Skip to content
GitLab

Command line user interface · Changes

Page history
Fixing markdown authored by Tasos Laskos's avatar Tasos Laskos
Show whitespace changes
Inline Side-by-side
guides/user/Command-line-user-interface.md
View page @ fbfe150c
......@@ -39,23 +39,23 @@ or any other report type as shown by:
$ arachni --lsrep
#### You can make module loading easier by using wildcards (**) and exclusions (-).
#### You can make module loading easier by using wildcards (*) and exclusions (-).
To load all `xss` modules using a wildcard:
$ arachni http://example.net --modules=xss**
$ arachni http://example.net --modules=xss*
To load all _audit_ modules using a wildcard:
$ arachni http://example.net --modules=audit/**
$ arachni http://example.net --modules=audit/*
To exclude only the _csrf_ module:
$ arachni http://example.net --modules=**,-csrf
$ arachni http://example.net --modules=*,-csrf
Or you can mix and match; to run everything but the _xss_ modules:
$ arachni http://example.net --modules=**,-xss**
$ arachni http://example.net --modules=*,-xss*
#### Performing a full scan quickly
......@@ -76,94 +76,94 @@ in your gems path._
[Command Line Interface help output](#cli_help_output)
** [General](#general)
** [Version (--version)](#version)
** [Verbosity (-v)](#verbosity)
** [Example](#verbosity_example)
** [Debug mode (--debug)](#debug)
** [Only positives (--only-positives)](#only-positives)
** [HTTP request limit (--http-req-limit)](#http-req-limit)
** [HTTP request timeout (--http-timeout)](#http-timeout)
** [HTTPS only (--https-only)](#https-only)
** [Cookie jar (--cookie-jar)](#cookie-jar)
** [Cookie string (--cookie-string)](#cookie-string)
** [User agent (--user-agent)](#user-agent)
** [Custom header (--custom-header)](#custom-header)
** [Example](#custom-header_example)
** [Authorized by (--authed-by)](#authed-by)
** [Example](#authed-by_example)
** [Login check URL (--login-check-url)](#login-check-url)
** [Login check pattern (--login-check-pattern)](#login-check-pattern)
** [Profiles](#profiles)
** [Save profile (--save-profile)](#save-profile)
** [Example](#save-profile_example)
** [Load profile (--load-profile)](#load-profile)
** [Example](#load-profile_example)
** [Show profile (--show-profile)](#show-profile)
** [Example](#show-profile_example)
** [Crawler](#crawler)
** [Exclude (--exclude/-e)](#exclude)
** [Example](#exclude_example)
** [Exclude page by content (--exclude-page)](#exclude-page)
** [Example](#exclude-page_example)
** [Include (--include/-i)](#include)
** [Redundant (--redundant)](#redundant)
** [Audo-redundant (--auto-redundant)](#auto-redundant)
** [Example](#auto-redundant_example)
** [Follow subdomains (-f/--follow-subdomains)](#follow-subdomains)
** [Depth limit (--depth)](#depth)
** [Link count limit (--link-count)](#link-count)
** [Redirect limit (--redirect-limit)](#redirect-limit)
** [Extend paths (--extend-paths)](#extend-paths)
** [Restrict paths (--restrict-paths)](#restrict-paths)
** [Auditor](#auditor)
** [Audit links (--audit-links/-g)](#audit-links)
** [Audit forms (--audit-forms/-p)](#audit-forms)
** [Audit cookies (--audit-cookies/-c)](#audit-cookies)
** [Exclude cookie (--exclude-cookie)](#exclude-cookie)
** [Exclude vector (--exclude-vector)](#exclude-vector)
** [Audit headers (--audit-headers)](#audit-headers)
** [Coverage](#coverage)
** [Audit cookies extensively (--audit-cookies-extensively)](#audit-cookies-extensively)
** [Fuzz methods (--fuzz-methods)](#fuzz-methods)
** [Exclude binaries (--exclude-binaries)](#exclude-binaries)
** [Modules](#modules)
** [List modules (--lsmod)](#lsmod)
** [Example](#lsmod_example)
** [Modules (--modules/-m)](#modules)
** [Example](#mods_example)
** [Reports](#reports)
** [List reports (--lsrep)](#lsrep)
** [Example](#lsrep_example)
** [Load a report (--repload)](#repload)
** [Example](#repload_example)
** [Report (--report)](#report)
** [Example](#report_example)
** [Plugins](#plugins)
** [List plugins (--lsplug)](#lsplug)
** [Example](#lsplug_example)
** [Load a plugin (--plugin)](#plugin)
** [Example](#plugin_example)
** [Proxy](#proxy)
** [Proxy server (--proxy)](#proxy_server)
** [Proxy authentication (--proxy-auth)](#proxy-auth)
** [Proxy type (--proxy-type)](#proxy-type)
* [General](#general)
* [Version (--version)](#version)
* [Verbosity (-v)](#verbosity)
* [Example](#verbosity_example)
* [Debug mode (--debug)](#debug)
* [Only positives (--only-positives)](#only-positives)
* [HTTP request limit (--http-req-limit)](#http-req-limit)
* [HTTP request timeout (--http-timeout)](#http-timeout)
* [HTTPS only (--https-only)](#https-only)
* [Cookie jar (--cookie-jar)](#cookie-jar)
* [Cookie string (--cookie-string)](#cookie-string)
* [User agent (--user-agent)](#user-agent)
* [Custom header (--custom-header)](#custom-header)
* [Example](#custom-header_example)
* [Authorized by (--authed-by)](#authed-by)
* [Example](#authed-by_example)
* [Login check URL (--login-check-url)](#login-check-url)
* [Login check pattern (--login-check-pattern)](#login-check-pattern)
* [Profiles](#profiles)
* [Save profile (--save-profile)](#save-profile)
* [Example](#save-profile_example)
* [Load profile (--load-profile)](#load-profile)
* [Example](#load-profile_example)
* [Show profile (--show-profile)](#show-profile)
* [Example](#show-profile_example)
* [Crawler](#crawler)
* [Exclude (--exclude/-e)](#exclude)
* [Example](#exclude_example)
* [Exclude page by content (--exclude-page)](#exclude-page)
* [Example](#exclude-page_example)
* [Include (--include/-i)](#include)
* [Redundant (--redundant)](#redundant)
* [Audo-redundant (--auto-redundant)](#auto-redundant)
* [Example](#auto-redundant_example)
* [Follow subdomains (-f/--follow-subdomains)](#follow-subdomains)
* [Depth limit (--depth)](#depth)
* [Link count limit (--link-count)](#link-count)
* [Redirect limit (--redirect-limit)](#redirect-limit)
* [Extend paths (--extend-paths)](#extend-paths)
* [Restrict paths (--restrict-paths)](#restrict-paths)
* [Auditor](#auditor)
* [Audit links (--audit-links/-g)](#audit-links)
* [Audit forms (--audit-forms/-p)](#audit-forms)
* [Audit cookies (--audit-cookies/-c)](#audit-cookies)
* [Exclude cookie (--exclude-cookie)](#exclude-cookie)
* [Exclude vector (--exclude-vector)](#exclude-vector)
* [Audit headers (--audit-headers)](#audit-headers)
* [Coverage](#coverage)
* [Audit cookies extensively (--audit-cookies-extensively)](#audit-cookies-extensively)
* [Fuzz methods (--fuzz-methods)](#fuzz-methods)
* [Exclude binaries (--exclude-binaries)](#exclude-binaries)
* [Modules](#modules)
* [List modules (--lsmod)](#lsmod)
* [Example](#lsmod_example)
* [Modules (--modules/-m)](#modules)
* [Example](#mods_example)
* [Reports](#reports)
* [List reports (--lsrep)](#lsrep)
* [Example](#lsrep_example)
* [Load a report (--repload)](#repload)
* [Example](#repload_example)
* [Report (--report)](#report)
* [Example](#report_example)
* [Plugins](#plugins)
* [List plugins (--lsplug)](#lsplug)
* [Example](#lsplug_example)
* [Load a plugin (--plugin)](#plugin)
* [Example](#plugin_example)
* [Proxy](#proxy)
* [Proxy server (--proxy)](#proxy_server)
* [Proxy authentication (--proxy-auth)](#proxy-auth)
* [Proxy type (--proxy-type)](#proxy-type)
<h2 id='general'><a href='#general'>General</a></h2>
<h3 id='version'><a href='#version'>Version (--version)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
Outputs the Arachni banner and version information.
<h3 id='verbosity'><a href='#verbosity'>Verbosity (-v)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
When verbosity is enabled Arachni will give you detailed information about what's going on during the whole process.
......@@ -176,14 +176,14 @@ Let's give this a try:
This will load the XSS module and audit all the forms in "http://testfire.net/".
**Verbose mode disabled**
*Verbose mode disabled*
Observe that there's no _-v_ flag in the following run.
_Don't worry about the rest of the parameters right now._
**Quick note:**
*Quick note:*
Arachni's output messages are classified into several categories, each of them prefixed with a different colored symbol.
"[**]" messages are status messages.
"[*]" messages are status messages.
"[+]" messages are "ok" messages - positive matches.
_I won't bother with coloring during the examples._
......@@ -198,35 +198,35 @@ Arachni - Web Application Security Scanner Framework v0.4.2
Documentation: http://arachni-scanner.com/wiki
[**] Initialising...
[**] Waiting for plugins to settle...
[**] [HTTP: 200] http://testfire.net/
[**] Harvesting HTTP responses...
[*] Initialising...
[*] Waiting for plugins to settle...
[*] [HTTP: 200] http://testfire.net/
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
[**] Auditing: [HTTP: 200] http://testfire.net/
[**] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] Harvesting HTTP responses...
[*] Auditing: [HTTP: 200] http://testfire.net/
[*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
[*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
[**] Profiler: Analyzing response #3...
[*] Profiler: Analyzing response #3...
[~] Trainer: Found 1 new links.
[**] Profiler: Analyzing response #4...
[**] Profiler: Analyzing response #5...
[**] XSS: Analyzing response #6...
[*] Profiler: Analyzing response #4...
[*] Profiler: Analyzing response #5...
[*] XSS: Analyzing response #6...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] XSS: Analyzing response #7...
[*] XSS: Analyzing response #7...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] XSS: Analyzing response #8...
[*] XSS: Analyzing response #8...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
```
**Verbose mode enabled**
*Verbose mode enabled*
See the extra information in this example.
"[v]" messages are verbose messages.
......@@ -244,34 +244,34 @@ Arachni - Web Application Security Scanner Framework v0.4.2
Documentation: http://arachni-scanner.com/wiki
[**] Initialising...
[**] Waiting for plugins to settle...
[**] [HTTP: 200] http://testfire.net/
[**] Harvesting HTTP responses...
[*] Initialising...
[*] Waiting for plugins to settle...
[*] [HTTP: 200] http://testfire.net/
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
[**] Auditing: [HTTP: 200] http://testfire.net/
[**] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] Harvesting HTTP responses...
[*] Auditing: [HTTP: 200] http://testfire.net/
[*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
[*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
[**] Profiler: Analyzing response #3...
[*] Profiler: Analyzing response #3...
[~] Trainer: Found 1 new links.
[**] Profiler: Analyzing response #4...
[**] Profiler: Analyzing response #5...
[**] XSS: Analyzing response #6...
[*] Profiler: Analyzing response #4...
[*] Profiler: Analyzing response #5...
[*] XSS: Analyzing response #6...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[v] XSS: Injected string: <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
[v] XSS: Verified string: <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
[**] XSS: Analyzing response #7...
[*] XSS: Analyzing response #7...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[v] XSS: Injected string: '-;<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
[v] XSS: Verified string: '-;<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
[**] XSS: Analyzing response #8...
[*] XSS: Analyzing response #8...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[v] XSS: Injected string: --> <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> <!--
[v] XSS: Verified string: --> <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> <!--
......@@ -280,9 +280,9 @@ Arachni - Web Application Security Scanner Framework v0.4.2
<h3 id='debug'><a href='debug'>Debug mode (--debug)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
When this flag is enabled the system will output a lot of messages detailing what's happening internally.
......@@ -333,7 +333,7 @@ $ cat debug.log
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
[!] Method: post
[!] Params: {"xss"=>""}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Train?: true
[!] ------------
[!] XSS: Current audit ID: XSS:http://localhost/~zapotek/tests/forms/xss.php:form:["xss"]=__sample_values__
......@@ -345,7 +345,7 @@ $ cat debug.log
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
[!] Method: post
[!] Params: {"xss"=>"1"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Train?: true
[!] ------------
[!] ------------
......@@ -354,7 +354,7 @@ $ cat debug.log
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
[!] Method: post
[!] Params: {"xss"=>"1<arachni_xss_5e2e830ed4f831cb30df6df05151022b94cd27991b459ae8c3b349e2bbd2dad1\x00"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Train?: false
[!] ------------
[!] ------------
......@@ -363,7 +363,7 @@ $ cat debug.log
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
[!] Method: post
[!] Params: {"xss"=>"1<arachni_xss_5e2e830ed4f831cb30df6df05151022b94cd27991b459ae8c3b349e2bbd2dad1\x00"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Train?: false
[!] ------------
[!] XSS: Request ID: 2
......@@ -373,7 +373,7 @@ $ cat debug.log
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
[!] Method: post
[!] Params: {"xss"=>""}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Train?: true
[!] ------------
[!] Trainer: Started for response with request ID: #0
......@@ -384,7 +384,7 @@ $ cat debug.log
[!] URL: http://localhost/~zapotek/tests/forms/xss.php
[!] Method: post
[!] Params: {"xss"=>"1"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Train?: true
[!] ------------
[!] Trainer: Started for response with request ID: #1
......@@ -394,46 +394,46 @@ $ cat debug.log
<h3 id='only-positives'><a href='#only-positives'>Only positives (--only-positives)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
This will suppress all messages except for positive matches -- vulnerabilities.
<h3 id='http-req-limit'><a href='#http-req-limit'>HTTP request limit (--http-req-limit)</a></h3>
**Expects**: integer
**Default**: 60
**Multiple invocations?**: no
*Expects*: integer
*Default*: 60
*Multiple invocations?*: no
Limit how many concurrent HTTP request are sent.
**Note**: If your scan seems unresponsive try lowering the limit.
**Warning**: Given enough bandwidth and a high limit it could cause a DoS.
*Note*: If your scan seems unresponsive try lowering the limit.
*Warning*: Given enough bandwidth and a high limit it could cause a DoS.
Be careful when setting this option too high, don't kill your server.
<h3 id='http-timeout'><a href='#http-timeout'>HTTP timeout (--http-timeout)</a></h3>
**Expects**: integer (milliseconds)
**Default**: 50000
**Multiple invocations?**: no
*Expects*: integer (milliseconds)
*Default*: 50000
*Multiple invocations?*: no
Limit how long the HTTP client should wait for a response from the server.
<h3 id='https-only'><a href='#https-only'>HTTP timeout (--https-only)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
Forces the system to only follow HTTPS URLs.
_(Target URL must be an HTTPS one as well.)_
<h3 id='cookie-jar'><a href='#cookie-jar'>Cookie jar (--cookie-jar)</a></h3>
**Expects**: cookiejar file
**Default**: disabled
**Multiple invocations?**: no
*Expects*: cookiejar file
*Default*: disabled
*Multiple invocations?*: no
Arachni allows you to pass your own cookies in the form of a Netscape cookie-jar file.
If you want to audit restricted parts of a website that are accessible only to logged in users you should pass the session cookies to Arachni.
......@@ -442,13 +442,13 @@ There's a number of ways to do that, I've found that Firebug's export cookie fea
You should also take a look at the _--exclude-cookie_ option discussed later.
**Note**: If you don't feel comfortable setting your own cookie-jar you can use the Proxy or AutoLogin plugin to login to the web application.
*Note*: If you don't feel comfortable setting your own cookie-jar you can use the Proxy or AutoLogin plugin to login to the web application.
<h3 id='cookie-string'><a href='#cookie-string'>Cookie string (--cookie-string)</a></h3>
**Expects**: string
**Default**: disabled
**Multiple invocations?**: no
*Expects*: string
*Default*: disabled
*Multiple invocations?*: no
Cookies, as a string, to be sent to the web application.
......@@ -460,18 +460,18 @@ Cookies, as a string, to be sent to the web application.
<h3 id='user-agent'><a href='#user-agent'>User agent (--user-agent)</a></h3>
**Expects**: string
**Default**: "Arachni/<version>"
**Multiple invocations?**: no
*Expects*: string
*Default*: "Arachni/<version>"
*Multiple invocations?*: no
You can pass your own user agent string which will be sent to the webserver under audit.
Default is _Arachni/&lt;version&gt;_.
<h3 id='custom-header'><a href='#custom-header'>Custom header (--custom-header)</a></h3>
**Expects**: string
**Default**: disabled
**Multiple invocations?**: yes
*Expects*: string
*Default*: disabled
*Multiple invocations?*: yes
Allows you to specify custom headers in the form of key-value pairs.
......@@ -484,9 +484,9 @@ Allows you to specify custom headers in the form of key-value pairs.
<h3 id='authed-by'><a href='#authed-by'>Authorized by (--authed-by)</a></h3>
**Expects**: string
**Default**: disabled
**Multiple invocations?**: no
*Expects*: string
*Default*: disabled
*Multiple invocations?*: no
The string passed to this option will be included in the user-agent string and be the value of the "From" HTTP header field.
......@@ -500,10 +500,10 @@ The _--authed-by_ value should contain information about the person who authoriz
<h3 id='login-check-url'><a href='#login-check-url'>Login check URL (--login-check-url)</a></h3>
**Expects**: string
**Default**: disabled
**Multiple invocations?**: no
**Requires**: "login-check-pattern":#login-check-pattern
*Expects*: string
*Default*: disabled
*Multiple invocations?*: no
*Requires*: "login-check-pattern":#login-check-pattern
The URL passed to this option will be used to verify that the scanner is still
logged in to the web application.
......@@ -513,10 +513,10 @@ this should indicate that the scanner is logged in.
<h3 id='login-check-pattern'><a href='#login-check-pattern'>Login check pattern (--login-check-pattern)</a></h3>
**Expects**: string
**Default**: disabled
**Multiple invocations?**: no
**Requires**: "login-check-url":#login-check-url
*Expects*: string
*Default*: disabled
*Multiple invocations?*: no
*Requires*: "login-check-url":#login-check-url
A pattern used against the body of the "login-check-url":#login-check-url to
verify that the scanner is still logged in to the web application.
......@@ -527,9 +527,9 @@ A positive match should indicate that the scanner is logged in.
<h3 id='save-profile'><a href='#save-profile'>Save profile (--save-profile)</a></h3>
**Expects**: filename
**Default**: disabled
**Multiple invocations?**: no
*Expects*: filename
*Default*: disabled
*Multiple invocations?*: no
This option allows you to save your current running configuration, all the options passed to Arachni, to an Arachni Framework Profile (.afp) file.
......@@ -542,9 +542,9 @@ This option allows you to save your current running configuration, all the optio
<h3 id='load-profile'><a href='#load-profile'>Load profile (--load-profile)</a></h3>
**Expects**: Arachni Framework Profile (.afp) file
**Default**: disabled
**Multiple invocations?**: yes
*Expects*: Arachni Framework Profile (.afp) file
*Default*: disabled
*Multiple invocations?*: yes
This option allows you to load and run a saved profile.
The load profile option does not restrict your ability to specify more options or even resave the profile.
......@@ -557,9 +557,9 @@ The load profile option does not restrict your ability to specify more options o
<h3 id='show-profile'><a href='#show-profile'>Show profile (--show-profile)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
This option will output the running configuration as a string of command line arguments.
......@@ -572,9 +572,9 @@ This option will output the running configuration as a string of command line ar
<h3 id='exclude'><a href='#exclude'>Exclude (--exclude/-e)</a></h3>
**Expects**: regexp
**Default**: disabled
**Multiple invocations?**: yes
*Expects*: regexp
*Default*: disabled
*Multiple invocations?*: yes
The _--exclude_ option expects a regular expression or plain string and excludes URLs matching that expression from the crawling process.
......@@ -597,13 +597,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] No audit options were specified.
[~] -> Will audit links, forms and cookies.
[**] Initialising...
[**] Waiting for plugins to settle...
[**] Resolver: Resolving hostnames...
[**] Resolver: Done!
[*] Initialising...
[*] Waiting for plugins to settle...
[*] Resolver: Resolving hostnames...
[*] Resolver: Done!
[**] Dumping audit results in '2012-09-09 02.38.18 +0300.afr'.
[**] Done!
[*] Dumping audit results in '2012-09-09 02.38.18 +0300.afr'.
[*] Done!
......@@ -625,14 +625,14 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] URL: http://testfire.net/
[~] User agent: Arachni/v0.4.2
[**] Audited elements:
[~] ** Links
[~] ** Forms
[~] ** Cookies
[*] Audited elements:
[~] * Links
[~] * Forms
[~] * Cookies
[**] Modules: xss
[*] Modules: xss
[**] Filters:
[*] Filters:
[~] Exclude:
[~] (?-mix:testfire)
......@@ -668,27 +668,27 @@ Arachni - Web Application Security Scanner Framework v0.4.2
<h3 id='exclude-page'><a href='#exclude-page'>Exclude page by content (--exclude-page)</a></h3>
**Expects**: regexp
**Default**: disabled
**Multiple invocations?**: yes
*Expects*: regexp
*Default*: disabled
*Multiple invocations?*: yes
The _--exclude-page_ option expects a regular expression or plain string
and excludes pages whose content matching that expression from the crawl process.
<h3 id='include'><a href='#include'>Include (--include/-i)</a></h3>
**Expects**: regexp
**Default**: '.**'
**Multiple invocations?**: yes
*Expects*: regexp
*Default*: '.*'
*Multiple invocations?*: yes
This is the exact oposite of the _--exclude_ option.
When a regular expression is passed to the _--include_ option, **only** URLs matching that regular expression will be crawled.
When a regular expression is passed to the _--include_ option, *only* URLs matching that regular expression will be crawled.
<h3 id='redundant'><a href='#redundant'>Redundant (--redundant)</a></h3>
**Expects**: regexp:integer
**Default**: disabled
**Multiple invocations?**: yes
*Expects*: regexp:integer
*Default*: disabled
*Multiple invocations?*: yes
The redundant option expects a regular expression and a counter, like so:
......@@ -701,9 +701,9 @@ This option is useful when auditing a website that has a lot of redundant pages
<h3 id='auto-redundant'><a href='#auto-redundant'>Auto-redundant (--auto-redundant)</a></h3>
**Expects**: integer
**Default**: disabled (with a value of 10 if none has been specified)
**Multiple invocations?**: no
*Expects*: integer
*Default*: disabled (with a value of 10 if none has been specified)
*Multiple invocations?*: no
The auto-redundant option sets the limit of how many URLs with identical parameters
should be followed.
......@@ -735,50 +735,50 @@ http://test.com/path.php?stuff=blah&stuff2=1
<h3 id='follow-subdomains'><a href='#follow-subdomains'>Follow subdomains (-f/--follow-subdomains)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
This flag will cause Arachni to follow links to subdomains.
<h3 id='depth'><a href='#depth'>Depth limit (--depth)</a></h3>
**Expects**: integer
**Default**: infinite
**Multiple invocations?**: no
*Expects*: integer
*Default*: infinite
*Multiple invocations?*: no
It specifies how deep into the site structure the crawler should go.
<h3 id='link-count'><a href='#link-count'>Link count limit (--link-count)</a></h3>
**Expects**: integer
**Default**: infinite
**Multiple invocations?**: no
*Expects*: integer
*Default*: infinite
*Multiple invocations?*: no
It specifies how many links the crawler should follow.
<h3 id='redirect-limit'><a href='#redirect-limit'>Redirect limit (--redirect-limit)</a></h3>
**Expects**: integer
**Default**: infinite
**Multiple invocations?**: no
*Expects*: integer
*Default*: infinite
*Multiple invocations?*: no
It specifies how many redirects the crawler should follow.
<h3 id='extend-paths'><a href='#extend-paths'>Extend paths (--extend-paths)</a></h3>
**Expects**: file
**Default**: disabled
**Multiple invocations?**: yes
*Expects*: file
*Default*: disabled
*Multiple invocations?*: yes
Allows you to extend the scope of the audit by supplementing the paths discovered by the crawler with the paths in the file.
The file must contains one path per line.
<h3 id='restrict-paths'><a href='#restrict-paths'>Restrict paths (--restrict-paths)</a></h3>
**Expects**: file
**Default**: disabled
**Multiple invocations?**: yes
*Expects*: file
*Default*: disabled
*Multiple invocations?*: yes
Uses the paths contained in file instead of performing a crawl.
......@@ -787,100 +787,100 @@ Uses the paths contained in file instead of performing a crawl.
<h3 id='audit-links'><a href='#audit-links'>Audit links (--audit-links/-g)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
Tells Arachni to audit the link elements of the page and their variables.
<h3 id='audit-forms'><a href='#audit-forms'>Audit forms (--audit-forms/-p)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
Tells Arachni to audit the form elements of the page and their inputs.
<h3 id='audit-cookies'><a href='#audit-cookies'>Audit cookies (--audit-cookies/-c)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
Tells Arachni to audit the cookies of the page.
<h3 id='exclude-cookie'><a href='#exclude-cookie'>Exclude cookie (--exclude-cookie)</a></h3>
**Expects**: cookie name
**Default**: disabled
**Multiple invocations?**: yes
*Expects*: cookie name
*Default*: disabled
*Multiple invocations?*: yes
Tells Arachni to exclude -- not audit -- a cookie by name.
Usually used to avoid auditing a session ID cookie from the cookie-jar.
**Note**: Even if you audit a session cookie Arachni will restore it to its original value right after auditing it.
*Note*: Even if you audit a session cookie Arachni will restore it to its original value right after auditing it.
However, some extra cautious websites may invalidate/block the session upon receiving an invalid token.
This is very unlikely but it's better to err on the side of caution.
<h3 id='exclude-vector'><a href='#exclude-vector'>Exclude cookie (--exclude-vector)</a></h3>
**Expects**: input name
**Default**: disabled
**Multiple invocations?**: yes
*Expects*: input name
*Default*: disabled
*Multiple invocations?*: yes
Tells Arachni to exclude -- not audit -- an input vector by name.
<h3 id='audit-headers'><a href='#audit-headers'>Audit headers (--audit-headers)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
Tells Arachni to audit the HTTP headers of the page.
**Note**: Header audits use brute force. Almost all valid HTTP request headers will be audited even if there's no indication that the web app uses them.
**Warning**: Enabling this option will result in increased requests, maybe by an order of magnitude.
*Note*: Header audits use brute force. Almost all valid HTTP request headers will be audited even if there's no indication that the web app uses them.
*Warning*: Enabling this option will result in increased requests, maybe by an order of magnitude.
<h2 id='coverage'><a href='#coverage'>Coverage</a></h2>
<h3 id='audit-cookies-extensively'><a href='#audit-cookies-extensively'>Audit cookies extensively (--audit-cookies-extensively)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
If enabled Arachni will submit all links and forms of the page along with the cookie permutations.
**Warning**: Will severely increase the scan-time.
*Warning*: Will severely increase the scan-time.
<h3 id='fuzz-methods'><a href='#fuzz-methods'>Fuzz methods (--fuzz-methods)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
If enabled Arachni will submit all links and forms using both the _GET_ and _POST_
HTTP request methods.
**Warning**: Will severely increase the scan-time.
*Warning*: Will severely increase the scan-time.
<h3 id='exclude-binaries'><a href='#exclude-binaries'>Exclude binaries (--exclude-binaries)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
Disables inclusion of binary HTTP response bodies in the audit.
**Note**: Binary content can confuse recon modules that perform pattern matching.
*Note*: Binary content can confuse recon modules that perform pattern matching.
<h2 id='modules'><a href='#modules'>Modules</a></h2>
<h3 id='lsmod'><a href='#lsmod'>List modules (--lsmod)</a></h3>
**Expects**: regular expression
**Default**: disabled OR .**
**Multiple invocations?**: yes
*Expects*: regular expression
*Default*: disabled OR .*
*Multiple invocations?*: yes
Tells Arachni to list all available modules based on the regular expressions provided and exit.
......@@ -908,7 +908,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] Available modules:
[**] code_injection:
[*] code_injection:
--------------------
Name: Code injection
Description: It tries to inject code snippets into the
......@@ -932,7 +932,7 @@ Targets:
Metasploitable: unix/webapp/arachni_php_eval
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/code_injection.rb
[**] path_traversal:
[*] path_traversal:
--------------------
Name: PathTraversal
Description: It injects paths of common files (/etc/passwd and boot.ini)
......@@ -951,7 +951,7 @@ Targets:
Metasploitable: unix/webapp/arachni_path_traversal
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/path_traversal.rb
[**] sqli_blind_rdiff:
[*] sqli_blind_rdiff:
--------------------
Name: Blind (rDiff) SQL Injection
Description: It uses rDiff analysis to decide how different inputs affect
......@@ -997,7 +997,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] Available modules:
[**] xss_path:
[*] xss_path:
--------------------
Name: XSSPath
Description: Cross-Site Scripting module for path injection
......@@ -1016,13 +1016,13 @@ Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/xs
<h3 id='modules'><a href='#modules'>Modules (--modules/-m)</a></h3>
**Expects**: modname,modname,... OR '**'
**Default**: '**' -- all modules
**Multiple invocations?**: no
*Expects*: modname,modname,... OR '*'
*Default*: '*' -- all modules
*Multiple invocations?*: no
Tells Arachni which modules to load.
Modules are referenced by their filename without the '.rb' extension, use '--lsmod' to see all.
You can specify the modules to load as comma separated values (without spaces) or '**' to load all modules.
You can specify the modules to load as comma separated values (without spaces) or '*' to load all modules.
You can prevent modules from loading by prefixing their name with a dash (-).
......@@ -1045,7 +1045,7 @@ $ arachni http://localhost/
Excluding modules:
```
$ arachni --modules=**,-backup_files,-xss http://www.test.com
$ arachni --modules=*,-backup_files,-xss http://www.test.com
```
The above will load all modules except for the 'backup_files' and 'xss' modules.
......@@ -1054,9 +1054,9 @@ The above will load all modules except for the 'backup_files' and 'xss' modules.
<h3 id='lsrep'><a href='#lsrep'>List reports (--lsrep)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
Lists all available reports.
......@@ -1084,7 +1084,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] Available reports:
[**] yaml:
[*] yaml:
--------------------
Name: YAML Report
Description: Exports the audit results as a YAML file.
......@@ -1098,7 +1098,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/yaml.rb
[**] txt:
[*] txt:
--------------------
Name: Text report
Description: Exports a report as a plain text file.
......@@ -1112,7 +1112,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.2.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/txt.rb
[**] xml:
[*] xml:
--------------------
Name: XML report
Description: Exports a report as an XML file.
......@@ -1126,7 +1126,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.2.2
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/xml.rb
[**] metareport:
[*] metareport:
--------------------
Name: Metareport
Description: Creates a file to be used with the Arachni MSF plug-in.
......@@ -1140,7 +1140,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/metareport.rb
[**] afr:
[*] afr:
--------------------
Name: Arachni Framework Report
Description: Saves the file in the default Arachni Framework Report (.afr) format.
......@@ -1154,7 +1154,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/afr.rb
[**] html:
[*] html:
--------------------
Name: HTML Report
Description: Exports a report as an HTML document.
......@@ -1173,7 +1173,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.3.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/html.rb
[**] ap:
[*] ap:
--------------------
Name: AP
Description: Awesome prints an AuditStore hash.
......@@ -1181,7 +1181,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/ap.rb
[**] marshal:
[*] marshal:
--------------------
Name: Marshal Report
Description: Exports the audit results as a Marshal file.
......@@ -1195,7 +1195,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/marshal.rb
[**] json:
[*] json:
--------------------
Name: JSON Report
Description: Exports the audit results as a JSON file.
......@@ -1209,7 +1209,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/json.rb
[**] stdout:
[*] stdout:
--------------------
Name: Stdout
Description: Prints the results to standard output.
......@@ -1221,9 +1221,9 @@ Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/stdout.r
<h3 id='repload'><a href='#repload'>Load a report (--repload)</a></h3>
**Expects**: Arachni Framework Report (.afr) file
**Default**: disabled
**Multiple invocations?**: no
*Expects*: Arachni Framework Report (.afr) file
*Default*: disabled
*Multiple invocations?*: no
Tells Arachni to load an Arachni Framework Report (.afr) file.
You can use this option to load a report file and convert it to another format.
......@@ -1264,12 +1264,12 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] URL: http://testfire.net/
[~] User agent: Arachni/v0.4.2
[**] Audited elements:
[~] ** Forms
[*] Audited elements:
[~] * Forms
[**] Modules: xss
[*] Modules: xss
[**] Cookies:
[*] Cookies:
[~] ASP.NET_SessionId = zdjkcj2t3qdmmw555alngpbm
[~] amSessionId = 203429333847
......@@ -1299,7 +1299,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] ha.ckers - http://ha.ckers.org/xss.html
[~] Secunia - http://secunia.com/advisories/9716/
[**] Variations
[*] Variations
[~] ----------
[~] Variation 1:
[~] URL: http://testfire.net/search.aspx
......@@ -1313,13 +1313,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] ---------------
[**] Resolver
[*] Resolver
[~] ~~~~~~~~~~~~~~
[~] Description: Resolves vulnerable hostnames to IP addresses.
[~] testfire.net: 65.61.137.117
[**] Health map
[*] Health map
[~] ~~~~~~~~~~~~~~
[~] Description: Generates a simple list of safe/unsafe URLs.
......@@ -1334,7 +1334,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[+] Without issues: 1
[-] With issues: 1 ( 50% )
[**] Profiler
[*] Profiler
[~] ~~~~~~~~~~~~~~
[~] Description: Examines the behavior of the web application gathering general statistics
and performs taint analysis to determine which inputs affect the output.
......@@ -1345,10 +1345,10 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[+] Form using the 'txtSearch' input at 'http://testfire.net/' pointing to 'http://testfire.net/search.aspx' using 'GET'.
[~] It was submitted using the following parameters:
[~] ** txtSearch = arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1
[~] * txtSearch = arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1
[~]
[~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1':
[~] ** Body
[~] * Body
```
......@@ -1366,16 +1366,16 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[**] Creating HTML report...
[**] Saved in '2012-09-09 02.43.42 +0300.html'.
[*] Creating HTML report...
[*] Saved in '2012-09-09 02.43.42 +0300.html'.
```
<h3 id='report'><a href='#report'>Report (--report)</a></h3>
**Expects**: repname
**Default**: stdout
**Multiple invocations?**: yes
*Expects*: repname
*Default*: stdout
*Multiple invocations?*: yes
Tells Arachni which report component to use.
Reports are referenced by their filename without the '.rb' extension, use '--lsrep' to see all.
......@@ -1398,64 +1398,64 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] No audit options were specified.
[~] -> Will audit links, forms and cookies.
[**] Initialising...
[**] Waiting for plugins to settle...
[**] [HTTP: 200] http://testfire.net/
[**] Harvesting HTTP responses...
[*] Initialising...
[*] Waiting for plugins to settle...
[*] [HTTP: 200] http://testfire.net/
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
[**] Auditing: [HTTP: 200] http://testfire.net/
[**] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] Harvesting HTTP responses...
[*] Auditing: [HTTP: 200] http://testfire.net/
[*] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
[*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
[*] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[*] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
[**] Profiler: Analyzing response #3...
[**] Profiler: Analyzing response #4...
[*] Profiler: Analyzing response #3...
[*] Profiler: Analyzing response #4...
[~] Trainer: Found 1 new links.
[**] Profiler: Analyzing response #5...
[**] Profiler: Analyzing response #6...
[**] XSS: Analyzing response #9...
[**] XSS: Analyzing response #10...
[*] Profiler: Analyzing response #5...
[*] Profiler: Analyzing response #6...
[*] XSS: Analyzing response #9...
[*] XSS: Analyzing response #10...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] XSS: Analyzing response #13...
[**] XSS: Analyzing response #14...
[*] XSS: Analyzing response #13...
[*] XSS: Analyzing response #14...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] XSS: Analyzing response #17...
[**] XSS: Analyzing response #18...
[*] XSS: Analyzing response #17...
[*] XSS: Analyzing response #18...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] Profiler: Analyzing response #8...
[**] Profiler: Analyzing response #7...
[**] XSS: Analyzing response #12...
[**] XSS: Analyzing response #11...
[**] XSS: Analyzing response #15...
[**] XSS: Analyzing response #16...
[**] XSS: Analyzing response #19...
[**] XSS: Analyzing response #20...
[*] Profiler: Analyzing response #8...
[*] Profiler: Analyzing response #7...
[*] XSS: Analyzing response #12...
[*] XSS: Analyzing response #11...
[*] XSS: Analyzing response #15...
[*] XSS: Analyzing response #16...
[*] XSS: Analyzing response #19...
[*] XSS: Analyzing response #20...
[**] Resolver: Resolving hostnames...
[**] Resolver: Done!
[*] Resolver: Resolving hostnames...
[*] Resolver: Done!
[**] Dumping audit results in '2012-09-09 02.45.19 +0300.afr'.
[**] Done!
[*] Dumping audit results in '2012-09-09 02.45.19 +0300.afr'.
[*] Done!
[**] Creating HTML report...
[**] Saved in 'my_html_report.html'.
[*] Creating HTML report...
[*] Saved in 'my_html_report.html'.
[~] 100.0% [>] 100%
[~] Est. remaining time: --:--:--
......@@ -1483,9 +1483,9 @@ Arachni - Web Application Security Scanner Framework v0.4.2
<h3 id='lsplug'><a href='#lsplug'>List plugins (--lsplug)</a></h3>
**Expects**: <n/a>
**Default**: disabled
**Multiple invocations?**: no
*Expects*: <n/a>
*Default*: disabled
*Multiple invocations?*: no
Lists all available plugins.
......@@ -1513,7 +1513,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] Available plugins:
[**] resolver:
[*] resolver:
--------------------
Name: Resolver
Description: Resolves vulnerable hostnames to IP addresses.
......@@ -1521,7 +1521,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1
Path: /home/zapotek/workspace/arachni/plugins/defaults/resolver.rb
[**] healthmap:
[*] healthmap:
--------------------
Name: Health map
Description: Generates a simple list of safe/unsafe URLs.
......@@ -1529,7 +1529,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.3
Path: /home/zapotek/workspace/arachni/plugins/defaults/healthmap.rb
[**] profiler:
[*] profiler:
--------------------
Name: Profiler
Description: Examines the behavior of the web application gathering general statistics
......@@ -1540,7 +1540,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.5
Path: /home/zapotek/workspace/arachni/plugins/defaults/profiler.rb
[**] uniformity:
[*] uniformity:
--------------------
Name: Uniformity (Lack of central sanitization)
Description: Analyzes the scan results and logs issues which persist across different pages.
......@@ -1550,7 +1550,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/uniformity.rb
[**] manual_verification:
[*] manual_verification:
--------------------
Name: Issues requiring manual verification
Description: The HTTP responses of the issues logged by this plugin exhibit a suspicious pattern
......@@ -1561,7 +1561,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/manual_verification.rb
[**] timing_attacks:
[*] timing_attacks:
--------------------
Name: Timing attack anomalies
Description: Analyzes the scan results and logs issues that used timing attacks
......@@ -1574,7 +1574,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.4
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/timing_attacks.rb
[**] discovery:
[*] discovery:
--------------------
Name: Discovery module response anomalies
Description: Analyzes the scan results and identifies issues logged by discovery modules
......@@ -1586,7 +1586,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/discovery.rb
[**] autothrottle:
[*] autothrottle:
--------------------
Name: AutoThrottle
Description: Monitors HTTP response times and automatically
......@@ -1596,7 +1596,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.3
Path: /home/zapotek/workspace/arachni/plugins/defaults/autothrottle.rb
[**] content_types:
[*] content_types:
--------------------
Name: Content-types
Description: Logs content-types of server responses.
......@@ -1612,7 +1612,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.4
Path: /home/zapotek/workspace/arachni/plugins/defaults/content_types.rb
[**] libnotify:
[*] libnotify:
--------------------
Name: libnotify
Description: Uses the libnotify library to send notifications for each discovered issue
......@@ -1627,7 +1627,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1
Path: /home/zapotek/workspace/arachni/plugins/libnotify.rb
[**] cookie_collector:
[*] cookie_collector:
--------------------
Name: Cookie collector
Description: Monitors and collects cookies while establishing a timeline of changes.
......@@ -1639,15 +1639,15 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.5
Path: /home/zapotek/workspace/arachni/plugins/cookie_collector.rb
[**] proxy:
[*] proxy:
--------------------
Name: Proxy
Description:
** Gathers data based on user actions and exchanged HTTP
* Gathers data based on user actions and exchanged HTTP
traffic and pushes that data to the framework's page-queue to be audited.
** Updates the framework cookies with the cookies of the HTTP requests and
* Updates the framework cookies with the cookies of the HTTP requests and
responses, thus it can also be used to login to a web application.
** Supports SSL interception.
* Supports SSL interception.
To skip crawling and only audit elements discovered by using the proxy
set '--link-count=0'.
......@@ -1671,7 +1671,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.2
Path: /home/zapotek/workspace/arachni/plugins/proxy.rb
[**] beep_notify:
[*] beep_notify:
--------------------
Name: Beep notify
Description: It beeps when the scan finishes.
......@@ -1690,7 +1690,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1
Path: /home/zapotek/workspace/arachni/plugins/beep_notify.rb
[**] rescan:
[*] rescan:
--------------------
Name: ReScan
Description: It uses the AFR report of a previous scan to
......@@ -1706,7 +1706,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/rescan.rb
[**] http_dicattack:
[*] http_dicattack:
--------------------
Name: HTTP dictionary attacker
Description: Uses wordlists to crack password protected directories.
......@@ -1728,15 +1728,15 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/http_dicattack.rb
[**] vector_feed:
[*] vector_feed:
--------------------
Name: Vector feed
Description: Reads in vector data from which it creates elements to be audited.
Can be used to perform extremely specialized/narrow audits on a per vector/element basis.
Notes:
** To only audit the vectors in the feed you must set the 'link-count' limit to 0 to prevent crawling.
** Can handle multiple YAML documents.
* To only audit the vectors in the feed you must set the 'link-count' limit to 0 to prevent crawling.
* Can handle multiple YAML documents.
Example YAML file:
-
......@@ -1805,7 +1805,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/vector_feed.rb
[**] script:
[*] script:
--------------------
Name: Script
Description: Loads and runs an external Ruby script under the scope of a plugin,
......@@ -1822,7 +1822,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1
Path: /home/zapotek/workspace/arachni/plugins/script.rb
[**] email_notify:
[*] email_notify:
--------------------
Name: E-mail notify
Description: Sends a notification (and optionally a report) over SMTP at the end of the scan.
......@@ -1886,7 +1886,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/email_notify.rb
[**] autologin:
[*] autologin:
--------------------
Name: AutoLogin
Description: It looks for the login form in the user provided URL,
......@@ -1914,7 +1914,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.5
Path: /home/zapotek/workspace/arachni/plugins/autologin.rb
[**] waf_detector:
[*] waf_detector:
--------------------
Name: WAF Detector
Description: Performs basic profiling on the web application
......@@ -1937,7 +1937,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/waf_detector.rb
[**] form_dicattack:
[*] form_dicattack:
--------------------
Name: Form dictionary attacker
Description: Uses wordlists to crack login forms.
......@@ -1979,9 +1979,9 @@ Path: /home/zapotek/workspace/arachni/plugins/form_dicattack.rb
<h3 id='plugin'><a href='#plugin'>Plugin (--plugin)</a></h3>
**Expects**: plugin name
**Default**: disabled
**Multiple invocations?**: yes
*Expects*: plugin name
*Default*: disabled
*Multiple invocations?*: yes
Tells Arachni which plugin components to run.
Plugins are referenced by their filename without the '.rb' extension, use '--lsplug' to see all.
......@@ -2007,95 +2007,95 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] No audit options were specified.
[~] -> Will audit links, forms and cookies.
[**] Initialising...
[*] Initialising...
[~] AutoLogin: System paused.
[**] Waiting for plugins to settle...
[**] AutoLogin: Found log-in form with name: login
[*] Waiting for plugins to settle...
[*] AutoLogin: Found log-in form with name: login
[+] AutoLogin: Form submitted successfully.
[~] AutoLogin: Cookies set to:
[~] AutoLogin: ** ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55
[~] AutoLogin: ** amSessionId = 204023334531
[~] AutoLogin: ** amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ=
[~] AutoLogin: ** amUserId = 100116014
[~] AutoLogin: ** amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9
[**] [HTTP: 200] http://testfire.net/
[**] Harvesting HTTP responses...
[~] AutoLogin: * ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55
[~] AutoLogin: * amSessionId = 204023334531
[~] AutoLogin: * amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ=
[~] AutoLogin: * amUserId = 100116014
[~] AutoLogin: * amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9
[*] [HTTP: 200] http://testfire.net/
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
[**] Auditing: [HTTP: 200] http://testfire.net/
[**] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] Profiler: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
[**] Profiler: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
[**] Profiler: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
[**] Harvesting HTTP responses...
[*] Auditing: [HTTP: 200] http://testfire.net/
[*] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
[*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
[*] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[*] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[*] Profiler: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
[*] Profiler: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
[*] Profiler: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
[*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
[*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
[*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
[*] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
[*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while.
[**] Profiler: Analyzing response #6...
[**] Profiler: Analyzing response #7...
[**] XSS: Analyzing response #26...
[**] XSS: Analyzing response #27...
[*] Profiler: Analyzing response #6...
[*] Profiler: Analyzing response #7...
[*] XSS: Analyzing response #26...
[*] XSS: Analyzing response #27...
[~] Trainer: Found 1 new links.
[**] Profiler: Analyzing response #9...
[**] Profiler: Analyzing response #8...
[**] XSS: Analyzing response #28...
[**] XSS: Analyzing response #15...
[**] XSS: Analyzing response #16...
[*] Profiler: Analyzing response #9...
[*] Profiler: Analyzing response #8...
[*] XSS: Analyzing response #28...
[*] XSS: Analyzing response #15...
[*] XSS: Analyzing response #16...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] XSS: Analyzing response #22...
[**] XSS: Analyzing response #30...
[*] XSS: Analyzing response #22...
[*] XSS: Analyzing response #30...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] Profiler: Analyzing response #10...
[**] XSS: Analyzing response #31...
[**] XSS: Analyzing response #32...
[**] Profiler: Analyzing response #11...
[**] Profiler: Analyzing response #12...
[**] Profiler: Analyzing response #14...
[**] Profiler: Analyzing response #13...
[**] XSS: Analyzing response #33...
[**] XSS: Analyzing response #17...
[**] XSS: Analyzing response #18...
[**] XSS: Analyzing response #19...
[**] XSS: Analyzing response #34...
[**] XSS: Analyzing response #20...
[**] XSS: Analyzing response #21...
[**] XSS: Analyzing response #23...
[*] Profiler: Analyzing response #10...
[*] XSS: Analyzing response #31...
[*] XSS: Analyzing response #32...
[*] Profiler: Analyzing response #11...
[*] Profiler: Analyzing response #12...
[*] Profiler: Analyzing response #14...
[*] Profiler: Analyzing response #13...
[*] XSS: Analyzing response #33...
[*] XSS: Analyzing response #17...
[*] XSS: Analyzing response #18...
[*] XSS: Analyzing response #19...
[*] XSS: Analyzing response #34...
[*] XSS: Analyzing response #20...
[*] XSS: Analyzing response #21...
[*] XSS: Analyzing response #23...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] XSS: Analyzing response #35...
[**] XSS: Analyzing response #24...
[**] XSS: Analyzing response #25...
[**] XSS: Analyzing response #29...
[*] XSS: Analyzing response #35...
[*] XSS: Analyzing response #24...
[*] XSS: Analyzing response #25...
[*] XSS: Analyzing response #29...
[**] Resolver: Resolving hostnames...
[**] Resolver: Done!
[*] Resolver: Resolving hostnames...
[*] Resolver: Done!
[**] Dumping audit results in '2012-09-09 02.48.17 +0300.afr'.
[**] Done!
[*] Dumping audit results in '2012-09-09 02.48.17 +0300.afr'.
[*] Done!
......@@ -2117,14 +2117,14 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] URL: http://testfire.net/
[~] User agent: Arachni/v0.4.2
[**] Audited elements:
[~] ** Links
[~] ** Forms
[~] ** Cookies
[*] Audited elements:
[~] * Links
[~] * Forms
[~] * Cookies
[**] Modules: xss
[*] Modules: xss
[**] Filters:
[*] Filters:
[~] Exclude:
[~] (?-mix:logout)
......@@ -2154,7 +2154,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] ha.ckers - http://ha.ckers.org/xss.html
[~] Secunia - http://secunia.com/advisories/9716/
[**] Variations
[*] Variations
[~] ----------
[~] Variation 1:
[~] URL: http://testfire.net/search.aspx
......@@ -2185,7 +2185,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] ha.ckers - http://ha.ckers.org/xss.html
[~] Secunia - http://secunia.com/advisories/9716/
[**] Variations
[*] Variations
[~] ----------
[~] Variation 1:
[~] URL: http://testfire.net/search.aspx?txtSearch=arachni_text
......@@ -2199,13 +2199,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] ---------------
[**] Resolver
[*] Resolver
[~] ~~~~~~~~~~~~~~
[~] Description: Resolves vulnerable hostnames to IP addresses.
[~] testfire.net: 65.61.137.117
[**] Health map
[*] Health map
[~] ~~~~~~~~~~~~~~
[~] Description: Generates a simple list of safe/unsafe URLs.
......@@ -2221,7 +2221,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[+] Without issues: 1
[-] With issues: 2 ( 67% )
[**] Profiler
[*] Profiler
[~] ~~~~~~~~~~~~~~
[~] Description: Examines the behavior of the web application gathering general statistics
and performs taint analysis to determine which inputs affect the output.
......@@ -2232,18 +2232,18 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[+] Form using the 'txtSearch' input at 'http://testfire.net/' pointing to 'http://testfire.net/search.aspx' using 'GET'.
[~] It was submitted using the following parameters:
[~] ** txtSearch = arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6
[~] * txtSearch = arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6
[~]
[~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6':
[~] ** Body
[~] * Body
[+] Link using the 'txtSearch' input at 'http://testfire.net/search.aspx?txtSearch=arachni_text' pointing to 'http://testfire.net/search.aspx?txtSearch=arachni_text' using 'GET'.
[~] It was submitted using the following parameters:
[~] ** txtSearch = arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056
[~] * txtSearch = arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056
[~]
[~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056':
[~] ** Body
[~] * Body
[**] AutoLogin
[*] AutoLogin
[~] ~~~~~~~~~~~~~~
[~] Description: It looks for the login form in the user provided URL,
merges its input fields with the user supplied parameters and sets the cookies
......@@ -2252,11 +2252,11 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[+] Form submitted successfully.
[~] Cookies set to:
[~] ** ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55
[~] ** amSessionId = 204023334531
[~] ** amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ=
[~] ** amUserId = 100116014
[~] ** amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9
[~] * ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55
[~] * amSessionId = 204023334531
[~] * amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ=
[~] * amUserId = 100116014
[~] * amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9
[~] 100.0% [>] 100%
[~] Est. remaining time: --:--:--
......@@ -2285,25 +2285,25 @@ Arachni - Web Application Security Scanner Framework v0.4.2
<h3 id='proxy_server'><a href='#proxy_server'>Proxy server (--proxy)</a></h3>
**Expects**: server:port
**Default**: disabled
**Multiple invocations?**: no
*Expects*: server:port
*Default*: disabled
*Multiple invocations?*: no
Tells Arachni to send all requests via a proxy server.
<h3 id='proxy-auth'><a href='#proxy-auth'>Proxy authentication (--proxy-auth)</a></h3>
**Expects**: username:password
**Default**: disabled
**Multiple invocations?**: no
*Expects*: username:password
*Default*: disabled
*Multiple invocations?*: no
Tells Arachni authenticate itself with the proxy server using the supplied username and password.
<h3 id='proxy-type'><a href='#proxy-type'>Proxy type (--proxy-type)</a></h3>
**Expects**: http, http_1_0, socks4, socks5, socks4a
**Default**: disabled OR http
**Multiple invocations?**: no
*Expects*: http, http_1_0, socks4, socks5, socks4a
*Default*: disabled OR http
*Multiple invocations?*: no
Tells Arachni what protocol to use to connect and comunicate with the proxy server.
......@@ -2336,12 +2336,12 @@ Arachni - Web Application Security Scanner Framework v0.4.2
--debug Show what is happening internally.
(You should give it a shot sometime ;) )
--only-positives Echo positive results **only**.
--only-positives Echo positive results *only*.
--http-req-limit=<integer> Concurrent HTTP requests limit.
(Default: 20)
(Be careful not to kill your server.)
(**NOTE**: If your scan seems unresponsive try lowering the limit.)
(*NOTE*: If your scan seems unresponsive try lowering the limit.)
--http-timeout=<integer> HTTP request timeout in milliseconds.
......@@ -2377,8 +2377,8 @@ Arachni - Web Application Security Scanner Framework v0.4.2
--load-profile=<filepath> Load a run profile from <filepath>.
(Can be used multiple times.)
(You can complement it with more options, except for:
** --modules
** --redundant)
* --modules
* --redundant)
--show-profile Will output the running profile as CLI arguments.
......@@ -2390,7 +2390,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
(Can be used multiple times.)
-i <regexp>
--include=<regexp> Include **only** urls matching <regex>.
--include=<regexp> Include *only* urls matching <regex>.
(Can be used multiple times.)
--redundant=<regexp>:<limit>
......@@ -2442,19 +2442,19 @@ Arachni - Web Application Security Scanner Framework v0.4.2
(Can be used multiple times.)
--audit-headers Audit HTTP headers.
(**NOTE**: Header audits use brute force.
(*NOTE*: Header audits use brute force.
Almost all valid HTTP request headers will be audited
even if there's no indication that the web app uses them.)
(**WARNING**: Enabling this option will result in increased requests,
(*WARNING*: Enabling this option will result in increased requests,
maybe by an order of magnitude.)
Coverage -----------------------
--audit-cookies-extensively Submit all links and forms of the page along with the cookie permutations.
(**WARNING**: This will severely increase the scan-time.)
(*WARNING*: This will severely increase the scan-time.)
--fuzz-methods Audit links, forms and cookies using both GET and POST requests.
(**WARNING**: This will severely increase the scan-time.)
(*WARNING*: This will severely increase the scan-time.)
--exclude-binaries Exclude non text-based pages from the audit.
(Binary content can confuse recon modules that perform pattern matching.)
......@@ -2471,17 +2471,17 @@ Arachni - Web Application Security Scanner Framework v0.4.2
Comma separated list of modules to load.
(Modules are referenced by their filename without the '.rb' extension, use '--lsmod' to list all.
Use '**' as a module name to deploy all modules or as a wildcard, like so:
xss** to load all xss modules
sqli** to load all sql injection modules
Use '*' as a module name to deploy all modules or as a wildcard, like so:
xss* to load all xss modules
sqli* to load all sql injection modules
etc.
You can exclude modules by prefixing their name with a minus sign:
--modules=**,-backup_files,-xss
--modules=*,-backup_files,-xss
The above will load all modules except for the 'backup_files' and 'xss' modules.
Or mix and match:
-xss** to unload all xss modules.)
-xss* to unload all xss modules.)
Reports ------------------------
......