Skip to content
GitLab

RPC client · Changes

Page history
Updated RPC-client (markdown) authored by Tasos Laskos's avatar Tasos Laskos
Show whitespace changes
Inline Side-by-side
guides/user/RPC-client.md
View page @ 4ea57ec0
## Version 1.0
## Version 1.1
The RPC client command line interface is similar to the
[[Command line user interface | Command line user interface]].
......@@ -11,8 +11,8 @@ The differences between the two are:
* Support for SSL peer verification for Dispatch server.
```
Arachni - Web Application Security Scanner Framework v1.0
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Arachni - Web Application Security Scanner Framework v1.1
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
(With the support of the community and the Arachni Team.)
......@@ -87,7 +87,7 @@ Scope
--scope-dom-depth-limit LIMIT
How deep to go into the DOM tree of each page, for pages with JavaScript code.
(Default: 10)
(Default: 5)
(Setting it to '0' will disable browser analysis.)
--scope-https-only Forces the system to only follow HTTPS URLs.
......@@ -115,6 +115,15 @@ Audit
/input1\/(?<input1>\w+)\/input2\/(?<input2>\w+)/
(Can be used multiple times.)
--audit-jsons Audit JSON request inputs.
--audit-xmls Audit XML request inputs.
--audit-parameter-names Inject payloads into parameter names.
--audit-with-extra-parameter
Inject payloads into extra element parameters.
--audit-with-both-methods
Audit elements with both GET and POST requests.
(*WARNING*: This will severely increase the scan-time.)
......@@ -145,7 +154,7 @@ Input
HTTP
--http-user-agent USER_AGENT
Value for the 'User-Agent' HTTP request header.
(Default: Arachni/v1.0)
(Default: Arachni/v2.0dev)
--http-request-concurrency MAX_CONCURRENCY
Maximum HTTP request concurrency.
......@@ -155,7 +164,7 @@ HTTP
--http-request-timeout TIMEOUT
HTTP request timeout in milliseconds.
(Default: 50000)
(Default: 10000)
--http-request-redirect-limit LIMIT
Maximum amount of redirects to follow for each HTTP request.
......@@ -173,7 +182,7 @@ HTTP
--http-response-max-size LIMIT
Do not download response bodies larger than the specified LIMIT, in bytes.
(Default: inf)
(Default: 500000)
--http-cookie-jar COOKIE_JAR_FILE
Netscape-styled HTTP cookiejar file.
......@@ -197,6 +206,34 @@ HTTP
Proxy type.
(Default: auto)
--http-ssl-verify-peer Verify SSL peer.
(Default: false)
--http-ssl-verify-host Verify SSL host.
(Default: false)
--http-ssl-certificate PATH
SSL certificate to use.
--http-ssl-certificate-type pem,der
SSL certificate type.
--http-ssl-key PATH SSL private key to use.
--http-ssl-key-type pem,der
SSL key type.
--http-ssl-key-password PASSWORD
Password for the SSL private key.
--http-ssl-ca PATH File holding one or more certificates with which to verify the peer.
--http-ssl-ca-directory PATH
Directory holding multiple certificate files with which to verify the peer.
--http-ssl-version TLSv1,TLSv1_0,TLSv1_1,TLSv1_2,SSLv2,SSLv3
SSL version to use.
Checks
--checks-list [PATTERN] List available checks based on the provided pattern.
......@@ -207,7 +244,7 @@ Checks
Checks are referenced by their filename without the '.rb' extension, use '--checks-list' to list all.
Use '*' as a check name to load all checks or as a wildcard, like so:
xss* to load all XSS checks
sqli* to load all SQL injection checks
sql_injection* to load all SQL injection checks
etc.
You can exclude checks by prefixing their name with a minus sign:
......@@ -267,7 +304,7 @@ Browser cluster
--browser-cluster-job-timeout SECONDS
Maximum allowed time for each job.
(Default: 120)
(Default: 15)
--browser-cluster-worker-time-to-live LIMIT
Re-spawn the browser of each worker every LIMIT jobs.
......