbosity (-v)</a></h3>
|
|
<h3 id='verbosity'><a href='#verbosity'>Verbosity (-v)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
When verbosity is enabled Arachni will give you detailed information about what's going on during the whole process.
|
|
When verbosity is enabled Arachni will give you detailed information about what's going on during the whole process.
|
|
|
|
|
... | @@ -176,14 +176,14 @@ Let's give this a try: |
... | @@ -176,14 +176,14 @@ Let's give this a try: |
|
|
|
|
|
This will load the XSS module and audit all the forms in "http://testfire.net/".
|
|
This will load the XSS module and audit all the forms in "http://testfire.net/".
|
|
|
|
|
|
**Verbose mode disabled**
|
|
*Verbose mode disabled*
|
|
|
|
|
|
Observe that there's no _-v_ flag in the following run.
|
|
Observe that there's no _-v_ flag in the following run.
|
|
_Don't worry about the rest of the parameters right now._
|
|
_Don't worry about the rest of the parameters right now._
|
|
|
|
|
|
**Quick note:**
|
|
*Quick note:*
|
|
Arachni's output messages are classified into several categories, each of them prefixed with a different colored symbol.
|
|
Arachni's output messages are classified into several categories, each of them prefixed with a different colored symbol.
|
|
"[**]" messages are status messages.
|
|
"[*]" messages are status messages.
|
|
"[+]" messages are "ok" messages - positive matches.
|
|
"[+]" messages are "ok" messages - positive matches.
|
|
_I won't bother with coloring during the examples._
|
|
_I won't bother with coloring during the examples._
|
|
|
|
|
... | @@ -198,35 +198,35 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -198,35 +198,35 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
Documentation: http://arachni-scanner.com/wiki
|
|
Documentation: http://arachni-scanner.com/wiki
|
|
|
|
|
|
|
|
|
|
[**] Initialising...
|
|
[*] Initialising...
|
|
[**] Waiting for plugins to settle...
|
|
[*] Waiting for plugins to settle...
|
|
[**] [HTTP: 200] http://testfire.net/
|
|
[*] [HTTP: 200] http://testfire.net/
|
|
[**] Harvesting HTTP responses...
|
|
[*] Harvesting HTTP responses...
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
|
|
|
|
[**] Auditing: [HTTP: 200] http://testfire.net/
|
|
[*] Auditing: [HTTP: 200] http://testfire.net/
|
|
[**] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
|
|
[*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
|
|
[**] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
|
|
[*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
|
|
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] Harvesting HTTP responses...
|
|
[*] Harvesting HTTP responses...
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
[**] Profiler: Analyzing response #3...
|
|
[*] Profiler: Analyzing response #3...
|
|
[~] Trainer: Found 1 new links.
|
|
[~] Trainer: Found 1 new links.
|
|
[**] Profiler: Analyzing response #4...
|
|
[*] Profiler: Analyzing response #4...
|
|
[**] Profiler: Analyzing response #5...
|
|
[*] Profiler: Analyzing response #5...
|
|
[**] XSS: Analyzing response #6...
|
|
[*] XSS: Analyzing response #6...
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[**] XSS: Analyzing response #7...
|
|
[*] XSS: Analyzing response #7...
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[**] XSS: Analyzing response #8...
|
|
[*] XSS: Analyzing response #8...
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
```
|
|
```
|
|
|
|
|
|
|
|
|
|
**Verbose mode enabled**
|
|
*Verbose mode enabled*
|
|
|
|
|
|
See the extra information in this example.
|
|
See the extra information in this example.
|
|
"[v]" messages are verbose messages.
|
|
"[v]" messages are verbose messages.
|
... | @@ -244,34 +244,34 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -244,34 +244,34 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
Documentation: http://arachni-scanner.com/wiki
|
|
Documentation: http://arachni-scanner.com/wiki
|
|
|
|
|
|
|
|
|
|
[**] Initialising...
|
|
[*] Initialising...
|
|
[**] Waiting for plugins to settle...
|
|
[*] Waiting for plugins to settle...
|
|
[**] [HTTP: 200] http://testfire.net/
|
|
[*] [HTTP: 200] http://testfire.net/
|
|
[**] Harvesting HTTP responses...
|
|
[*] Harvesting HTTP responses...
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
|
|
|
|
[**] Auditing: [HTTP: 200] http://testfire.net/
|
|
[*] Auditing: [HTTP: 200] http://testfire.net/
|
|
[**] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
|
|
[*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
|
|
[**] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
|
|
[*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
|
|
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] Harvesting HTTP responses...
|
|
[*] Harvesting HTTP responses...
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
[**] Profiler: Analyzing response #3...
|
|
[*] Profiler: Analyzing response #3...
|
|
[~] Trainer: Found 1 new links.
|
|
[~] Trainer: Found 1 new links.
|
|
[**] Profiler: Analyzing response #4...
|
|
[*] Profiler: Analyzing response #4...
|
|
[**] Profiler: Analyzing response #5...
|
|
[*] Profiler: Analyzing response #5...
|
|
[**] XSS: Analyzing response #6...
|
|
[*] XSS: Analyzing response #6...
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[v] XSS: Injected string: <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
|
|
[v] XSS: Injected string: <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
|
|
[v] XSS: Verified string: <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
|
|
[v] XSS: Verified string: <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
|
|
[**] XSS: Analyzing response #7...
|
|
[*] XSS: Analyzing response #7...
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[v] XSS: Injected string: '-;<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
|
|
[v] XSS: Injected string: '-;<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
|
|
[v] XSS: Verified string: '-;<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
|
|
[v] XSS: Verified string: '-;<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
|
|
[**] XSS: Analyzing response #8...
|
|
[*] XSS: Analyzing response #8...
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[v] XSS: Injected string: --> <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> <!--
|
|
[v] XSS: Injected string: --> <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> <!--
|
|
[v] XSS: Verified string: --> <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> <!--
|
|
[v] XSS: Verified string: --> <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> <!--
|
... | @@ -280,9 +280,9 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -280,9 +280,9 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
<h3 id='debug'><a href='debug'>Debug mode (--debug)</a></h3>
|
|
<h3 id='debug'><a href='debug'>Debug mode (--debug)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
When this flag is enabled the system will output a lot of messages detailing what's happening internally.
|
|
When this flag is enabled the system will output a lot of messages detailing what's happening internally.
|
|
|
|
|
... | @@ -333,7 +333,7 @@ $ cat debug.log |
... | @@ -333,7 +333,7 @@ $ cat debug.log |
|
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
|
|
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
|
|
[!] Method: post
|
|
[!] Method: post
|
|
[!] Params: {"xss"=>""}
|
|
[!] Params: {"xss"=>""}
|
|
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
|
|
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
|
|
[!] Train?: true
|
|
[!] Train?: true
|
|
[!] ------------
|
|
[!] ------------
|
|
[!] XSS: Current audit ID: XSS:http://localhost/~zapotek/tests/forms/xss.php:form:["xss"]=__sample_values__
|
|
[!] XSS: Current audit ID: XSS:http://localhost/~zapotek/tests/forms/xss.php:form:["xss"]=__sample_values__
|
... | @@ -345,7 +345,7 @@ $ cat debug.log |
... | @@ -345,7 +345,7 @@ $ cat debug.log |
|
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
|
|
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
|
|
[!] Method: post
|
|
[!] Method: post
|
|
[!] Params: {"xss"=>"1"}
|
|
[!] Params: {"xss"=>"1"}
|
|
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
|
|
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
|
|
[!] Train?: true
|
|
[!] Train?: true
|
|
[!] ------------
|
|
[!] ------------
|
|
[!] ------------
|
|
[!] ------------
|
... | @@ -354,7 +354,7 @@ $ cat debug.log |
... | @@ -354,7 +354,7 @@ $ cat debug.log |
|
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
|
|
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
|
|
[!] Method: post
|
|
[!] Method: post
|
|
[!] Params: {"xss"=>"1<arachni_xss_5e2e830ed4f831cb30df6df05151022b94cd27991b459ae8c3b349e2bbd2dad1\x00"}
|
|
[!] Params: {"xss"=>"1<arachni_xss_5e2e830ed4f831cb30df6df05151022b94cd27991b459ae8c3b349e2bbd2dad1\x00"}
|
|
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
|
|
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
|
|
[!] Train?: false
|
|
[!] Train?: false
|
|
[!] ------------
|
|
[!] ------------
|
|
[!] ------------
|
|
[!] ------------
|
... | @@ -363,7 +363,7 @@ $ cat debug.log |
... | @@ -363,7 +363,7 @@ $ cat debug.log |
|
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
|
|
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
|
|
[!] Method: post
|
|
[!] Method: post
|
|
[!] Params: {"xss"=>"1<arachni_xss_5e2e830ed4f831cb30df6df05151022b94cd27991b459ae8c3b349e2bbd2dad1\x00"}
|
|
[!] Params: {"xss"=>"1<arachni_xss_5e2e830ed4f831cb30df6df05151022b94cd27991b459ae8c3b349e2bbd2dad1\x00"}
|
|
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
|
|
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
|
|
[!] Train?: false
|
|
[!] Train?: false
|
|
[!] ------------
|
|
[!] ------------
|
|
[!] XSS: Request ID: 2
|
|
[!] XSS: Request ID: 2
|
... | @@ -373,7 +373,7 @@ $ cat debug.log |
... | @@ -373,7 +373,7 @@ $ cat debug.log |
|
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
|
|
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
|
|
[!] Method: post
|
|
[!] Method: post
|
|
[!] Params: {"xss"=>""}
|
|
[!] Params: {"xss"=>""}
|
|
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
|
|
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
|
|
[!] Train?: true
|
|
[!] Train?: true
|
|
[!] ------------
|
|
[!] ------------
|
|
[!] Trainer: Started for response with request ID: #0
|
|
[!] Trainer: Started for response with request ID: #0
|
... | @@ -384,7 +384,7 @@ $ cat debug.log |
... | @@ -384,7 +384,7 @@ $ cat debug.log |
|
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
|
|
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
|
|
[!] Method: post
|
|
[!] Method: post
|
|
[!] Params: {"xss"=>"1"}
|
|
[!] Params: {"xss"=>"1"}
|
|
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
|
|
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
|
|
[!] Train?: true
|
|
[!] Train?: true
|
|
[!] ------------
|
|
[!] ------------
|
|
[!] Trainer: Started for response with request ID: #1
|
|
[!] Trainer: Started for response with request ID: #1
|
... | @@ -394,46 +394,46 @@ $ cat debug.log |
... | @@ -394,46 +394,46 @@ $ cat debug.log |
|
|
|
|
|
<h3 id='only-positives'><a href='#only-positives'>Only positives (--only-positives)</a></h3>
|
|
<h3 id='only-positives'><a href='#only-positives'>Only positives (--only-positives)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
This will suppress all messages except for positive matches -- vulnerabilities.
|
|
This will suppress all messages except for positive matches -- vulnerabilities.
|
|
|
|
|
|
<h3 id='http-req-limit'><a href='#http-req-limit'>HTTP request limit (--http-req-limit)</a></h3>
|
|
<h3 id='http-req-limit'><a href='#http-req-limit'>HTTP request limit (--http-req-limit)</a></h3>
|
|
|
|
|
|
**Expects**: integer
|
|
*Expects*: integer
|
|
**Default**: 60
|
|
*Default*: 60
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Limit how many concurrent HTTP request are sent.
|
|
Limit how many concurrent HTTP request are sent.
|
|
|
|
|
|
**Note**: If your scan seems unresponsive try lowering the limit.
|
|
*Note*: If your scan seems unresponsive try lowering the limit.
|
|
**Warning**: Given enough bandwidth and a high limit it could cause a DoS.
|
|
*Warning*: Given enough bandwidth and a high limit it could cause a DoS.
|
|
Be careful when setting this option too high, don't kill your server.
|
|
Be careful when setting this option too high, don't kill your server.
|
|
|
|
|
|
<h3 id='http-timeout'><a href='#http-timeout'>HTTP timeout (--http-timeout)</a></h3>
|
|
<h3 id='http-timeout'><a href='#http-timeout'>HTTP timeout (--http-timeout)</a></h3>
|
|
|
|
|
|
**Expects**: integer (milliseconds)
|
|
*Expects*: integer (milliseconds)
|
|
**Default**: 50000
|
|
*Default*: 50000
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Limit how long the HTTP client should wait for a response from the server.
|
|
Limit how long the HTTP client should wait for a response from the server.
|
|
|
|
|
|
<h3 id='https-only'><a href='#https-only'>HTTP timeout (--https-only)</a></h3>
|
|
<h3 id='https-only'><a href='#https-only'>HTTP timeout (--https-only)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Forces the system to only follow HTTPS URLs.
|
|
Forces the system to only follow HTTPS URLs.
|
|
_(Target URL must be an HTTPS one as well.)_
|
|
_(Target URL must be an HTTPS one as well.)_
|
|
|
|
|
|
<h3 id='cookie-jar'><a href='#cookie-jar'>Cookie jar (--cookie-jar)</a></h3>
|
|
<h3 id='cookie-jar'><a href='#cookie-jar'>Cookie jar (--cookie-jar)</a></h3>
|
|
|
|
|
|
**Expects**: cookiejar file
|
|
*Expects*: cookiejar file
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Arachni allows you to pass your own cookies in the form of a Netscape cookie-jar file.
|
|
Arachni allows you to pass your own cookies in the form of a Netscape cookie-jar file.
|
|
If you want to audit restricted parts of a website that are accessible only to logged in users you should pass the session cookies to Arachni.
|
|
If you want to audit restricted parts of a website that are accessible only to logged in users you should pass the session cookies to Arachni.
|
... | @@ -442,13 +442,13 @@ There's a number of ways to do that, I've found that Firebug's export cookie fea |
... | @@ -442,13 +442,13 @@ There's a number of ways to do that, I've found that Firebug's export cookie fea |
|
|
|
|
|
You should also take a look at the _--exclude-cookie_ option discussed later.
|
|
You should also take a look at the _--exclude-cookie_ option discussed later.
|
|
|
|
|
|
**Note**: If you don't feel comfortable setting your own cookie-jar you can use the Proxy or AutoLogin plugin to login to the web application.
|
|
*Note*: If you don't feel comfortable setting your own cookie-jar you can use the Proxy or AutoLogin plugin to login to the web application.
|
|
|
|
|
|
<h3 id='cookie-string'><a href='#cookie-string'>Cookie string (--cookie-string)</a></h3>
|
|
<h3 id='cookie-string'><a href='#cookie-string'>Cookie string (--cookie-string)</a></h3>
|
|
|
|
|
|
**Expects**: string
|
|
*Expects*: string
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Cookies, as a string, to be sent to the web application.
|
|
Cookies, as a string, to be sent to the web application.
|
|
|
|
|
... | @@ -460,18 +460,18 @@ Cookies, as a string, to be sent to the web application. |
... | @@ -460,18 +460,18 @@ Cookies, as a string, to be sent to the web application. |
|
|
|
|
|
<h3 id='user-agent'><a href='#user-agent'>User agent (--user-agent)</a></h3>
|
|
<h3 id='user-agent'><a href='#user-agent'>User agent (--user-agent)</a></h3>
|
|
|
|
|
|
**Expects**: string
|
|
*Expects*: string
|
|
**Default**: "Arachni/<version>"
|
|
*Default*: "Arachni/<version>"
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
You can pass your own user agent string which will be sent to the webserver under audit.
|
|
You can pass your own user agent string which will be sent to the webserver under audit.
|
|
Default is _Arachni/<version>_.
|
|
Default is _Arachni/<version>_.
|
|
|
|
|
|
<h3 id='custom-header'><a href='#custom-header'>Custom header (--custom-header)</a></h3>
|
|
<h3 id='custom-header'><a href='#custom-header'>Custom header (--custom-header)</a></h3>
|
|
|
|
|
|
**Expects**: string
|
|
*Expects*: string
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
Allows you to specify custom headers in the form of key-value pairs.
|
|
Allows you to specify custom headers in the form of key-value pairs.
|
|
|
|
|
... | @@ -484,9 +484,9 @@ Allows you to specify custom headers in the form of key-value pairs. |
... | @@ -484,9 +484,9 @@ Allows you to specify custom headers in the form of key-value pairs. |
|
|
|
|
|
<h3 id='authed-by'><a href='#authed-by'>Authorized by (--authed-by)</a></h3>
|
|
<h3 id='authed-by'><a href='#authed-by'>Authorized by (--authed-by)</a></h3>
|
|
|
|
|
|
**Expects**: string
|
|
*Expects*: string
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
The string passed to this option will be included in the user-agent string and be the value of the "From" HTTP header field.
|
|
The string passed to this option will be included in the user-agent string and be the value of the "From" HTTP header field.
|
|
|
|
|
... | @@ -500,10 +500,10 @@ The _--authed-by_ value should contain information about the person who authoriz |
... | @@ -500,10 +500,10 @@ The _--authed-by_ value should contain information about the person who authoriz |
|
|
|
|
|
<h3 id='login-check-url'><a href='#login-check-url'>Login check URL (--login-check-url)</a></h3>
|
|
<h3 id='login-check-url'><a href='#login-check-url'>Login check URL (--login-check-url)</a></h3>
|
|
|
|
|
|
**Expects**: string
|
|
*Expects*: string
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
**Requires**: "login-check-pattern":#login-check-pattern
|
|
*Requires*: "login-check-pattern":#login-check-pattern
|
|
|
|
|
|
The URL passed to this option will be used to verify that the scanner is still
|
|
The URL passed to this option will be used to verify that the scanner is still
|
|
logged in to the web application.
|
|
logged in to the web application.
|
... | @@ -513,10 +513,10 @@ this should indicate that the scanner is logged in. |
... | @@ -513,10 +513,10 @@ this should indicate that the scanner is logged in. |
|
|
|
|
|
<h3 id='login-check-pattern'><a href='#login-check-pattern'>Login check pattern (--login-check-pattern)</a></h3>
|
|
<h3 id='login-check-pattern'><a href='#login-check-pattern'>Login check pattern (--login-check-pattern)</a></h3>
|
|
|
|
|
|
**Expects**: string
|
|
*Expects*: string
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
**Requires**: "login-check-url":#login-check-url
|
|
*Requires*: "login-check-url":#login-check-url
|
|
|
|
|
|
A pattern used against the body of the "login-check-url":#login-check-url to
|
|
A pattern used against the body of the "login-check-url":#login-check-url to
|
|
verify that the scanner is still logged in to the web application.
|
|
verify that the scanner is still logged in to the web application.
|
... | @@ -527,9 +527,9 @@ A positive match should indicate that the scanner is logged in. |
... | @@ -527,9 +527,9 @@ A positive match should indicate that the scanner is logged in. |
|
|
|
|
|
<h3 id='save-profile'><a href='#save-profile'>Save profile (--save-profile)</a></h3>
|
|
<h3 id='save-profile'><a href='#save-profile'>Save profile (--save-profile)</a></h3>
|
|
|
|
|
|
**Expects**: filename
|
|
*Expects*: filename
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
This option allows you to save your current running configuration, all the options passed to Arachni, to an Arachni Framework Profile (.afp) file.
|
|
This option allows you to save your current running configuration, all the options passed to Arachni, to an Arachni Framework Profile (.afp) file.
|
|
|
|
|
... | @@ -542,9 +542,9 @@ This option allows you to save your current running configuration, all the optio |
... | @@ -542,9 +542,9 @@ This option allows you to save your current running configuration, all the optio |
|
|
|
|
|
<h3 id='load-profile'><a href='#load-profile'>Load profile (--load-profile)</a></h3>
|
|
<h3 id='load-profile'><a href='#load-profile'>Load profile (--load-profile)</a></h3>
|
|
|
|
|
|
**Expects**: Arachni Framework Profile (.afp) file
|
|
*Expects*: Arachni Framework Profile (.afp) file
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
This option allows you to load and run a saved profile.
|
|
This option allows you to load and run a saved profile.
|
|
The load profile option does not restrict your ability to specify more options or even resave the profile.
|
|
The load profile option does not restrict your ability to specify more options or even resave the profile.
|
... | @@ -557,9 +557,9 @@ The load profile option does not restrict your ability to specify more options o |
... | @@ -557,9 +557,9 @@ The load profile option does not restrict your ability to specify more options o |
|
|
|
|
|
<h3 id='show-profile'><a href='#show-profile'>Show profile (--show-profile)</a></h3>
|
|
<h3 id='show-profile'><a href='#show-profile'>Show profile (--show-profile)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
This option will output the running configuration as a string of command line arguments.
|
|
This option will output the running configuration as a string of command line arguments.
|
|
|
|
|
... | @@ -572,9 +572,9 @@ This option will output the running configuration as a string of command line ar |
... | @@ -572,9 +572,9 @@ This option will output the running configuration as a string of command line ar |
|
|
|
|
|
<h3 id='exclude'><a href='#exclude'>Exclude (--exclude/-e)</a></h3>
|
|
<h3 id='exclude'><a href='#exclude'>Exclude (--exclude/-e)</a></h3>
|
|
|
|
|
|
**Expects**: regexp
|
|
*Expects*: regexp
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
The _--exclude_ option expects a regular expression or plain string and excludes URLs matching that expression from the crawling process.
|
|
The _--exclude_ option expects a regular expression or plain string and excludes URLs matching that expression from the crawling process.
|
|
|
|
|
... | @@ -597,13 +597,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -597,13 +597,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[~] No audit options were specified.
|
|
[~] No audit options were specified.
|
|
[~] -> Will audit links, forms and cookies.
|
|
[~] -> Will audit links, forms and cookies.
|
|
|
|
|
|
[**] Initialising...
|
|
[*] Initialising...
|
|
[**] Waiting for plugins to settle...
|
|
[*] Waiting for plugins to settle...
|
|
[**] Resolver: Resolving hostnames...
|
|
[*] Resolver: Resolving hostnames...
|
|
[**] Resolver: Done!
|
|
[*] Resolver: Done!
|
|
|
|
|
|
[**] Dumping audit results in '2012-09-09 02.38.18 +0300.afr'.
|
|
[*] Dumping audit results in '2012-09-09 02.38.18 +0300.afr'.
|
|
[**] Done!
|
|
[*] Done!
|
|
|
|
|
|
|
|
|
|
|
|
|
... | @@ -625,14 +625,14 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -625,14 +625,14 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[~] URL: http://testfire.net/
|
|
[~] URL: http://testfire.net/
|
|
[~] User agent: Arachni/v0.4.2
|
|
[~] User agent: Arachni/v0.4.2
|
|
|
|
|
|
[**] Audited elements:
|
|
[*] Audited elements:
|
|
[~] ** Links
|
|
[~] * Links
|
|
[~] ** Forms
|
|
[~] * Forms
|
|
[~] ** Cookies
|
|
[~] * Cookies
|
|
|
|
|
|
[**] Modules: xss
|
|
[*] Modules: xss
|
|
|
|
|
|
[**] Filters:
|
|
[*] Filters:
|
|
[~] Exclude:
|
|
[~] Exclude:
|
|
[~] (?-mix:testfire)
|
|
[~] (?-mix:testfire)
|
|
|
|
|
... | @@ -668,27 +668,27 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -668,27 +668,27 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
<h3 id='exclude-page'><a href='#exclude-page'>Exclude page by content (--exclude-page)</a></h3>
|
|
<h3 id='exclude-page'><a href='#exclude-page'>Exclude page by content (--exclude-page)</a></h3>
|
|
|
|
|
|
**Expects**: regexp
|
|
*Expects*: regexp
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
The _--exclude-page_ option expects a regular expression or plain string
|
|
The _--exclude-page_ option expects a regular expression or plain string
|
|
and excludes pages whose content matching that expression from the crawl process.
|
|
and excludes pages whose content matching that expression from the crawl process.
|
|
|
|
|
|
<h3 id='include'><a href='#include'>Include (--include/-i)</a></h3>
|
|
<h3 id='include'><a href='#include'>Include (--include/-i)</a></h3>
|
|
|
|
|
|
**Expects**: regexp
|
|
*Expects*: regexp
|
|
**Default**: '.**'
|
|
*Default*: '.*'
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
This is the exact oposite of the _--exclude_ option.
|
|
This is the exact oposite of the _--exclude_ option.
|
|
When a regular expression is passed to the _--include_ option, **only** URLs matching that regular expression will be crawled.
|
|
When a regular expression is passed to the _--include_ option, *only* URLs matching that regular expression will be crawled.
|
|
|
|
|
|
<h3 id='redundant'><a href='#redundant'>Redundant (--redundant)</a></h3>
|
|
<h3 id='redundant'><a href='#redundant'>Redundant (--redundant)</a></h3>
|
|
|
|
|
|
**Expects**: regexp:integer
|
|
*Expects*: regexp:integer
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
The redundant option expects a regular expression and a counter, like so:
|
|
The redundant option expects a regular expression and a counter, like so:
|
|
|
|
|
... | @@ -701,9 +701,9 @@ This option is useful when auditing a website that has a lot of redundant pages |
... | @@ -701,9 +701,9 @@ This option is useful when auditing a website that has a lot of redundant pages |
|
|
|
|
|
<h3 id='auto-redundant'><a href='#auto-redundant'>Auto-redundant (--auto-redundant)</a></h3>
|
|
<h3 id='auto-redundant'><a href='#auto-redundant'>Auto-redundant (--auto-redundant)</a></h3>
|
|
|
|
|
|
**Expects**: integer
|
|
*Expects*: integer
|
|
**Default**: disabled (with a value of 10 if none has been specified)
|
|
*Default*: disabled (with a value of 10 if none has been specified)
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
The auto-redundant option sets the limit of how many URLs with identical parameters
|
|
The auto-redundant option sets the limit of how many URLs with identical parameters
|
|
should be followed.
|
|
should be followed.
|
... | @@ -735,50 +735,50 @@ http://test.com/path.php?stuff=blah&stuff2=1 |
... | @@ -735,50 +735,50 @@ http://test.com/path.php?stuff=blah&stuff2=1 |
|
|
|
|
|
<h3 id='follow-subdomains'><a href='#follow-subdomains'>Follow subdomains (-f/--follow-subdomains)</a></h3>
|
|
<h3 id='follow-subdomains'><a href='#follow-subdomains'>Follow subdomains (-f/--follow-subdomains)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
This flag will cause Arachni to follow links to subdomains.
|
|
This flag will cause Arachni to follow links to subdomains.
|
|
|
|
|
|
<h3 id='depth'><a href='#depth'>Depth limit (--depth)</a></h3>
|
|
<h3 id='depth'><a href='#depth'>Depth limit (--depth)</a></h3>
|
|
|
|
|
|
**Expects**: integer
|
|
*Expects*: integer
|
|
**Default**: infinite
|
|
*Default*: infinite
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
It specifies how deep into the site structure the crawler should go.
|
|
It specifies how deep into the site structure the crawler should go.
|
|
|
|
|
|
<h3 id='link-count'><a href='#link-count'>Link count limit (--link-count)</a></h3>
|
|
<h3 id='link-count'><a href='#link-count'>Link count limit (--link-count)</a></h3>
|
|
|
|
|
|
**Expects**: integer
|
|
*Expects*: integer
|
|
**Default**: infinite
|
|
*Default*: infinite
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
It specifies how many links the crawler should follow.
|
|
It specifies how many links the crawler should follow.
|
|
|
|
|
|
<h3 id='redirect-limit'><a href='#redirect-limit'>Redirect limit (--redirect-limit)</a></h3>
|
|
<h3 id='redirect-limit'><a href='#redirect-limit'>Redirect limit (--redirect-limit)</a></h3>
|
|
|
|
|
|
**Expects**: integer
|
|
*Expects*: integer
|
|
**Default**: infinite
|
|
*Default*: infinite
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
It specifies how many redirects the crawler should follow.
|
|
It specifies how many redirects the crawler should follow.
|
|
|
|
|
|
<h3 id='extend-paths'><a href='#extend-paths'>Extend paths (--extend-paths)</a></h3>
|
|
<h3 id='extend-paths'><a href='#extend-paths'>Extend paths (--extend-paths)</a></h3>
|
|
|
|
|
|
**Expects**: file
|
|
*Expects*: file
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
Allows you to extend the scope of the audit by supplementing the paths discovered by the crawler with the paths in the file.
|
|
Allows you to extend the scope of the audit by supplementing the paths discovered by the crawler with the paths in the file.
|
|
The file must contains one path per line.
|
|
The file must contains one path per line.
|
|
|
|
|
|
<h3 id='restrict-paths'><a href='#restrict-paths'>Restrict paths (--restrict-paths)</a></h3>
|
|
<h3 id='restrict-paths'><a href='#restrict-paths'>Restrict paths (--restrict-paths)</a></h3>
|
|
|
|
|
|
**Expects**: file
|
|
*Expects*: file
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
Uses the paths contained in file instead of performing a crawl.
|
|
Uses the paths contained in file instead of performing a crawl.
|
|
|
|
|
... | @@ -787,100 +787,100 @@ Uses the paths contained in file instead of performing a crawl. |
... | @@ -787,100 +787,100 @@ Uses the paths contained in file instead of performing a crawl. |
|
|
|
|
|
<h3 id='audit-links'><a href='#audit-links'>Audit links (--audit-links/-g)</a></h3>
|
|
<h3 id='audit-links'><a href='#audit-links'>Audit links (--audit-links/-g)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Tells Arachni to audit the link elements of the page and their variables.
|
|
Tells Arachni to audit the link elements of the page and their variables.
|
|
|
|
|
|
<h3 id='audit-forms'><a href='#audit-forms'>Audit forms (--audit-forms/-p)</a></h3>
|
|
<h3 id='audit-forms'><a href='#audit-forms'>Audit forms (--audit-forms/-p)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Tells Arachni to audit the form elements of the page and their inputs.
|
|
Tells Arachni to audit the form elements of the page and their inputs.
|
|
|
|
|
|
<h3 id='audit-cookies'><a href='#audit-cookies'>Audit cookies (--audit-cookies/-c)</a></h3>
|
|
<h3 id='audit-cookies'><a href='#audit-cookies'>Audit cookies (--audit-cookies/-c)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Tells Arachni to audit the cookies of the page.
|
|
Tells Arachni to audit the cookies of the page.
|
|
|
|
|
|
<h3 id='exclude-cookie'><a href='#exclude-cookie'>Exclude cookie (--exclude-cookie)</a></h3>
|
|
<h3 id='exclude-cookie'><a href='#exclude-cookie'>Exclude cookie (--exclude-cookie)</a></h3>
|
|
|
|
|
|
**Expects**: cookie name
|
|
*Expects*: cookie name
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
Tells Arachni to exclude -- not audit -- a cookie by name.
|
|
Tells Arachni to exclude -- not audit -- a cookie by name.
|
|
Usually used to avoid auditing a session ID cookie from the cookie-jar.
|
|
Usually used to avoid auditing a session ID cookie from the cookie-jar.
|
|
|
|
|
|
**Note**: Even if you audit a session cookie Arachni will restore it to its original value right after auditing it.
|
|
*Note*: Even if you audit a session cookie Arachni will restore it to its original value right after auditing it.
|
|
However, some extra cautious websites may invalidate/block the session upon receiving an invalid token.
|
|
However, some extra cautious websites may invalidate/block the session upon receiving an invalid token.
|
|
This is very unlikely but it's better to err on the side of caution.
|
|
This is very unlikely but it's better to err on the side of caution.
|
|
|
|
|
|
<h3 id='exclude-vector'><a href='#exclude-vector'>Exclude cookie (--exclude-vector)</a></h3>
|
|
<h3 id='exclude-vector'><a href='#exclude-vector'>Exclude cookie (--exclude-vector)</a></h3>
|
|
|
|
|
|
**Expects**: input name
|
|
*Expects*: input name
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
Tells Arachni to exclude -- not audit -- an input vector by name.
|
|
Tells Arachni to exclude -- not audit -- an input vector by name.
|
|
|
|
|
|
<h3 id='audit-headers'><a href='#audit-headers'>Audit headers (--audit-headers)</a></h3>
|
|
<h3 id='audit-headers'><a href='#audit-headers'>Audit headers (--audit-headers)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Tells Arachni to audit the HTTP headers of the page.
|
|
Tells Arachni to audit the HTTP headers of the page.
|
|
|
|
|
|
**Note**: Header audits use brute force. Almost all valid HTTP request headers will be audited even if there's no indication that the web app uses them.
|
|
*Note*: Header audits use brute force. Almost all valid HTTP request headers will be audited even if there's no indication that the web app uses them.
|
|
**Warning**: Enabling this option will result in increased requests, maybe by an order of magnitude.
|
|
*Warning*: Enabling this option will result in increased requests, maybe by an order of magnitude.
|
|
|
|
|
|
<h2 id='coverage'><a href='#coverage'>Coverage</a></h2>
|
|
<h2 id='coverage'><a href='#coverage'>Coverage</a></h2>
|
|
|
|
|
|
<h3 id='audit-cookies-extensively'><a href='#audit-cookies-extensively'>Audit cookies extensively (--audit-cookies-extensively)</a></h3>
|
|
<h3 id='audit-cookies-extensively'><a href='#audit-cookies-extensively'>Audit cookies extensively (--audit-cookies-extensively)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
If enabled Arachni will submit all links and forms of the page along with the cookie permutations.
|
|
If enabled Arachni will submit all links and forms of the page along with the cookie permutations.
|
|
|
|
|
|
**Warning**: Will severely increase the scan-time.
|
|
*Warning*: Will severely increase the scan-time.
|
|
|
|
|
|
<h3 id='fuzz-methods'><a href='#fuzz-methods'>Fuzz methods (--fuzz-methods)</a></h3>
|
|
<h3 id='fuzz-methods'><a href='#fuzz-methods'>Fuzz methods (--fuzz-methods)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
If enabled Arachni will submit all links and forms using both the _GET_ and _POST_
|
|
If enabled Arachni will submit all links and forms using both the _GET_ and _POST_
|
|
HTTP request methods.
|
|
HTTP request methods.
|
|
|
|
|
|
**Warning**: Will severely increase the scan-time.
|
|
*Warning*: Will severely increase the scan-time.
|
|
|
|
|
|
<h3 id='exclude-binaries'><a href='#exclude-binaries'>Exclude binaries (--exclude-binaries)</a></h3>
|
|
<h3 id='exclude-binaries'><a href='#exclude-binaries'>Exclude binaries (--exclude-binaries)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Disables inclusion of binary HTTP response bodies in the audit.
|
|
Disables inclusion of binary HTTP response bodies in the audit.
|
|
|
|
|
|
**Note**: Binary content can confuse recon modules that perform pattern matching.
|
|
*Note*: Binary content can confuse recon modules that perform pattern matching.
|
|
|
|
|
|
<h2 id='modules'><a href='#modules'>Modules</a></h2>
|
|
<h2 id='modules'><a href='#modules'>Modules</a></h2>
|
|
|
|
|
|
<h3 id='lsmod'><a href='#lsmod'>List modules (--lsmod)</a></h3>
|
|
<h3 id='lsmod'><a href='#lsmod'>List modules (--lsmod)</a></h3>
|
|
|
|
|
|
**Expects**: regular expression
|
|
*Expects*: regular expression
|
|
**Default**: disabled OR .**
|
|
*Default*: disabled OR .*
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
Tells Arachni to list all available modules based on the regular expressions provided and exit.
|
|
Tells Arachni to list all available modules based on the regular expressions provided and exit.
|
|
|
|
|
... | @@ -908,7 +908,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -908,7 +908,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
[~] Available modules:
|
|
[~] Available modules:
|
|
|
|
|
|
[**] code_injection:
|
|
[*] code_injection:
|
|
--------------------
|
|
--------------------
|
|
Name: Code injection
|
|
Name: Code injection
|
|
Description: It tries to inject code snippets into the
|
|
Description: It tries to inject code snippets into the
|
... | @@ -932,7 +932,7 @@ Targets: |
... | @@ -932,7 +932,7 @@ Targets: |
|
Metasploitable: unix/webapp/arachni_php_eval
|
|
Metasploitable: unix/webapp/arachni_php_eval
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/code_injection.rb
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/code_injection.rb
|
|
|
|
|
|
[**] path_traversal:
|
|
[*] path_traversal:
|
|
--------------------
|
|
--------------------
|
|
Name: PathTraversal
|
|
Name: PathTraversal
|
|
Description: It injects paths of common files (/etc/passwd and boot.ini)
|
|
Description: It injects paths of common files (/etc/passwd and boot.ini)
|
... | @@ -951,7 +951,7 @@ Targets: |
... | @@ -951,7 +951,7 @@ Targets: |
|
Metasploitable: unix/webapp/arachni_path_traversal
|
|
Metasploitable: unix/webapp/arachni_path_traversal
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/path_traversal.rb
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/path_traversal.rb
|
|
|
|
|
|
[**] sqli_blind_rdiff:
|
|
[*] sqli_blind_rdiff:
|
|
--------------------
|
|
--------------------
|
|
Name: Blind (rDiff) SQL Injection
|
|
Name: Blind (rDiff) SQL Injection
|
|
Description: It uses rDiff analysis to decide how different inputs affect
|
|
Description: It uses rDiff analysis to decide how different inputs affect
|
... | @@ -997,7 +997,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -997,7 +997,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
[~] Available modules:
|
|
[~] Available modules:
|
|
|
|
|
|
[**] xss_path:
|
|
[*] xss_path:
|
|
--------------------
|
|
--------------------
|
|
Name: XSSPath
|
|
Name: XSSPath
|
|
Description: Cross-Site Scripting module for path injection
|
|
Description: Cross-Site Scripting module for path injection
|
... | @@ -1016,13 +1016,13 @@ Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/xs |
... | @@ -1016,13 +1016,13 @@ Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/xs |
|
|
|
|
|
<h3 id='modules'><a href='#modules'>Modules (--modules/-m)</a></h3>
|
|
<h3 id='modules'><a href='#modules'>Modules (--modules/-m)</a></h3>
|
|
|
|
|
|
**Expects**: modname,modname,... OR '**'
|
|
*Expects*: modname,modname,... OR '*'
|
|
**Default**: '**' -- all modules
|
|
*Default*: '*' -- all modules
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Tells Arachni which modules to load.
|
|
Tells Arachni which modules to load.
|
|
Modules are referenced by their filename without the '.rb' extension, use '--lsmod' to see all.
|
|
Modules are referenced by their filename without the '.rb' extension, use '--lsmod' to see all.
|
|
You can specify the modules to load as comma separated values (without spaces) or '**' to load all modules.
|
|
You can specify the modules to load as comma separated values (without spaces) or '*' to load all modules.
|
|
You can prevent modules from loading by prefixing their name with a dash (-).
|
|
You can prevent modules from loading by prefixing their name with a dash (-).
|
|
|
|
|
|
|
|
|
... | @@ -1045,7 +1045,7 @@ $ arachni http://localhost/ |
... | @@ -1045,7 +1045,7 @@ $ arachni http://localhost/ |
|
Excluding modules:
|
|
Excluding modules:
|
|
|
|
|
|
```
|
|
```
|
|
$ arachni --modules=**,-backup_files,-xss http://www.test.com
|
|
$ arachni --modules=*,-backup_files,-xss http://www.test.com
|
|
```
|
|
```
|
|
|
|
|
|
The above will load all modules except for the 'backup_files' and 'xss' modules.
|
|
The above will load all modules except for the 'backup_files' and 'xss' modules.
|
... | @@ -1054,9 +1054,9 @@ The above will load all modules except for the 'backup_files' and 'xss' modules. |
... | @@ -1054,9 +1054,9 @@ The above will load all modules except for the 'backup_files' and 'xss' modules. |
|
|
|
|
|
<h3 id='lsrep'><a href='#lsrep'>List reports (--lsrep)</a></h3>
|
|
<h3 id='lsrep'><a href='#lsrep'>List reports (--lsrep)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Lists all available reports.
|
|
Lists all available reports.
|
|
|
|
|
... | @@ -1084,7 +1084,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -1084,7 +1084,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
[~] Available reports:
|
|
[~] Available reports:
|
|
|
|
|
|
[**] yaml:
|
|
[*] yaml:
|
|
--------------------
|
|
--------------------
|
|
Name: YAML Report
|
|
Name: YAML Report
|
|
Description: Exports the audit results as a YAML file.
|
|
Description: Exports the audit results as a YAML file.
|
... | @@ -1098,7 +1098,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1098,7 +1098,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.1
|
|
Version: 0.1.1
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/yaml.rb
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/yaml.rb
|
|
|
|
|
|
[**] txt:
|
|
[*] txt:
|
|
--------------------
|
|
--------------------
|
|
Name: Text report
|
|
Name: Text report
|
|
Description: Exports a report as a plain text file.
|
|
Description: Exports a report as a plain text file.
|
... | @@ -1112,7 +1112,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1112,7 +1112,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.2.1
|
|
Version: 0.2.1
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/txt.rb
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/txt.rb
|
|
|
|
|
|
[**] xml:
|
|
[*] xml:
|
|
--------------------
|
|
--------------------
|
|
Name: XML report
|
|
Name: XML report
|
|
Description: Exports a report as an XML file.
|
|
Description: Exports a report as an XML file.
|
... | @@ -1126,7 +1126,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1126,7 +1126,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.2.2
|
|
Version: 0.2.2
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/xml.rb
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/xml.rb
|
|
|
|
|
|
[**] metareport:
|
|
[*] metareport:
|
|
--------------------
|
|
--------------------
|
|
Name: Metareport
|
|
Name: Metareport
|
|
Description: Creates a file to be used with the Arachni MSF plug-in.
|
|
Description: Creates a file to be used with the Arachni MSF plug-in.
|
... | @@ -1140,7 +1140,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1140,7 +1140,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.1
|
|
Version: 0.1.1
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/metareport.rb
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/metareport.rb
|
|
|
|
|
|
[**] afr:
|
|
[*] afr:
|
|
--------------------
|
|
--------------------
|
|
Name: Arachni Framework Report
|
|
Name: Arachni Framework Report
|
|
Description: Saves the file in the default Arachni Framework Report (.afr) format.
|
|
Description: Saves the file in the default Arachni Framework Report (.afr) format.
|
... | @@ -1154,7 +1154,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1154,7 +1154,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.1
|
|
Version: 0.1.1
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/afr.rb
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/afr.rb
|
|
|
|
|
|
[**] html:
|
|
[*] html:
|
|
--------------------
|
|
--------------------
|
|
Name: HTML Report
|
|
Name: HTML Report
|
|
Description: Exports a report as an HTML document.
|
|
Description: Exports a report as an HTML document.
|
... | @@ -1173,7 +1173,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1173,7 +1173,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.3.1
|
|
Version: 0.3.1
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/html.rb
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/html.rb
|
|
|
|
|
|
[**] ap:
|
|
[*] ap:
|
|
--------------------
|
|
--------------------
|
|
Name: AP
|
|
Name: AP
|
|
Description: Awesome prints an AuditStore hash.
|
|
Description: Awesome prints an AuditStore hash.
|
... | @@ -1181,7 +1181,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1181,7 +1181,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.1
|
|
Version: 0.1.1
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/ap.rb
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/ap.rb
|
|
|
|
|
|
[**] marshal:
|
|
[*] marshal:
|
|
--------------------
|
|
--------------------
|
|
Name: Marshal Report
|
|
Name: Marshal Report
|
|
Description: Exports the audit results as a Marshal file.
|
|
Description: Exports the audit results as a Marshal file.
|
... | @@ -1195,7 +1195,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1195,7 +1195,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.1
|
|
Version: 0.1.1
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/marshal.rb
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/marshal.rb
|
|
|
|
|
|
[**] json:
|
|
[*] json:
|
|
--------------------
|
|
--------------------
|
|
Name: JSON Report
|
|
Name: JSON Report
|
|
Description: Exports the audit results as a JSON file.
|
|
Description: Exports the audit results as a JSON file.
|
... | @@ -1209,7 +1209,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1209,7 +1209,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.1
|
|
Version: 0.1.1
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/json.rb
|
|
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/json.rb
|
|
|
|
|
|
[**] stdout:
|
|
[*] stdout:
|
|
--------------------
|
|
--------------------
|
|
Name: Stdout
|
|
Name: Stdout
|
|
Description: Prints the results to standard output.
|
|
Description: Prints the results to standard output.
|
... | @@ -1221,9 +1221,9 @@ Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/stdout.r |
... | @@ -1221,9 +1221,9 @@ Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/stdout.r |
|
|
|
|
|
<h3 id='repload'><a href='#repload'>Load a report (--repload)</a></h3>
|
|
<h3 id='repload'><a href='#repload'>Load a report (--repload)</a></h3>
|
|
|
|
|
|
**Expects**: Arachni Framework Report (.afr) file
|
|
*Expects*: Arachni Framework Report (.afr) file
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Tells Arachni to load an Arachni Framework Report (.afr) file.
|
|
Tells Arachni to load an Arachni Framework Report (.afr) file.
|
|
You can use this option to load a report file and convert it to another format.
|
|
You can use this option to load a report file and convert it to another format.
|
... | @@ -1264,12 +1264,12 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -1264,12 +1264,12 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[~] URL: http://testfire.net/
|
|
[~] URL: http://testfire.net/
|
|
[~] User agent: Arachni/v0.4.2
|
|
[~] User agent: Arachni/v0.4.2
|
|
|
|
|
|
[**] Audited elements:
|
|
[*] Audited elements:
|
|
[~] ** Forms
|
|
[~] * Forms
|
|
|
|
|
|
[**] Modules: xss
|
|
[*] Modules: xss
|
|
|
|
|
|
[**] Cookies:
|
|
[*] Cookies:
|
|
[~] ASP.NET_SessionId = zdjkcj2t3qdmmw555alngpbm
|
|
[~] ASP.NET_SessionId = zdjkcj2t3qdmmw555alngpbm
|
|
[~] amSessionId = 203429333847
|
|
[~] amSessionId = 203429333847
|
|
|
|
|
... | @@ -1299,7 +1299,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -1299,7 +1299,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[~] ha.ckers - http://ha.ckers.org/xss.html
|
|
[~] ha.ckers - http://ha.ckers.org/xss.html
|
|
[~] Secunia - http://secunia.com/advisories/9716/
|
|
[~] Secunia - http://secunia.com/advisories/9716/
|
|
|
|
|
|
[**] Variations
|
|
[*] Variations
|
|
[~] ----------
|
|
[~] ----------
|
|
[~] Variation 1:
|
|
[~] Variation 1:
|
|
[~] URL: http://testfire.net/search.aspx
|
|
[~] URL: http://testfire.net/search.aspx
|
... | @@ -1313,13 +1313,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -1313,13 +1313,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[~] ---------------
|
|
[~] ---------------
|
|
|
|
|
|
|
|
|
|
[**] Resolver
|
|
[*] Resolver
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] Description: Resolves vulnerable hostnames to IP addresses.
|
|
[~] Description: Resolves vulnerable hostnames to IP addresses.
|
|
|
|
|
|
[~] testfire.net: 65.61.137.117
|
|
[~] testfire.net: 65.61.137.117
|
|
|
|
|
|
[**] Health map
|
|
[*] Health map
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] Description: Generates a simple list of safe/unsafe URLs.
|
|
[~] Description: Generates a simple list of safe/unsafe URLs.
|
|
|
|
|
... | @@ -1334,7 +1334,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -1334,7 +1334,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[+] Without issues: 1
|
|
[+] Without issues: 1
|
|
[-] With issues: 1 ( 50% )
|
|
[-] With issues: 1 ( 50% )
|
|
|
|
|
|
[**] Profiler
|
|
[*] Profiler
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] Description: Examines the behavior of the web application gathering general statistics
|
|
[~] Description: Examines the behavior of the web application gathering general statistics
|
|
and performs taint analysis to determine which inputs affect the output.
|
|
and performs taint analysis to determine which inputs affect the output.
|
... | @@ -1345,10 +1345,10 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -1345,10 +1345,10 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
[+] Form using the 'txtSearch' input at 'http://testfire.net/' pointing to 'http://testfire.net/search.aspx' using 'GET'.
|
|
[+] Form using the 'txtSearch' input at 'http://testfire.net/' pointing to 'http://testfire.net/search.aspx' using 'GET'.
|
|
[~] It was submitted using the following parameters:
|
|
[~] It was submitted using the following parameters:
|
|
[~] ** txtSearch = arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1
|
|
[~] * txtSearch = arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1
|
|
[~]
|
|
[~]
|
|
[~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1':
|
|
[~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1':
|
|
[~] ** Body
|
|
[~] * Body
|
|
```
|
|
```
|
|
|
|
|
|
|
|
|
... | @@ -1366,16 +1366,16 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -1366,16 +1366,16 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
[**] Creating HTML report...
|
|
[*] Creating HTML report...
|
|
[**] Saved in '2012-09-09 02.43.42 +0300.html'.
|
|
[*] Saved in '2012-09-09 02.43.42 +0300.html'.
|
|
```
|
|
```
|
|
|
|
|
|
|
|
|
|
<h3 id='report'><a href='#report'>Report (--report)</a></h3>
|
|
<h3 id='report'><a href='#report'>Report (--report)</a></h3>
|
|
|
|
|
|
**Expects**: repname
|
|
*Expects*: repname
|
|
**Default**: stdout
|
|
*Default*: stdout
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
Tells Arachni which report component to use.
|
|
Tells Arachni which report component to use.
|
|
Reports are referenced by their filename without the '.rb' extension, use '--lsrep' to see all.
|
|
Reports are referenced by their filename without the '.rb' extension, use '--lsrep' to see all.
|
... | @@ -1398,64 +1398,64 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -1398,64 +1398,64 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[~] No audit options were specified.
|
|
[~] No audit options were specified.
|
|
[~] -> Will audit links, forms and cookies.
|
|
[~] -> Will audit links, forms and cookies.
|
|
|
|
|
|
[**] Initialising...
|
|
[*] Initialising...
|
|
[**] Waiting for plugins to settle...
|
|
[*] Waiting for plugins to settle...
|
|
[**] [HTTP: 200] http://testfire.net/
|
|
[*] [HTTP: 200] http://testfire.net/
|
|
[**] Harvesting HTTP responses...
|
|
[*] Harvesting HTTP responses...
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
|
|
|
|
[**] Auditing: [HTTP: 200] http://testfire.net/
|
|
[*] Auditing: [HTTP: 200] http://testfire.net/
|
|
[**] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[*] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[**] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
|
|
[*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
|
|
[**] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
|
|
[*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
|
|
[**] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[*] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[**] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[*] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[**] Harvesting HTTP responses...
|
|
[*] Harvesting HTTP responses...
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
[**] Profiler: Analyzing response #3...
|
|
[*] Profiler: Analyzing response #3...
|
|
[**] Profiler: Analyzing response #4...
|
|
[*] Profiler: Analyzing response #4...
|
|
[~] Trainer: Found 1 new links.
|
|
[~] Trainer: Found 1 new links.
|
|
[**] Profiler: Analyzing response #5...
|
|
[*] Profiler: Analyzing response #5...
|
|
[**] Profiler: Analyzing response #6...
|
|
[*] Profiler: Analyzing response #6...
|
|
[**] XSS: Analyzing response #9...
|
|
[*] XSS: Analyzing response #9...
|
|
[**] XSS: Analyzing response #10...
|
|
[*] XSS: Analyzing response #10...
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[**] XSS: Analyzing response #13...
|
|
[*] XSS: Analyzing response #13...
|
|
[**] XSS: Analyzing response #14...
|
|
[*] XSS: Analyzing response #14...
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[**] XSS: Analyzing response #17...
|
|
[*] XSS: Analyzing response #17...
|
|
[**] XSS: Analyzing response #18...
|
|
[*] XSS: Analyzing response #18...
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[**] Profiler: Analyzing response #8...
|
|
[*] Profiler: Analyzing response #8...
|
|
[**] Profiler: Analyzing response #7...
|
|
[*] Profiler: Analyzing response #7...
|
|
[**] XSS: Analyzing response #12...
|
|
[*] XSS: Analyzing response #12...
|
|
[**] XSS: Analyzing response #11...
|
|
[*] XSS: Analyzing response #11...
|
|
[**] XSS: Analyzing response #15...
|
|
[*] XSS: Analyzing response #15...
|
|
[**] XSS: Analyzing response #16...
|
|
[*] XSS: Analyzing response #16...
|
|
[**] XSS: Analyzing response #19...
|
|
[*] XSS: Analyzing response #19...
|
|
[**] XSS: Analyzing response #20...
|
|
[*] XSS: Analyzing response #20...
|
|
|
|
|
|
[**] Resolver: Resolving hostnames...
|
|
[*] Resolver: Resolving hostnames...
|
|
[**] Resolver: Done!
|
|
[*] Resolver: Done!
|
|
|
|
|
|
[**] Dumping audit results in '2012-09-09 02.45.19 +0300.afr'.
|
|
[*] Dumping audit results in '2012-09-09 02.45.19 +0300.afr'.
|
|
[**] Done!
|
|
[*] Done!
|
|
|
|
|
|
[**] Creating HTML report...
|
|
[*] Creating HTML report...
|
|
[**] Saved in 'my_html_report.html'.
|
|
[*] Saved in 'my_html_report.html'.
|
|
|
|
|
|
[~] 100.0% [>] 100%
|
|
[~] 100.0% [>] 100%
|
|
[~] Est. remaining time: --:--:--
|
|
[~] Est. remaining time: --:--:--
|
... | @@ -1483,9 +1483,9 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -1483,9 +1483,9 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
<h3 id='lsplug'><a href='#lsplug'>List plugins (--lsplug)</a></h3>
|
|
<h3 id='lsplug'><a href='#lsplug'>List plugins (--lsplug)</a></h3>
|
|
|
|
|
|
**Expects**: <n/a>
|
|
*Expects*: <n/a>
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Lists all available plugins.
|
|
Lists all available plugins.
|
|
|
|
|
... | @@ -1513,7 +1513,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -1513,7 +1513,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
[~] Available plugins:
|
|
[~] Available plugins:
|
|
|
|
|
|
[**] resolver:
|
|
[*] resolver:
|
|
--------------------
|
|
--------------------
|
|
Name: Resolver
|
|
Name: Resolver
|
|
Description: Resolves vulnerable hostnames to IP addresses.
|
|
Description: Resolves vulnerable hostnames to IP addresses.
|
... | @@ -1521,7 +1521,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1521,7 +1521,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.1
|
|
Version: 0.1.1
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/resolver.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/resolver.rb
|
|
|
|
|
|
[**] healthmap:
|
|
[*] healthmap:
|
|
--------------------
|
|
--------------------
|
|
Name: Health map
|
|
Name: Health map
|
|
Description: Generates a simple list of safe/unsafe URLs.
|
|
Description: Generates a simple list of safe/unsafe URLs.
|
... | @@ -1529,7 +1529,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1529,7 +1529,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.3
|
|
Version: 0.1.3
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/healthmap.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/healthmap.rb
|
|
|
|
|
|
[**] profiler:
|
|
[*] profiler:
|
|
--------------------
|
|
--------------------
|
|
Name: Profiler
|
|
Name: Profiler
|
|
Description: Examines the behavior of the web application gathering general statistics
|
|
Description: Examines the behavior of the web application gathering general statistics
|
... | @@ -1540,7 +1540,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1540,7 +1540,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.5
|
|
Version: 0.1.5
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/profiler.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/profiler.rb
|
|
|
|
|
|
[**] uniformity:
|
|
[*] uniformity:
|
|
--------------------
|
|
--------------------
|
|
Name: Uniformity (Lack of central sanitization)
|
|
Name: Uniformity (Lack of central sanitization)
|
|
Description: Analyzes the scan results and logs issues which persist across different pages.
|
|
Description: Analyzes the scan results and logs issues which persist across different pages.
|
... | @@ -1550,7 +1550,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1550,7 +1550,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.2
|
|
Version: 0.1.2
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/uniformity.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/uniformity.rb
|
|
|
|
|
|
[**] manual_verification:
|
|
[*] manual_verification:
|
|
--------------------
|
|
--------------------
|
|
Name: Issues requiring manual verification
|
|
Name: Issues requiring manual verification
|
|
Description: The HTTP responses of the issues logged by this plugin exhibit a suspicious pattern
|
|
Description: The HTTP responses of the issues logged by this plugin exhibit a suspicious pattern
|
... | @@ -1561,7 +1561,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1561,7 +1561,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.2
|
|
Version: 0.1.2
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/manual_verification.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/manual_verification.rb
|
|
|
|
|
|
[**] timing_attacks:
|
|
[*] timing_attacks:
|
|
--------------------
|
|
--------------------
|
|
Name: Timing attack anomalies
|
|
Name: Timing attack anomalies
|
|
Description: Analyzes the scan results and logs issues that used timing attacks
|
|
Description: Analyzes the scan results and logs issues that used timing attacks
|
... | @@ -1574,7 +1574,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1574,7 +1574,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.4
|
|
Version: 0.1.4
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/timing_attacks.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/timing_attacks.rb
|
|
|
|
|
|
[**] discovery:
|
|
[*] discovery:
|
|
--------------------
|
|
--------------------
|
|
Name: Discovery module response anomalies
|
|
Name: Discovery module response anomalies
|
|
Description: Analyzes the scan results and identifies issues logged by discovery modules
|
|
Description: Analyzes the scan results and identifies issues logged by discovery modules
|
... | @@ -1586,7 +1586,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1586,7 +1586,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.2
|
|
Version: 0.1.2
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/discovery.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/discovery.rb
|
|
|
|
|
|
[**] autothrottle:
|
|
[*] autothrottle:
|
|
--------------------
|
|
--------------------
|
|
Name: AutoThrottle
|
|
Name: AutoThrottle
|
|
Description: Monitors HTTP response times and automatically
|
|
Description: Monitors HTTP response times and automatically
|
... | @@ -1596,7 +1596,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1596,7 +1596,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.3
|
|
Version: 0.1.3
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/autothrottle.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/autothrottle.rb
|
|
|
|
|
|
[**] content_types:
|
|
[*] content_types:
|
|
--------------------
|
|
--------------------
|
|
Name: Content-types
|
|
Name: Content-types
|
|
Description: Logs content-types of server responses.
|
|
Description: Logs content-types of server responses.
|
... | @@ -1612,7 +1612,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1612,7 +1612,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.4
|
|
Version: 0.1.4
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/content_types.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/defaults/content_types.rb
|
|
|
|
|
|
[**] libnotify:
|
|
[*] libnotify:
|
|
--------------------
|
|
--------------------
|
|
Name: libnotify
|
|
Name: libnotify
|
|
Description: Uses the libnotify library to send notifications for each discovered issue
|
|
Description: Uses the libnotify library to send notifications for each discovered issue
|
... | @@ -1627,7 +1627,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1627,7 +1627,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.1
|
|
Version: 0.1.1
|
|
Path: /home/zapotek/workspace/arachni/plugins/libnotify.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/libnotify.rb
|
|
|
|
|
|
[**] cookie_collector:
|
|
[*] cookie_collector:
|
|
--------------------
|
|
--------------------
|
|
Name: Cookie collector
|
|
Name: Cookie collector
|
|
Description: Monitors and collects cookies while establishing a timeline of changes.
|
|
Description: Monitors and collects cookies while establishing a timeline of changes.
|
... | @@ -1639,15 +1639,15 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1639,15 +1639,15 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.5
|
|
Version: 0.1.5
|
|
Path: /home/zapotek/workspace/arachni/plugins/cookie_collector.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/cookie_collector.rb
|
|
|
|
|
|
[**] proxy:
|
|
[*] proxy:
|
|
--------------------
|
|
--------------------
|
|
Name: Proxy
|
|
Name: Proxy
|
|
Description:
|
|
Description:
|
|
** Gathers data based on user actions and exchanged HTTP
|
|
* Gathers data based on user actions and exchanged HTTP
|
|
traffic and pushes that data to the framework's page-queue to be audited.
|
|
traffic and pushes that data to the framework's page-queue to be audited.
|
|
** Updates the framework cookies with the cookies of the HTTP requests and
|
|
* Updates the framework cookies with the cookies of the HTTP requests and
|
|
responses, thus it can also be used to login to a web application.
|
|
responses, thus it can also be used to login to a web application.
|
|
** Supports SSL interception.
|
|
* Supports SSL interception.
|
|
|
|
|
|
To skip crawling and only audit elements discovered by using the proxy
|
|
To skip crawling and only audit elements discovered by using the proxy
|
|
set '--link-count=0'.
|
|
set '--link-count=0'.
|
... | @@ -1671,7 +1671,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1671,7 +1671,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.2
|
|
Version: 0.2
|
|
Path: /home/zapotek/workspace/arachni/plugins/proxy.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/proxy.rb
|
|
|
|
|
|
[**] beep_notify:
|
|
[*] beep_notify:
|
|
--------------------
|
|
--------------------
|
|
Name: Beep notify
|
|
Name: Beep notify
|
|
Description: It beeps when the scan finishes.
|
|
Description: It beeps when the scan finishes.
|
... | @@ -1690,7 +1690,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1690,7 +1690,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1
|
|
Version: 0.1
|
|
Path: /home/zapotek/workspace/arachni/plugins/beep_notify.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/beep_notify.rb
|
|
|
|
|
|
[**] rescan:
|
|
[*] rescan:
|
|
--------------------
|
|
--------------------
|
|
Name: ReScan
|
|
Name: ReScan
|
|
Description: It uses the AFR report of a previous scan to
|
|
Description: It uses the AFR report of a previous scan to
|
... | @@ -1706,7 +1706,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1706,7 +1706,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.2
|
|
Version: 0.1.2
|
|
Path: /home/zapotek/workspace/arachni/plugins/rescan.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/rescan.rb
|
|
|
|
|
|
[**] http_dicattack:
|
|
[*] http_dicattack:
|
|
--------------------
|
|
--------------------
|
|
Name: HTTP dictionary attacker
|
|
Name: HTTP dictionary attacker
|
|
Description: Uses wordlists to crack password protected directories.
|
|
Description: Uses wordlists to crack password protected directories.
|
... | @@ -1728,15 +1728,15 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1728,15 +1728,15 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.2
|
|
Version: 0.1.2
|
|
Path: /home/zapotek/workspace/arachni/plugins/http_dicattack.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/http_dicattack.rb
|
|
|
|
|
|
[**] vector_feed:
|
|
[*] vector_feed:
|
|
--------------------
|
|
--------------------
|
|
Name: Vector feed
|
|
Name: Vector feed
|
|
Description: Reads in vector data from which it creates elements to be audited.
|
|
Description: Reads in vector data from which it creates elements to be audited.
|
|
Can be used to perform extremely specialized/narrow audits on a per vector/element basis.
|
|
Can be used to perform extremely specialized/narrow audits on a per vector/element basis.
|
|
|
|
|
|
Notes:
|
|
Notes:
|
|
** To only audit the vectors in the feed you must set the 'link-count' limit to 0 to prevent crawling.
|
|
* To only audit the vectors in the feed you must set the 'link-count' limit to 0 to prevent crawling.
|
|
** Can handle multiple YAML documents.
|
|
* Can handle multiple YAML documents.
|
|
|
|
|
|
Example YAML file:
|
|
Example YAML file:
|
|
-
|
|
-
|
... | @@ -1805,7 +1805,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1805,7 +1805,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.2
|
|
Version: 0.1.2
|
|
Path: /home/zapotek/workspace/arachni/plugins/vector_feed.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/vector_feed.rb
|
|
|
|
|
|
[**] script:
|
|
[*] script:
|
|
--------------------
|
|
--------------------
|
|
Name: Script
|
|
Name: Script
|
|
Description: Loads and runs an external Ruby script under the scope of a plugin,
|
|
Description: Loads and runs an external Ruby script under the scope of a plugin,
|
... | @@ -1822,7 +1822,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1822,7 +1822,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.1
|
|
Version: 0.1.1
|
|
Path: /home/zapotek/workspace/arachni/plugins/script.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/script.rb
|
|
|
|
|
|
[**] email_notify:
|
|
[*] email_notify:
|
|
--------------------
|
|
--------------------
|
|
Name: E-mail notify
|
|
Name: E-mail notify
|
|
Description: Sends a notification (and optionally a report) over SMTP at the end of the scan.
|
|
Description: Sends a notification (and optionally a report) over SMTP at the end of the scan.
|
... | @@ -1886,7 +1886,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1886,7 +1886,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.2
|
|
Version: 0.1.2
|
|
Path: /home/zapotek/workspace/arachni/plugins/email_notify.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/email_notify.rb
|
|
|
|
|
|
[**] autologin:
|
|
[*] autologin:
|
|
--------------------
|
|
--------------------
|
|
Name: AutoLogin
|
|
Name: AutoLogin
|
|
Description: It looks for the login form in the user provided URL,
|
|
Description: It looks for the login form in the user provided URL,
|
... | @@ -1914,7 +1914,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1914,7 +1914,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.5
|
|
Version: 0.1.5
|
|
Path: /home/zapotek/workspace/arachni/plugins/autologin.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/autologin.rb
|
|
|
|
|
|
[**] waf_detector:
|
|
[*] waf_detector:
|
|
--------------------
|
|
--------------------
|
|
Name: WAF Detector
|
|
Name: WAF Detector
|
|
Description: Performs basic profiling on the web application
|
|
Description: Performs basic profiling on the web application
|
... | @@ -1937,7 +1937,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
... | @@ -1937,7 +1937,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> |
|
Version: 0.1.2
|
|
Version: 0.1.2
|
|
Path: /home/zapotek/workspace/arachni/plugins/waf_detector.rb
|
|
Path: /home/zapotek/workspace/arachni/plugins/waf_detector.rb
|
|
|
|
|
|
[**] form_dicattack:
|
|
[*] form_dicattack:
|
|
--------------------
|
|
--------------------
|
|
Name: Form dictionary attacker
|
|
Name: Form dictionary attacker
|
|
Description: Uses wordlists to crack login forms.
|
|
Description: Uses wordlists to crack login forms.
|
... | @@ -1979,9 +1979,9 @@ Path: /home/zapotek/workspace/arachni/plugins/form_dicattack.rb |
... | @@ -1979,9 +1979,9 @@ Path: /home/zapotek/workspace/arachni/plugins/form_dicattack.rb |
|
|
|
|
|
<h3 id='plugin'><a href='#plugin'>Plugin (--plugin)</a></h3>
|
|
<h3 id='plugin'><a href='#plugin'>Plugin (--plugin)</a></h3>
|
|
|
|
|
|
**Expects**: plugin name
|
|
*Expects*: plugin name
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: yes
|
|
*Multiple invocations?*: yes
|
|
|
|
|
|
Tells Arachni which plugin components to run.
|
|
Tells Arachni which plugin components to run.
|
|
Plugins are referenced by their filename without the '.rb' extension, use '--lsplug' to see all.
|
|
Plugins are referenced by their filename without the '.rb' extension, use '--lsplug' to see all.
|
... | @@ -2007,95 +2007,95 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2007,95 +2007,95 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[~] No audit options were specified.
|
|
[~] No audit options were specified.
|
|
[~] -> Will audit links, forms and cookies.
|
|
[~] -> Will audit links, forms and cookies.
|
|
|
|
|
|
[**] Initialising...
|
|
[*] Initialising...
|
|
[~] AutoLogin: System paused.
|
|
[~] AutoLogin: System paused.
|
|
[**] Waiting for plugins to settle...
|
|
[*] Waiting for plugins to settle...
|
|
[**] AutoLogin: Found log-in form with name: login
|
|
[*] AutoLogin: Found log-in form with name: login
|
|
[+] AutoLogin: Form submitted successfully.
|
|
[+] AutoLogin: Form submitted successfully.
|
|
[~] AutoLogin: Cookies set to:
|
|
[~] AutoLogin: Cookies set to:
|
|
[~] AutoLogin: ** ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55
|
|
[~] AutoLogin: * ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55
|
|
[~] AutoLogin: ** amSessionId = 204023334531
|
|
[~] AutoLogin: * amSessionId = 204023334531
|
|
[~] AutoLogin: ** amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ=
|
|
[~] AutoLogin: * amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ=
|
|
[~] AutoLogin: ** amUserId = 100116014
|
|
[~] AutoLogin: * amUserId = 100116014
|
|
[~] AutoLogin: ** amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9
|
|
[~] AutoLogin: * amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9
|
|
[**] [HTTP: 200] http://testfire.net/
|
|
[*] [HTTP: 200] http://testfire.net/
|
|
[**] Harvesting HTTP responses...
|
|
[*] Harvesting HTTP responses...
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
|
|
|
|
[**] Auditing: [HTTP: 200] http://testfire.net/
|
|
[*] Auditing: [HTTP: 200] http://testfire.net/
|
|
[**] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[*] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[**] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
|
|
[*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
|
|
[**] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
|
|
[*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
|
|
[**] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[*] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[**] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[*] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[**] Profiler: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
|
|
[*] Profiler: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
|
|
[**] Profiler: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
|
|
[*] Profiler: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
|
|
[**] Profiler: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
|
|
[*] Profiler: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
|
|
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
|
|
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
|
|
[**] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
|
|
[*] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
|
|
[**] Harvesting HTTP responses...
|
|
[*] Harvesting HTTP responses...
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
[~] Depending on server responsiveness and network conditions this may take a while.
|
|
[**] Profiler: Analyzing response #6...
|
|
[*] Profiler: Analyzing response #6...
|
|
[**] Profiler: Analyzing response #7...
|
|
[*] Profiler: Analyzing response #7...
|
|
[**] XSS: Analyzing response #26...
|
|
[*] XSS: Analyzing response #26...
|
|
[**] XSS: Analyzing response #27...
|
|
[*] XSS: Analyzing response #27...
|
|
[~] Trainer: Found 1 new links.
|
|
[~] Trainer: Found 1 new links.
|
|
[**] Profiler: Analyzing response #9...
|
|
[*] Profiler: Analyzing response #9...
|
|
[**] Profiler: Analyzing response #8...
|
|
[*] Profiler: Analyzing response #8...
|
|
[**] XSS: Analyzing response #28...
|
|
[*] XSS: Analyzing response #28...
|
|
[**] XSS: Analyzing response #15...
|
|
[*] XSS: Analyzing response #15...
|
|
[**] XSS: Analyzing response #16...
|
|
[*] XSS: Analyzing response #16...
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[**] XSS: Analyzing response #22...
|
|
[*] XSS: Analyzing response #22...
|
|
[**] XSS: Analyzing response #30...
|
|
[*] XSS: Analyzing response #30...
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[**] Profiler: Analyzing response #10...
|
|
[*] Profiler: Analyzing response #10...
|
|
[**] XSS: Analyzing response #31...
|
|
[*] XSS: Analyzing response #31...
|
|
[**] XSS: Analyzing response #32...
|
|
[*] XSS: Analyzing response #32...
|
|
[**] Profiler: Analyzing response #11...
|
|
[*] Profiler: Analyzing response #11...
|
|
[**] Profiler: Analyzing response #12...
|
|
[*] Profiler: Analyzing response #12...
|
|
[**] Profiler: Analyzing response #14...
|
|
[*] Profiler: Analyzing response #14...
|
|
[**] Profiler: Analyzing response #13...
|
|
[*] Profiler: Analyzing response #13...
|
|
[**] XSS: Analyzing response #33...
|
|
[*] XSS: Analyzing response #33...
|
|
[**] XSS: Analyzing response #17...
|
|
[*] XSS: Analyzing response #17...
|
|
[**] XSS: Analyzing response #18...
|
|
[*] XSS: Analyzing response #18...
|
|
[**] XSS: Analyzing response #19...
|
|
[*] XSS: Analyzing response #19...
|
|
[**] XSS: Analyzing response #34...
|
|
[*] XSS: Analyzing response #34...
|
|
[**] XSS: Analyzing response #20...
|
|
[*] XSS: Analyzing response #20...
|
|
[**] XSS: Analyzing response #21...
|
|
[*] XSS: Analyzing response #21...
|
|
[**] XSS: Analyzing response #23...
|
|
[*] XSS: Analyzing response #23...
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
|
|
[**] XSS: Analyzing response #35...
|
|
[*] XSS: Analyzing response #35...
|
|
[**] XSS: Analyzing response #24...
|
|
[*] XSS: Analyzing response #24...
|
|
[**] XSS: Analyzing response #25...
|
|
[*] XSS: Analyzing response #25...
|
|
[**] XSS: Analyzing response #29...
|
|
[*] XSS: Analyzing response #29...
|
|
|
|
|
|
[**] Resolver: Resolving hostnames...
|
|
[*] Resolver: Resolving hostnames...
|
|
[**] Resolver: Done!
|
|
[*] Resolver: Done!
|
|
|
|
|
|
|
|
|
|
[**] Dumping audit results in '2012-09-09 02.48.17 +0300.afr'.
|
|
[*] Dumping audit results in '2012-09-09 02.48.17 +0300.afr'.
|
|
[**] Done!
|
|
[*] Done!
|
|
|
|
|
|
|
|
|
|
|
|
|
... | @@ -2117,14 +2117,14 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2117,14 +2117,14 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[~] URL: http://testfire.net/
|
|
[~] URL: http://testfire.net/
|
|
[~] User agent: Arachni/v0.4.2
|
|
[~] User agent: Arachni/v0.4.2
|
|
|
|
|
|
[**] Audited elements:
|
|
[*] Audited elements:
|
|
[~] ** Links
|
|
[~] * Links
|
|
[~] ** Forms
|
|
[~] * Forms
|
|
[~] ** Cookies
|
|
[~] * Cookies
|
|
|
|
|
|
[**] Modules: xss
|
|
[*] Modules: xss
|
|
|
|
|
|
[**] Filters:
|
|
[*] Filters:
|
|
[~] Exclude:
|
|
[~] Exclude:
|
|
[~] (?-mix:logout)
|
|
[~] (?-mix:logout)
|
|
|
|
|
... | @@ -2154,7 +2154,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2154,7 +2154,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[~] ha.ckers - http://ha.ckers.org/xss.html
|
|
[~] ha.ckers - http://ha.ckers.org/xss.html
|
|
[~] Secunia - http://secunia.com/advisories/9716/
|
|
[~] Secunia - http://secunia.com/advisories/9716/
|
|
|
|
|
|
[**] Variations
|
|
[*] Variations
|
|
[~] ----------
|
|
[~] ----------
|
|
[~] Variation 1:
|
|
[~] Variation 1:
|
|
[~] URL: http://testfire.net/search.aspx
|
|
[~] URL: http://testfire.net/search.aspx
|
... | @@ -2185,7 +2185,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2185,7 +2185,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[~] ha.ckers - http://ha.ckers.org/xss.html
|
|
[~] ha.ckers - http://ha.ckers.org/xss.html
|
|
[~] Secunia - http://secunia.com/advisories/9716/
|
|
[~] Secunia - http://secunia.com/advisories/9716/
|
|
|
|
|
|
[**] Variations
|
|
[*] Variations
|
|
[~] ----------
|
|
[~] ----------
|
|
[~] Variation 1:
|
|
[~] Variation 1:
|
|
[~] URL: http://testfire.net/search.aspx?txtSearch=arachni_text
|
|
[~] URL: http://testfire.net/search.aspx?txtSearch=arachni_text
|
... | @@ -2199,13 +2199,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2199,13 +2199,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[~] ---------------
|
|
[~] ---------------
|
|
|
|
|
|
|
|
|
|
[**] Resolver
|
|
[*] Resolver
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] Description: Resolves vulnerable hostnames to IP addresses.
|
|
[~] Description: Resolves vulnerable hostnames to IP addresses.
|
|
|
|
|
|
[~] testfire.net: 65.61.137.117
|
|
[~] testfire.net: 65.61.137.117
|
|
|
|
|
|
[**] Health map
|
|
[*] Health map
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] Description: Generates a simple list of safe/unsafe URLs.
|
|
[~] Description: Generates a simple list of safe/unsafe URLs.
|
|
|
|
|
... | @@ -2221,7 +2221,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2221,7 +2221,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
[+] Without issues: 1
|
|
[+] Without issues: 1
|
|
[-] With issues: 2 ( 67% )
|
|
[-] With issues: 2 ( 67% )
|
|
|
|
|
|
[**] Profiler
|
|
[*] Profiler
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] Description: Examines the behavior of the web application gathering general statistics
|
|
[~] Description: Examines the behavior of the web application gathering general statistics
|
|
and performs taint analysis to determine which inputs affect the output.
|
|
and performs taint analysis to determine which inputs affect the output.
|
... | @@ -2232,18 +2232,18 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2232,18 +2232,18 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
[+] Form using the 'txtSearch' input at 'http://testfire.net/' pointing to 'http://testfire.net/search.aspx' using 'GET'.
|
|
[+] Form using the 'txtSearch' input at 'http://testfire.net/' pointing to 'http://testfire.net/search.aspx' using 'GET'.
|
|
[~] It was submitted using the following parameters:
|
|
[~] It was submitted using the following parameters:
|
|
[~] ** txtSearch = arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6
|
|
[~] * txtSearch = arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6
|
|
[~]
|
|
[~]
|
|
[~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6':
|
|
[~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6':
|
|
[~] ** Body
|
|
[~] * Body
|
|
[+] Link using the 'txtSearch' input at 'http://testfire.net/search.aspx?txtSearch=arachni_text' pointing to 'http://testfire.net/search.aspx?txtSearch=arachni_text' using 'GET'.
|
|
[+] Link using the 'txtSearch' input at 'http://testfire.net/search.aspx?txtSearch=arachni_text' pointing to 'http://testfire.net/search.aspx?txtSearch=arachni_text' using 'GET'.
|
|
[~] It was submitted using the following parameters:
|
|
[~] It was submitted using the following parameters:
|
|
[~] ** txtSearch = arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056
|
|
[~] * txtSearch = arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056
|
|
[~]
|
|
[~]
|
|
[~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056':
|
|
[~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056':
|
|
[~] ** Body
|
|
[~] * Body
|
|
|
|
|
|
[**] AutoLogin
|
|
[*] AutoLogin
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] ~~~~~~~~~~~~~~
|
|
[~] Description: It looks for the login form in the user provided URL,
|
|
[~] Description: It looks for the login form in the user provided URL,
|
|
merges its input fields with the user supplied parameters and sets the cookies
|
|
merges its input fields with the user supplied parameters and sets the cookies
|
... | @@ -2252,11 +2252,11 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2252,11 +2252,11 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
[+] Form submitted successfully.
|
|
[+] Form submitted successfully.
|
|
[~] Cookies set to:
|
|
[~] Cookies set to:
|
|
[~] ** ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55
|
|
[~] * ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55
|
|
[~] ** amSessionId = 204023334531
|
|
[~] * amSessionId = 204023334531
|
|
[~] ** amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ=
|
|
[~] * amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ=
|
|
[~] ** amUserId = 100116014
|
|
[~] * amUserId = 100116014
|
|
[~] ** amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9
|
|
[~] * amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9
|
|
|
|
|
|
[~] 100.0% [>] 100%
|
|
[~] 100.0% [>] 100%
|
|
[~] Est. remaining time: --:--:--
|
|
[~] Est. remaining time: --:--:--
|
... | @@ -2285,25 +2285,25 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2285,25 +2285,25 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
<h3 id='proxy_server'><a href='#proxy_server'>Proxy server (--proxy)</a></h3>
|
|
<h3 id='proxy_server'><a href='#proxy_server'>Proxy server (--proxy)</a></h3>
|
|
|
|
|
|
**Expects**: server:port
|
|
*Expects*: server:port
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Tells Arachni to send all requests via a proxy server.
|
|
Tells Arachni to send all requests via a proxy server.
|
|
|
|
|
|
<h3 id='proxy-auth'><a href='#proxy-auth'>Proxy authentication (--proxy-auth)</a></h3>
|
|
<h3 id='proxy-auth'><a href='#proxy-auth'>Proxy authentication (--proxy-auth)</a></h3>
|
|
|
|
|
|
**Expects**: username:password
|
|
*Expects*: username:password
|
|
**Default**: disabled
|
|
*Default*: disabled
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Tells Arachni authenticate itself with the proxy server using the supplied username and password.
|
|
Tells Arachni authenticate itself with the proxy server using the supplied username and password.
|
|
|
|
|
|
<h3 id='proxy-type'><a href='#proxy-type'>Proxy type (--proxy-type)</a></h3>
|
|
<h3 id='proxy-type'><a href='#proxy-type'>Proxy type (--proxy-type)</a></h3>
|
|
|
|
|
|
**Expects**: http, http_1_0, socks4, socks5, socks4a
|
|
*Expects*: http, http_1_0, socks4, socks5, socks4a
|
|
**Default**: disabled OR http
|
|
*Default*: disabled OR http
|
|
**Multiple invocations?**: no
|
|
*Multiple invocations?*: no
|
|
|
|
|
|
Tells Arachni what protocol to use to connect and comunicate with the proxy server.
|
|
Tells Arachni what protocol to use to connect and comunicate with the proxy server.
|
|
|
|
|
... | @@ -2336,12 +2336,12 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2336,12 +2336,12 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
--debug Show what is happening internally.
|
|
--debug Show what is happening internally.
|
|
(You should give it a shot sometime ;) )
|
|
(You should give it a shot sometime ;) )
|
|
|
|
|
|
--only-positives Echo positive results **only**.
|
|
--only-positives Echo positive results *only*.
|
|
|
|
|
|
--http-req-limit=<integer> Concurrent HTTP requests limit.
|
|
--http-req-limit=<integer> Concurrent HTTP requests limit.
|
|
(Default: 20)
|
|
(Default: 20)
|
|
(Be careful not to kill your server.)
|
|
(Be careful not to kill your server.)
|
|
(**NOTE**: If your scan seems unresponsive try lowering the limit.)
|
|
(*NOTE*: If your scan seems unresponsive try lowering the limit.)
|
|
|
|
|
|
--http-timeout=<integer> HTTP request timeout in milliseconds.
|
|
--http-timeout=<integer> HTTP request timeout in milliseconds.
|
|
|
|
|
... | @@ -2377,8 +2377,8 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2377,8 +2377,8 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
--load-profile=<filepath> Load a run profile from <filepath>.
|
|
--load-profile=<filepath> Load a run profile from <filepath>.
|
|
(Can be used multiple times.)
|
|
(Can be used multiple times.)
|
|
(You can complement it with more options, except for:
|
|
(You can complement it with more options, except for:
|
|
** --modules
|
|
* --modules
|
|
** --redundant)
|
|
* --redundant)
|
|
|
|
|
|
--show-profile Will output the running profile as CLI arguments.
|
|
--show-profile Will output the running profile as CLI arguments.
|
|
|
|
|
... | @@ -2390,7 +2390,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2390,7 +2390,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
(Can be used multiple times.)
|
|
(Can be used multiple times.)
|
|
|
|
|
|
-i <regexp>
|
|
-i <regexp>
|
|
--include=<regexp> Include **only** urls matching <regex>.
|
|
--include=<regexp> Include *only* urls matching <regex>.
|
|
(Can be used multiple times.)
|
|
(Can be used multiple times.)
|
|
|
|
|
|
--redundant=<regexp>:<limit>
|
|
--redundant=<regexp>:<limit>
|
... | @@ -2442,19 +2442,19 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2442,19 +2442,19 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
(Can be used multiple times.)
|
|
(Can be used multiple times.)
|
|
|
|
|
|
--audit-headers Audit HTTP headers.
|
|
--audit-headers Audit HTTP headers.
|
|
(**NOTE**: Header audits use brute force.
|
|
(*NOTE*: Header audits use brute force.
|
|
Almost all valid HTTP request headers will be audited
|
|
Almost all valid HTTP request headers will be audited
|
|
even if there's no indication that the web app uses them.)
|
|
even if there's no indication that the web app uses them.)
|
|
(**WARNING**: Enabling this option will result in increased requests,
|
|
(*WARNING*: Enabling this option will result in increased requests,
|
|
maybe by an order of magnitude.)
|
|
maybe by an order of magnitude.)
|
|
|
|
|
|
Coverage -----------------------
|
|
Coverage -----------------------
|
|
|
|
|
|
--audit-cookies-extensively Submit all links and forms of the page along with the cookie permutations.
|
|
--audit-cookies-extensively Submit all links and forms of the page along with the cookie permutations.
|
|
(**WARNING**: This will severely increase the scan-time.)
|
|
(*WARNING*: This will severely increase the scan-time.)
|
|
|
|
|
|
--fuzz-methods Audit links, forms and cookies using both GET and POST requests.
|
|
--fuzz-methods Audit links, forms and cookies using both GET and POST requests.
|
|
(**WARNING**: This will severely increase the scan-time.)
|
|
(*WARNING*: This will severely increase the scan-time.)
|
|
|
|
|
|
--exclude-binaries Exclude non text-based pages from the audit.
|
|
--exclude-binaries Exclude non text-based pages from the audit.
|
|
(Binary content can confuse recon modules that perform pattern matching.)
|
|
(Binary content can confuse recon modules that perform pattern matching.)
|
... | @@ -2471,17 +2471,17 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
... | @@ -2471,17 +2471,17 @@ Arachni - Web Application Security Scanner Framework v0.4.2 |
|
|
|
|
|
Comma separated list of modules to load.
|
|
Comma separated list of modules to load.
|
|
(Modules are referenced by their filename without the '.rb' extension, use '--lsmod' to list all.
|
|
(Modules are referenced by their filename without the '.rb' extension, use '--lsmod' to list all.
|
|
Use '**' as a module name to deploy all modules or as a wildcard, like so:
|
|
Use '*' as a module name to deploy all modules or as a wildcard, like so:
|
|
xss** to load all xss modules
|
|
xss* to load all xss modules
|
|
sqli** to load all sql injection modules
|
|
sqli* to load all sql injection modules
|
|
etc.
|
|
etc.
|
|
|
|
|
|
You can exclude modules by prefixing their name with a minus sign:
|
|
You can exclude modules by prefixing their name with a minus sign:
|
|
--modules=**,-backup_files,-xss
|
|
--modules=*,-backup_files,-xss
|
|
The above will load all modules except for the 'backup_files' and 'xss' modules.
|
|
The above will load all modules except for the 'backup_files' and 'xss' modules.
|
|
|
|
|
|
Or mix and match:
|
|
Or mix and match:
|
|
-xss** to unload all xss modules.)
|
|
-xss* to unload all xss modules.)
|
|
|
|
|
|
|
|
|
|
Reports ------------------------
|
|
Reports ------------------------
|
... | | ... | |