Skip to content
GitLab

Command line user interface · Changes

Page history
Fixing markdown authored by Tasos Laskos's avatar Tasos Laskos
Show whitespace changes
Inline Side-by-side
guides/user/Command-line-user-interface.md
View page @ fbfe150c
...@@ -39,23 +39,23 @@ or any other report type as shown by: ...@@ -39,23 +39,23 @@ or any other report type as shown by:
$ arachni --lsrep $ arachni --lsrep
#### You can make module loading easier by using wildcards (**) and exclusions (-). #### You can make module loading easier by using wildcards (*) and exclusions (-).
To load all `xss` modules using a wildcard: To load all `xss` modules using a wildcard:
$ arachni http://example.net --modules=xss** $ arachni http://example.net --modules=xss*
To load all _audit_ modules using a wildcard: To load all _audit_ modules using a wildcard:
$ arachni http://example.net --modules=audit/** $ arachni http://example.net --modules=audit/*
To exclude only the _csrf_ module: To exclude only the _csrf_ module:
$ arachni http://example.net --modules=**,-csrf $ arachni http://example.net --modules=*,-csrf
Or you can mix and match; to run everything but the _xss_ modules: Or you can mix and match; to run everything but the _xss_ modules:
$ arachni http://example.net --modules=**,-xss** $ arachni http://example.net --modules=*,-xss*
#### Performing a full scan quickly #### Performing a full scan quickly
...@@ -76,94 +76,94 @@ in your gems path._ ...@@ -76,94 +76,94 @@ in your gems path._
[Command Line Interface help output](#cli_help_output) [Command Line Interface help output](#cli_help_output)
** [General](#general) * [General](#general)
** [Version (--version)](#version) * [Version (--version)](#version)
** [Verbosity (-v)](#verbosity) * [Verbosity (-v)](#verbosity)
** [Example](#verbosity_example) * [Example](#verbosity_example)
** [Debug mode (--debug)](#debug) * [Debug mode (--debug)](#debug)
** [Only positives (--only-positives)](#only-positives) * [Only positives (--only-positives)](#only-positives)
** [HTTP request limit (--http-req-limit)](#http-req-limit) * [HTTP request limit (--http-req-limit)](#http-req-limit)
** [HTTP request timeout (--http-timeout)](#http-timeout) * [HTTP request timeout (--http-timeout)](#http-timeout)
** [HTTPS only (--https-only)](#https-only) * [HTTPS only (--https-only)](#https-only)
** [Cookie jar (--cookie-jar)](#cookie-jar) * [Cookie jar (--cookie-jar)](#cookie-jar)
** [Cookie string (--cookie-string)](#cookie-string) * [Cookie string (--cookie-string)](#cookie-string)
** [User agent (--user-agent)](#user-agent) * [User agent (--user-agent)](#user-agent)
** [Custom header (--custom-header)](#custom-header) * [Custom header (--custom-header)](#custom-header)
** [Example](#custom-header_example) * [Example](#custom-header_example)
** [Authorized by (--authed-by)](#authed-by) * [Authorized by (--authed-by)](#authed-by)
** [Example](#authed-by_example) * [Example](#authed-by_example)
** [Login check URL (--login-check-url)](#login-check-url) * [Login check URL (--login-check-url)](#login-check-url)
** [Login check pattern (--login-check-pattern)](#login-check-pattern) * [Login check pattern (--login-check-pattern)](#login-check-pattern)
** [Profiles](#profiles) * [Profiles](#profiles)
** [Save profile (--save-profile)](#save-profile) * [Save profile (--save-profile)](#save-profile)
** [Example](#save-profile_example) * [Example](#save-profile_example)
** [Load profile (--load-profile)](#load-profile) * [Load profile (--load-profile)](#load-profile)
** [Example](#load-profile_example) * [Example](#load-profile_example)
** [Show profile (--show-profile)](#show-profile) * [Show profile (--show-profile)](#show-profile)
** [Example](#show-profile_example) * [Example](#show-profile_example)
** [Crawler](#crawler) * [Crawler](#crawler)
** [Exclude (--exclude/-e)](#exclude) * [Exclude (--exclude/-e)](#exclude)
** [Example](#exclude_example) * [Example](#exclude_example)
** [Exclude page by content (--exclude-page)](#exclude-page) * [Exclude page by content (--exclude-page)](#exclude-page)
** [Example](#exclude-page_example) * [Example](#exclude-page_example)
** [Include (--include/-i)](#include) * [Include (--include/-i)](#include)
** [Redundant (--redundant)](#redundant) * [Redundant (--redundant)](#redundant)
** [Audo-redundant (--auto-redundant)](#auto-redundant) * [Audo-redundant (--auto-redundant)](#auto-redundant)
** [Example](#auto-redundant_example) * [Example](#auto-redundant_example)
** [Follow subdomains (-f/--follow-subdomains)](#follow-subdomains) * [Follow subdomains (-f/--follow-subdomains)](#follow-subdomains)
** [Depth limit (--depth)](#depth) * [Depth limit (--depth)](#depth)
** [Link count limit (--link-count)](#link-count) * [Link count limit (--link-count)](#link-count)
** [Redirect limit (--redirect-limit)](#redirect-limit) * [Redirect limit (--redirect-limit)](#redirect-limit)
** [Extend paths (--extend-paths)](#extend-paths) * [Extend paths (--extend-paths)](#extend-paths)
** [Restrict paths (--restrict-paths)](#restrict-paths) * [Restrict paths (--restrict-paths)](#restrict-paths)
** [Auditor](#auditor) * [Auditor](#auditor)
** [Audit links (--audit-links/-g)](#audit-links) * [Audit links (--audit-links/-g)](#audit-links)
** [Audit forms (--audit-forms/-p)](#audit-forms) * [Audit forms (--audit-forms/-p)](#audit-forms)
** [Audit cookies (--audit-cookies/-c)](#audit-cookies) * [Audit cookies (--audit-cookies/-c)](#audit-cookies)
** [Exclude cookie (--exclude-cookie)](#exclude-cookie) * [Exclude cookie (--exclude-cookie)](#exclude-cookie)
** [Exclude vector (--exclude-vector)](#exclude-vector) * [Exclude vector (--exclude-vector)](#exclude-vector)
** [Audit headers (--audit-headers)](#audit-headers) * [Audit headers (--audit-headers)](#audit-headers)
** [Coverage](#coverage) * [Coverage](#coverage)
** [Audit cookies extensively (--audit-cookies-extensively)](#audit-cookies-extensively) * [Audit cookies extensively (--audit-cookies-extensively)](#audit-cookies-extensively)
** [Fuzz methods (--fuzz-methods)](#fuzz-methods) * [Fuzz methods (--fuzz-methods)](#fuzz-methods)
** [Exclude binaries (--exclude-binaries)](#exclude-binaries) * [Exclude binaries (--exclude-binaries)](#exclude-binaries)
** [Modules](#modules) * [Modules](#modules)
** [List modules (--lsmod)](#lsmod) * [List modules (--lsmod)](#lsmod)
** [Example](#lsmod_example) * [Example](#lsmod_example)
** [Modules (--modules/-m)](#modules) * [Modules (--modules/-m)](#modules)
** [Example](#mods_example) * [Example](#mods_example)
** [Reports](#reports) * [Reports](#reports)
** [List reports (--lsrep)](#lsrep) * [List reports (--lsrep)](#lsrep)
** [Example](#lsrep_example) * [Example](#lsrep_example)
** [Load a report (--repload)](#repload) * [Load a report (--repload)](#repload)
** [Example](#repload_example) * [Example](#repload_example)
** [Report (--report)](#report) * [Report (--report)](#report)
** [Example](#report_example) * [Example](#report_example)
** [Plugins](#plugins) * [Plugins](#plugins)
** [List plugins (--lsplug)](#lsplug) * [List plugins (--lsplug)](#lsplug)
** [Example](#lsplug_example) * [Example](#lsplug_example)
** [Load a plugin (--plugin)](#plugin) * [Load a plugin (--plugin)](#plugin)
** [Example](#plugin_example) * [Example](#plugin_example)
** [Proxy](#proxy) * [Proxy](#proxy)
** [Proxy server (--proxy)](#proxy_server) * [Proxy server (--proxy)](#proxy_server)
** [Proxy authentication (--proxy-auth)](#proxy-auth) * [Proxy authentication (--proxy-auth)](#proxy-auth)
** [Proxy type (--proxy-type)](#proxy-type) * [Proxy type (--proxy-type)](#proxy-type)
<h2 id='general'><a href='#general'>General</a></h2> <h2 id='general'><a href='#general'>General</a></h2>
<h3 id='version'><a href='#version'>Version (--version)</a></h3> <h3 id='version'><a href='#version'>Version (--version)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Outputs the Arachni banner and version information. Outputs the Arachni banner and version information.
<h3 id='verbosity'><a href='#verbosity'>Verbosity (-v)</a></h3> <h3 id='verbosity'><a href='#verbosity'>Verbosity (-v)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
When verbosity is enabled Arachni will give you detailed information about what's going on during the whole process. When verbosity is enabled Arachni will give you detailed information about what's going on during the whole process.
...@@ -176,14 +176,14 @@ Let's give this a try: ...@@ -176,14 +176,14 @@ Let's give this a try:
This will load the XSS module and audit all the forms in "http://testfire.net/". This will load the XSS module and audit all the forms in "http://testfire.net/".
**Verbose mode disabled** *Verbose mode disabled*
Observe that there's no _-v_ flag in the following run. Observe that there's no _-v_ flag in the following run.
_Don't worry about the rest of the parameters right now._ _Don't worry about the rest of the parameters right now._
**Quick note:** *Quick note:*
Arachni's output messages are classified into several categories, each of them prefixed with a different colored symbol. Arachni's output messages are classified into several categories, each of them prefixed with a different colored symbol.
"[**]" messages are status messages. "[*]" messages are status messages.
"[+]" messages are "ok" messages - positive matches. "[+]" messages are "ok" messages - positive matches.
_I won't bother with coloring during the examples._ _I won't bother with coloring during the examples._
...@@ -198,35 +198,35 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -198,35 +198,35 @@ Arachni - Web Application Security Scanner Framework v0.4.2
Documentation: http://arachni-scanner.com/wiki Documentation: http://arachni-scanner.com/wiki
[**] Initialising... [*] Initialising...
[**] Waiting for plugins to settle... [*] Waiting for plugins to settle...
[**] [HTTP: 200] http://testfire.net/ [*] [HTTP: 200] http://testfire.net/
[**] Harvesting HTTP responses... [*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while. [~] Depending on server responsiveness and network conditions this may take a while.
[**] Auditing: [HTTP: 200] http://testfire.net/ [*] Auditing: [HTTP: 200] http://testfire.net/
[**] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'. [*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'. [*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] Harvesting HTTP responses... [*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while. [~] Depending on server responsiveness and network conditions this may take a while.
[**] Profiler: Analyzing response #3... [*] Profiler: Analyzing response #3...
[~] Trainer: Found 1 new links. [~] Trainer: Found 1 new links.
[**] Profiler: Analyzing response #4... [*] Profiler: Analyzing response #4...
[**] Profiler: Analyzing response #5... [*] Profiler: Analyzing response #5...
[**] XSS: Analyzing response #6... [*] XSS: Analyzing response #6...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx ) [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] XSS: Analyzing response #7... [*] XSS: Analyzing response #7...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx ) [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] XSS: Analyzing response #8... [*] XSS: Analyzing response #8...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx ) [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
``` ```
**Verbose mode enabled** *Verbose mode enabled*
See the extra information in this example. See the extra information in this example.
"[v]" messages are verbose messages. "[v]" messages are verbose messages.
...@@ -244,34 +244,34 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -244,34 +244,34 @@ Arachni - Web Application Security Scanner Framework v0.4.2
Documentation: http://arachni-scanner.com/wiki Documentation: http://arachni-scanner.com/wiki
[**] Initialising... [*] Initialising...
[**] Waiting for plugins to settle... [*] Waiting for plugins to settle...
[**] [HTTP: 200] http://testfire.net/ [*] [HTTP: 200] http://testfire.net/
[**] Harvesting HTTP responses... [*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while. [~] Depending on server responsiveness and network conditions this may take a while.
[**] Auditing: [HTTP: 200] http://testfire.net/ [*] Auditing: [HTTP: 200] http://testfire.net/
[**] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'. [*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'. [*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] Harvesting HTTP responses... [*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while. [~] Depending on server responsiveness and network conditions this may take a while.
[**] Profiler: Analyzing response #3... [*] Profiler: Analyzing response #3...
[~] Trainer: Found 1 new links. [~] Trainer: Found 1 new links.
[**] Profiler: Analyzing response #4... [*] Profiler: Analyzing response #4...
[**] Profiler: Analyzing response #5... [*] Profiler: Analyzing response #5...
[**] XSS: Analyzing response #6... [*] XSS: Analyzing response #6...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx ) [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[v] XSS: Injected string: <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> [v] XSS: Injected string: <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
[v] XSS: Verified string: <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> [v] XSS: Verified string: <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
[**] XSS: Analyzing response #7... [*] XSS: Analyzing response #7...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx ) [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[v] XSS: Injected string: '-;<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> [v] XSS: Injected string: '-;<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
[v] XSS: Verified string: '-;<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> [v] XSS: Verified string: '-;<some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/>
[**] XSS: Analyzing response #8... [*] XSS: Analyzing response #8...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx ) [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[v] XSS: Injected string: --> <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> <!-- [v] XSS: Injected string: --> <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> <!--
[v] XSS: Verified string: --> <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> <!-- [v] XSS: Verified string: --> <some_dangerous_input_e9829177cc9e8bbc164a5c96acf12b2a477beda9b268a18fcc63a99a9f134c8c/> <!--
...@@ -280,9 +280,9 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -280,9 +280,9 @@ Arachni - Web Application Security Scanner Framework v0.4.2
<h3 id='debug'><a href='debug'>Debug mode (--debug)</a></h3> <h3 id='debug'><a href='debug'>Debug mode (--debug)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
When this flag is enabled the system will output a lot of messages detailing what's happening internally. When this flag is enabled the system will output a lot of messages detailing what's happening internally.
...@@ -333,7 +333,7 @@ $ cat debug.log ...@@ -333,7 +333,7 @@ $ cat debug.log
[!] URL: http://localhost/~zapotek/tests/forms/xss.php [!] URL: http://localhost/~zapotek/tests/forms/xss.php
[!] Method: post [!] Method: post
[!] Params: {"xss"=>""} [!] Params: {"xss"=>""}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"} [!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Train?: true [!] Train?: true
[!] ------------ [!] ------------
[!] XSS: Current audit ID: XSS:http://localhost/~zapotek/tests/forms/xss.php:form:["xss"]=__sample_values__ [!] XSS: Current audit ID: XSS:http://localhost/~zapotek/tests/forms/xss.php:form:["xss"]=__sample_values__
...@@ -345,7 +345,7 @@ $ cat debug.log ...@@ -345,7 +345,7 @@ $ cat debug.log
[!] URL: http://localhost/~zapotek/tests/forms/xss.php [!] URL: http://localhost/~zapotek/tests/forms/xss.php
[!] Method: post [!] Method: post
[!] Params: {"xss"=>"1"} [!] Params: {"xss"=>"1"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"} [!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Train?: true [!] Train?: true
[!] ------------ [!] ------------
[!] ------------ [!] ------------
...@@ -354,7 +354,7 @@ $ cat debug.log ...@@ -354,7 +354,7 @@ $ cat debug.log
[!] URL: http://localhost/~zapotek/tests/forms/xss.php [!] URL: http://localhost/~zapotek/tests/forms/xss.php
[!] Method: post [!] Method: post
[!] Params: {"xss"=>"1<arachni_xss_5e2e830ed4f831cb30df6df05151022b94cd27991b459ae8c3b349e2bbd2dad1\x00"} [!] Params: {"xss"=>"1<arachni_xss_5e2e830ed4f831cb30df6df05151022b94cd27991b459ae8c3b349e2bbd2dad1\x00"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"} [!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Train?: false [!] Train?: false
[!] ------------ [!] ------------
[!] ------------ [!] ------------
...@@ -363,7 +363,7 @@ $ cat debug.log ...@@ -363,7 +363,7 @@ $ cat debug.log
[!] URL: http://localhost/~zapotek/tests/forms/xss.php [!] URL: http://localhost/~zapotek/tests/forms/xss.php
[!] Method: post [!] Method: post
[!] Params: {"xss"=>"1<arachni_xss_5e2e830ed4f831cb30df6df05151022b94cd27991b459ae8c3b349e2bbd2dad1\x00"} [!] Params: {"xss"=>"1<arachni_xss_5e2e830ed4f831cb30df6df05151022b94cd27991b459ae8c3b349e2bbd2dad1\x00"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"} [!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Train?: false [!] Train?: false
[!] ------------ [!] ------------
[!] XSS: Request ID: 2 [!] XSS: Request ID: 2
...@@ -373,7 +373,7 @@ $ cat debug.log ...@@ -373,7 +373,7 @@ $ cat debug.log
[!] URL: http://localhost/~zapotek/tests/forms/xss.php [!] URL: http://localhost/~zapotek/tests/forms/xss.php
[!] Method: post [!] Method: post
[!] Params: {"xss"=>""} [!] Params: {"xss"=>""}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"} [!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Train?: true [!] Train?: true
[!] ------------ [!] ------------
[!] Trainer: Started for response with request ID: #0 [!] Trainer: Started for response with request ID: #0
...@@ -384,7 +384,7 @@ $ cat debug.log ...@@ -384,7 +384,7 @@ $ cat debug.log
[!] URL: http://localhost/~zapotek/tests/forms/xss.php [!] URL: http://localhost/~zapotek/tests/forms/xss.php
[!] Method: post [!] Method: post
[!] Params: {"xss"=>"1"} [!] Params: {"xss"=>"1"}
[!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,**/**;q=0.8", "User-Agent"=>"Arachni/0.2.1"} [!] Headers: {"cookie"=>"", "From"=>"", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/0.2.1"}
[!] Train?: true [!] Train?: true
[!] ------------ [!] ------------
[!] Trainer: Started for response with request ID: #1 [!] Trainer: Started for response with request ID: #1
...@@ -394,46 +394,46 @@ $ cat debug.log ...@@ -394,46 +394,46 @@ $ cat debug.log
<h3 id='only-positives'><a href='#only-positives'>Only positives (--only-positives)</a></h3> <h3 id='only-positives'><a href='#only-positives'>Only positives (--only-positives)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
This will suppress all messages except for positive matches -- vulnerabilities. This will suppress all messages except for positive matches -- vulnerabilities.
<h3 id='http-req-limit'><a href='#http-req-limit'>HTTP request limit (--http-req-limit)</a></h3> <h3 id='http-req-limit'><a href='#http-req-limit'>HTTP request limit (--http-req-limit)</a></h3>
**Expects**: integer *Expects*: integer
**Default**: 60 *Default*: 60
**Multiple invocations?**: no *Multiple invocations?*: no
Limit how many concurrent HTTP request are sent. Limit how many concurrent HTTP request are sent.
**Note**: If your scan seems unresponsive try lowering the limit. *Note*: If your scan seems unresponsive try lowering the limit.
**Warning**: Given enough bandwidth and a high limit it could cause a DoS. *Warning*: Given enough bandwidth and a high limit it could cause a DoS.
Be careful when setting this option too high, don't kill your server. Be careful when setting this option too high, don't kill your server.
<h3 id='http-timeout'><a href='#http-timeout'>HTTP timeout (--http-timeout)</a></h3> <h3 id='http-timeout'><a href='#http-timeout'>HTTP timeout (--http-timeout)</a></h3>
**Expects**: integer (milliseconds) *Expects*: integer (milliseconds)
**Default**: 50000 *Default*: 50000
**Multiple invocations?**: no *Multiple invocations?*: no
Limit how long the HTTP client should wait for a response from the server. Limit how long the HTTP client should wait for a response from the server.
<h3 id='https-only'><a href='#https-only'>HTTP timeout (--https-only)</a></h3> <h3 id='https-only'><a href='#https-only'>HTTP timeout (--https-only)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Forces the system to only follow HTTPS URLs. Forces the system to only follow HTTPS URLs.
_(Target URL must be an HTTPS one as well.)_ _(Target URL must be an HTTPS one as well.)_
<h3 id='cookie-jar'><a href='#cookie-jar'>Cookie jar (--cookie-jar)</a></h3> <h3 id='cookie-jar'><a href='#cookie-jar'>Cookie jar (--cookie-jar)</a></h3>
**Expects**: cookiejar file *Expects*: cookiejar file
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Arachni allows you to pass your own cookies in the form of a Netscape cookie-jar file. Arachni allows you to pass your own cookies in the form of a Netscape cookie-jar file.
If you want to audit restricted parts of a website that are accessible only to logged in users you should pass the session cookies to Arachni. If you want to audit restricted parts of a website that are accessible only to logged in users you should pass the session cookies to Arachni.
...@@ -442,13 +442,13 @@ There's a number of ways to do that, I've found that Firebug's export cookie fea ...@@ -442,13 +442,13 @@ There's a number of ways to do that, I've found that Firebug's export cookie fea
You should also take a look at the _--exclude-cookie_ option discussed later. You should also take a look at the _--exclude-cookie_ option discussed later.
**Note**: If you don't feel comfortable setting your own cookie-jar you can use the Proxy or AutoLogin plugin to login to the web application. *Note*: If you don't feel comfortable setting your own cookie-jar you can use the Proxy or AutoLogin plugin to login to the web application.
<h3 id='cookie-string'><a href='#cookie-string'>Cookie string (--cookie-string)</a></h3> <h3 id='cookie-string'><a href='#cookie-string'>Cookie string (--cookie-string)</a></h3>
**Expects**: string *Expects*: string
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Cookies, as a string, to be sent to the web application. Cookies, as a string, to be sent to the web application.
...@@ -460,18 +460,18 @@ Cookies, as a string, to be sent to the web application. ...@@ -460,18 +460,18 @@ Cookies, as a string, to be sent to the web application.
<h3 id='user-agent'><a href='#user-agent'>User agent (--user-agent)</a></h3> <h3 id='user-agent'><a href='#user-agent'>User agent (--user-agent)</a></h3>
**Expects**: string *Expects*: string
**Default**: "Arachni/<version>" *Default*: "Arachni/<version>"
**Multiple invocations?**: no *Multiple invocations?*: no
You can pass your own user agent string which will be sent to the webserver under audit. You can pass your own user agent string which will be sent to the webserver under audit.
Default is _Arachni/&lt;version&gt;_. Default is _Arachni/&lt;version&gt;_.
<h3 id='custom-header'><a href='#custom-header'>Custom header (--custom-header)</a></h3> <h3 id='custom-header'><a href='#custom-header'>Custom header (--custom-header)</a></h3>
**Expects**: string *Expects*: string
**Default**: disabled *Default*: disabled
**Multiple invocations?**: yes *Multiple invocations?*: yes
Allows you to specify custom headers in the form of key-value pairs. Allows you to specify custom headers in the form of key-value pairs.
...@@ -484,9 +484,9 @@ Allows you to specify custom headers in the form of key-value pairs. ...@@ -484,9 +484,9 @@ Allows you to specify custom headers in the form of key-value pairs.
<h3 id='authed-by'><a href='#authed-by'>Authorized by (--authed-by)</a></h3> <h3 id='authed-by'><a href='#authed-by'>Authorized by (--authed-by)</a></h3>
**Expects**: string *Expects*: string
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
The string passed to this option will be included in the user-agent string and be the value of the "From" HTTP header field. The string passed to this option will be included in the user-agent string and be the value of the "From" HTTP header field.
...@@ -500,10 +500,10 @@ The _--authed-by_ value should contain information about the person who authoriz ...@@ -500,10 +500,10 @@ The _--authed-by_ value should contain information about the person who authoriz
<h3 id='login-check-url'><a href='#login-check-url'>Login check URL (--login-check-url)</a></h3> <h3 id='login-check-url'><a href='#login-check-url'>Login check URL (--login-check-url)</a></h3>
**Expects**: string *Expects*: string
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
**Requires**: "login-check-pattern":#login-check-pattern *Requires*: "login-check-pattern":#login-check-pattern
The URL passed to this option will be used to verify that the scanner is still The URL passed to this option will be used to verify that the scanner is still
logged in to the web application. logged in to the web application.
...@@ -513,10 +513,10 @@ this should indicate that the scanner is logged in. ...@@ -513,10 +513,10 @@ this should indicate that the scanner is logged in.
<h3 id='login-check-pattern'><a href='#login-check-pattern'>Login check pattern (--login-check-pattern)</a></h3> <h3 id='login-check-pattern'><a href='#login-check-pattern'>Login check pattern (--login-check-pattern)</a></h3>
**Expects**: string *Expects*: string
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
**Requires**: "login-check-url":#login-check-url *Requires*: "login-check-url":#login-check-url
A pattern used against the body of the "login-check-url":#login-check-url to A pattern used against the body of the "login-check-url":#login-check-url to
verify that the scanner is still logged in to the web application. verify that the scanner is still logged in to the web application.
...@@ -527,9 +527,9 @@ A positive match should indicate that the scanner is logged in. ...@@ -527,9 +527,9 @@ A positive match should indicate that the scanner is logged in.
<h3 id='save-profile'><a href='#save-profile'>Save profile (--save-profile)</a></h3> <h3 id='save-profile'><a href='#save-profile'>Save profile (--save-profile)</a></h3>
**Expects**: filename *Expects*: filename
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
This option allows you to save your current running configuration, all the options passed to Arachni, to an Arachni Framework Profile (.afp) file. This option allows you to save your current running configuration, all the options passed to Arachni, to an Arachni Framework Profile (.afp) file.
...@@ -542,9 +542,9 @@ This option allows you to save your current running configuration, all the optio ...@@ -542,9 +542,9 @@ This option allows you to save your current running configuration, all the optio
<h3 id='load-profile'><a href='#load-profile'>Load profile (--load-profile)</a></h3> <h3 id='load-profile'><a href='#load-profile'>Load profile (--load-profile)</a></h3>
**Expects**: Arachni Framework Profile (.afp) file *Expects*: Arachni Framework Profile (.afp) file
**Default**: disabled *Default*: disabled
**Multiple invocations?**: yes *Multiple invocations?*: yes
This option allows you to load and run a saved profile. This option allows you to load and run a saved profile.
The load profile option does not restrict your ability to specify more options or even resave the profile. The load profile option does not restrict your ability to specify more options or even resave the profile.
...@@ -557,9 +557,9 @@ The load profile option does not restrict your ability to specify more options o ...@@ -557,9 +557,9 @@ The load profile option does not restrict your ability to specify more options o
<h3 id='show-profile'><a href='#show-profile'>Show profile (--show-profile)</a></h3> <h3 id='show-profile'><a href='#show-profile'>Show profile (--show-profile)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
This option will output the running configuration as a string of command line arguments. This option will output the running configuration as a string of command line arguments.
...@@ -572,9 +572,9 @@ This option will output the running configuration as a string of command line ar ...@@ -572,9 +572,9 @@ This option will output the running configuration as a string of command line ar
<h3 id='exclude'><a href='#exclude'>Exclude (--exclude/-e)</a></h3> <h3 id='exclude'><a href='#exclude'>Exclude (--exclude/-e)</a></h3>
**Expects**: regexp *Expects*: regexp
**Default**: disabled *Default*: disabled
**Multiple invocations?**: yes *Multiple invocations?*: yes
The _--exclude_ option expects a regular expression or plain string and excludes URLs matching that expression from the crawling process. The _--exclude_ option expects a regular expression or plain string and excludes URLs matching that expression from the crawling process.
...@@ -597,13 +597,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -597,13 +597,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] No audit options were specified. [~] No audit options were specified.
[~] -> Will audit links, forms and cookies. [~] -> Will audit links, forms and cookies.
[**] Initialising... [*] Initialising...
[**] Waiting for plugins to settle... [*] Waiting for plugins to settle...
[**] Resolver: Resolving hostnames... [*] Resolver: Resolving hostnames...
[**] Resolver: Done! [*] Resolver: Done!
[**] Dumping audit results in '2012-09-09 02.38.18 +0300.afr'. [*] Dumping audit results in '2012-09-09 02.38.18 +0300.afr'.
[**] Done! [*] Done!
...@@ -625,14 +625,14 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -625,14 +625,14 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] URL: http://testfire.net/ [~] URL: http://testfire.net/
[~] User agent: Arachni/v0.4.2 [~] User agent: Arachni/v0.4.2
[**] Audited elements: [*] Audited elements:
[~] ** Links [~] * Links
[~] ** Forms [~] * Forms
[~] ** Cookies [~] * Cookies
[**] Modules: xss [*] Modules: xss
[**] Filters: [*] Filters:
[~] Exclude: [~] Exclude:
[~] (?-mix:testfire) [~] (?-mix:testfire)
...@@ -668,27 +668,27 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -668,27 +668,27 @@ Arachni - Web Application Security Scanner Framework v0.4.2
<h3 id='exclude-page'><a href='#exclude-page'>Exclude page by content (--exclude-page)</a></h3> <h3 id='exclude-page'><a href='#exclude-page'>Exclude page by content (--exclude-page)</a></h3>
**Expects**: regexp *Expects*: regexp
**Default**: disabled *Default*: disabled
**Multiple invocations?**: yes *Multiple invocations?*: yes
The _--exclude-page_ option expects a regular expression or plain string The _--exclude-page_ option expects a regular expression or plain string
and excludes pages whose content matching that expression from the crawl process. and excludes pages whose content matching that expression from the crawl process.
<h3 id='include'><a href='#include'>Include (--include/-i)</a></h3> <h3 id='include'><a href='#include'>Include (--include/-i)</a></h3>
**Expects**: regexp *Expects*: regexp
**Default**: '.**' *Default*: '.*'
**Multiple invocations?**: yes *Multiple invocations?*: yes
This is the exact oposite of the _--exclude_ option. This is the exact oposite of the _--exclude_ option.
When a regular expression is passed to the _--include_ option, **only** URLs matching that regular expression will be crawled. When a regular expression is passed to the _--include_ option, *only* URLs matching that regular expression will be crawled.
<h3 id='redundant'><a href='#redundant'>Redundant (--redundant)</a></h3> <h3 id='redundant'><a href='#redundant'>Redundant (--redundant)</a></h3>
**Expects**: regexp:integer *Expects*: regexp:integer
**Default**: disabled *Default*: disabled
**Multiple invocations?**: yes *Multiple invocations?*: yes
The redundant option expects a regular expression and a counter, like so: The redundant option expects a regular expression and a counter, like so:
...@@ -701,9 +701,9 @@ This option is useful when auditing a website that has a lot of redundant pages ...@@ -701,9 +701,9 @@ This option is useful when auditing a website that has a lot of redundant pages
<h3 id='auto-redundant'><a href='#auto-redundant'>Auto-redundant (--auto-redundant)</a></h3> <h3 id='auto-redundant'><a href='#auto-redundant'>Auto-redundant (--auto-redundant)</a></h3>
**Expects**: integer *Expects*: integer
**Default**: disabled (with a value of 10 if none has been specified) *Default*: disabled (with a value of 10 if none has been specified)
**Multiple invocations?**: no *Multiple invocations?*: no
The auto-redundant option sets the limit of how many URLs with identical parameters The auto-redundant option sets the limit of how many URLs with identical parameters
should be followed. should be followed.
...@@ -735,50 +735,50 @@ http://test.com/path.php?stuff=blah&stuff2=1 ...@@ -735,50 +735,50 @@ http://test.com/path.php?stuff=blah&stuff2=1
<h3 id='follow-subdomains'><a href='#follow-subdomains'>Follow subdomains (-f/--follow-subdomains)</a></h3> <h3 id='follow-subdomains'><a href='#follow-subdomains'>Follow subdomains (-f/--follow-subdomains)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
This flag will cause Arachni to follow links to subdomains. This flag will cause Arachni to follow links to subdomains.
<h3 id='depth'><a href='#depth'>Depth limit (--depth)</a></h3> <h3 id='depth'><a href='#depth'>Depth limit (--depth)</a></h3>
**Expects**: integer *Expects*: integer
**Default**: infinite *Default*: infinite
**Multiple invocations?**: no *Multiple invocations?*: no
It specifies how deep into the site structure the crawler should go. It specifies how deep into the site structure the crawler should go.
<h3 id='link-count'><a href='#link-count'>Link count limit (--link-count)</a></h3> <h3 id='link-count'><a href='#link-count'>Link count limit (--link-count)</a></h3>
**Expects**: integer *Expects*: integer
**Default**: infinite *Default*: infinite
**Multiple invocations?**: no *Multiple invocations?*: no
It specifies how many links the crawler should follow. It specifies how many links the crawler should follow.
<h3 id='redirect-limit'><a href='#redirect-limit'>Redirect limit (--redirect-limit)</a></h3> <h3 id='redirect-limit'><a href='#redirect-limit'>Redirect limit (--redirect-limit)</a></h3>
**Expects**: integer *Expects*: integer
**Default**: infinite *Default*: infinite
**Multiple invocations?**: no *Multiple invocations?*: no
It specifies how many redirects the crawler should follow. It specifies how many redirects the crawler should follow.
<h3 id='extend-paths'><a href='#extend-paths'>Extend paths (--extend-paths)</a></h3> <h3 id='extend-paths'><a href='#extend-paths'>Extend paths (--extend-paths)</a></h3>
**Expects**: file *Expects*: file
**Default**: disabled *Default*: disabled
**Multiple invocations?**: yes *Multiple invocations?*: yes
Allows you to extend the scope of the audit by supplementing the paths discovered by the crawler with the paths in the file. Allows you to extend the scope of the audit by supplementing the paths discovered by the crawler with the paths in the file.
The file must contains one path per line. The file must contains one path per line.
<h3 id='restrict-paths'><a href='#restrict-paths'>Restrict paths (--restrict-paths)</a></h3> <h3 id='restrict-paths'><a href='#restrict-paths'>Restrict paths (--restrict-paths)</a></h3>
**Expects**: file *Expects*: file
**Default**: disabled *Default*: disabled
**Multiple invocations?**: yes *Multiple invocations?*: yes
Uses the paths contained in file instead of performing a crawl. Uses the paths contained in file instead of performing a crawl.
...@@ -787,100 +787,100 @@ Uses the paths contained in file instead of performing a crawl. ...@@ -787,100 +787,100 @@ Uses the paths contained in file instead of performing a crawl.
<h3 id='audit-links'><a href='#audit-links'>Audit links (--audit-links/-g)</a></h3> <h3 id='audit-links'><a href='#audit-links'>Audit links (--audit-links/-g)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Tells Arachni to audit the link elements of the page and their variables. Tells Arachni to audit the link elements of the page and their variables.
<h3 id='audit-forms'><a href='#audit-forms'>Audit forms (--audit-forms/-p)</a></h3> <h3 id='audit-forms'><a href='#audit-forms'>Audit forms (--audit-forms/-p)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Tells Arachni to audit the form elements of the page and their inputs. Tells Arachni to audit the form elements of the page and their inputs.
<h3 id='audit-cookies'><a href='#audit-cookies'>Audit cookies (--audit-cookies/-c)</a></h3> <h3 id='audit-cookies'><a href='#audit-cookies'>Audit cookies (--audit-cookies/-c)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Tells Arachni to audit the cookies of the page. Tells Arachni to audit the cookies of the page.
<h3 id='exclude-cookie'><a href='#exclude-cookie'>Exclude cookie (--exclude-cookie)</a></h3> <h3 id='exclude-cookie'><a href='#exclude-cookie'>Exclude cookie (--exclude-cookie)</a></h3>
**Expects**: cookie name *Expects*: cookie name
**Default**: disabled *Default*: disabled
**Multiple invocations?**: yes *Multiple invocations?*: yes
Tells Arachni to exclude -- not audit -- a cookie by name. Tells Arachni to exclude -- not audit -- a cookie by name.
Usually used to avoid auditing a session ID cookie from the cookie-jar. Usually used to avoid auditing a session ID cookie from the cookie-jar.
**Note**: Even if you audit a session cookie Arachni will restore it to its original value right after auditing it. *Note*: Even if you audit a session cookie Arachni will restore it to its original value right after auditing it.
However, some extra cautious websites may invalidate/block the session upon receiving an invalid token. However, some extra cautious websites may invalidate/block the session upon receiving an invalid token.
This is very unlikely but it's better to err on the side of caution. This is very unlikely but it's better to err on the side of caution.
<h3 id='exclude-vector'><a href='#exclude-vector'>Exclude cookie (--exclude-vector)</a></h3> <h3 id='exclude-vector'><a href='#exclude-vector'>Exclude cookie (--exclude-vector)</a></h3>
**Expects**: input name *Expects*: input name
**Default**: disabled *Default*: disabled
**Multiple invocations?**: yes *Multiple invocations?*: yes
Tells Arachni to exclude -- not audit -- an input vector by name. Tells Arachni to exclude -- not audit -- an input vector by name.
<h3 id='audit-headers'><a href='#audit-headers'>Audit headers (--audit-headers)</a></h3> <h3 id='audit-headers'><a href='#audit-headers'>Audit headers (--audit-headers)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Tells Arachni to audit the HTTP headers of the page. Tells Arachni to audit the HTTP headers of the page.
**Note**: Header audits use brute force. Almost all valid HTTP request headers will be audited even if there's no indication that the web app uses them. *Note*: Header audits use brute force. Almost all valid HTTP request headers will be audited even if there's no indication that the web app uses them.
**Warning**: Enabling this option will result in increased requests, maybe by an order of magnitude. *Warning*: Enabling this option will result in increased requests, maybe by an order of magnitude.
<h2 id='coverage'><a href='#coverage'>Coverage</a></h2> <h2 id='coverage'><a href='#coverage'>Coverage</a></h2>
<h3 id='audit-cookies-extensively'><a href='#audit-cookies-extensively'>Audit cookies extensively (--audit-cookies-extensively)</a></h3> <h3 id='audit-cookies-extensively'><a href='#audit-cookies-extensively'>Audit cookies extensively (--audit-cookies-extensively)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
If enabled Arachni will submit all links and forms of the page along with the cookie permutations. If enabled Arachni will submit all links and forms of the page along with the cookie permutations.
**Warning**: Will severely increase the scan-time. *Warning*: Will severely increase the scan-time.
<h3 id='fuzz-methods'><a href='#fuzz-methods'>Fuzz methods (--fuzz-methods)</a></h3> <h3 id='fuzz-methods'><a href='#fuzz-methods'>Fuzz methods (--fuzz-methods)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
If enabled Arachni will submit all links and forms using both the _GET_ and _POST_ If enabled Arachni will submit all links and forms using both the _GET_ and _POST_
HTTP request methods. HTTP request methods.
**Warning**: Will severely increase the scan-time. *Warning*: Will severely increase the scan-time.
<h3 id='exclude-binaries'><a href='#exclude-binaries'>Exclude binaries (--exclude-binaries)</a></h3> <h3 id='exclude-binaries'><a href='#exclude-binaries'>Exclude binaries (--exclude-binaries)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Disables inclusion of binary HTTP response bodies in the audit. Disables inclusion of binary HTTP response bodies in the audit.
**Note**: Binary content can confuse recon modules that perform pattern matching. *Note*: Binary content can confuse recon modules that perform pattern matching.
<h2 id='modules'><a href='#modules'>Modules</a></h2> <h2 id='modules'><a href='#modules'>Modules</a></h2>
<h3 id='lsmod'><a href='#lsmod'>List modules (--lsmod)</a></h3> <h3 id='lsmod'><a href='#lsmod'>List modules (--lsmod)</a></h3>
**Expects**: regular expression *Expects*: regular expression
**Default**: disabled OR .** *Default*: disabled OR .*
**Multiple invocations?**: yes *Multiple invocations?*: yes
Tells Arachni to list all available modules based on the regular expressions provided and exit. Tells Arachni to list all available modules based on the regular expressions provided and exit.
...@@ -908,7 +908,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -908,7 +908,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] Available modules: [~] Available modules:
[**] code_injection: [*] code_injection:
-------------------- --------------------
Name: Code injection Name: Code injection
Description: It tries to inject code snippets into the Description: It tries to inject code snippets into the
...@@ -932,7 +932,7 @@ Targets: ...@@ -932,7 +932,7 @@ Targets:
Metasploitable: unix/webapp/arachni_php_eval Metasploitable: unix/webapp/arachni_php_eval
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/code_injection.rb Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/code_injection.rb
[**] path_traversal: [*] path_traversal:
-------------------- --------------------
Name: PathTraversal Name: PathTraversal
Description: It injects paths of common files (/etc/passwd and boot.ini) Description: It injects paths of common files (/etc/passwd and boot.ini)
...@@ -951,7 +951,7 @@ Targets: ...@@ -951,7 +951,7 @@ Targets:
Metasploitable: unix/webapp/arachni_path_traversal Metasploitable: unix/webapp/arachni_path_traversal
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/path_traversal.rb Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/path_traversal.rb
[**] sqli_blind_rdiff: [*] sqli_blind_rdiff:
-------------------- --------------------
Name: Blind (rDiff) SQL Injection Name: Blind (rDiff) SQL Injection
Description: It uses rDiff analysis to decide how different inputs affect Description: It uses rDiff analysis to decide how different inputs affect
...@@ -997,7 +997,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -997,7 +997,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] Available modules: [~] Available modules:
[**] xss_path: [*] xss_path:
-------------------- --------------------
Name: XSSPath Name: XSSPath
Description: Cross-Site Scripting module for path injection Description: Cross-Site Scripting module for path injection
...@@ -1016,13 +1016,13 @@ Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/xs ...@@ -1016,13 +1016,13 @@ Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/modules/audit/xs
<h3 id='modules'><a href='#modules'>Modules (--modules/-m)</a></h3> <h3 id='modules'><a href='#modules'>Modules (--modules/-m)</a></h3>
**Expects**: modname,modname,... OR '**' *Expects*: modname,modname,... OR '*'
**Default**: '**' -- all modules *Default*: '*' -- all modules
**Multiple invocations?**: no *Multiple invocations?*: no
Tells Arachni which modules to load. Tells Arachni which modules to load.
Modules are referenced by their filename without the '.rb' extension, use '--lsmod' to see all. Modules are referenced by their filename without the '.rb' extension, use '--lsmod' to see all.
You can specify the modules to load as comma separated values (without spaces) or '**' to load all modules. You can specify the modules to load as comma separated values (without spaces) or '*' to load all modules.
You can prevent modules from loading by prefixing their name with a dash (-). You can prevent modules from loading by prefixing their name with a dash (-).
...@@ -1045,7 +1045,7 @@ $ arachni http://localhost/ ...@@ -1045,7 +1045,7 @@ $ arachni http://localhost/
Excluding modules: Excluding modules:
``` ```
$ arachni --modules=**,-backup_files,-xss http://www.test.com $ arachni --modules=*,-backup_files,-xss http://www.test.com
``` ```
The above will load all modules except for the 'backup_files' and 'xss' modules. The above will load all modules except for the 'backup_files' and 'xss' modules.
...@@ -1054,9 +1054,9 @@ The above will load all modules except for the 'backup_files' and 'xss' modules. ...@@ -1054,9 +1054,9 @@ The above will load all modules except for the 'backup_files' and 'xss' modules.
<h3 id='lsrep'><a href='#lsrep'>List reports (--lsrep)</a></h3> <h3 id='lsrep'><a href='#lsrep'>List reports (--lsrep)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Lists all available reports. Lists all available reports.
...@@ -1084,7 +1084,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -1084,7 +1084,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] Available reports: [~] Available reports:
[**] yaml: [*] yaml:
-------------------- --------------------
Name: YAML Report Name: YAML Report
Description: Exports the audit results as a YAML file. Description: Exports the audit results as a YAML file.
...@@ -1098,7 +1098,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1098,7 +1098,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1 Version: 0.1.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/yaml.rb Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/yaml.rb
[**] txt: [*] txt:
-------------------- --------------------
Name: Text report Name: Text report
Description: Exports a report as a plain text file. Description: Exports a report as a plain text file.
...@@ -1112,7 +1112,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1112,7 +1112,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.2.1 Version: 0.2.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/txt.rb Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/txt.rb
[**] xml: [*] xml:
-------------------- --------------------
Name: XML report Name: XML report
Description: Exports a report as an XML file. Description: Exports a report as an XML file.
...@@ -1126,7 +1126,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1126,7 +1126,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.2.2 Version: 0.2.2
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/xml.rb Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/xml.rb
[**] metareport: [*] metareport:
-------------------- --------------------
Name: Metareport Name: Metareport
Description: Creates a file to be used with the Arachni MSF plug-in. Description: Creates a file to be used with the Arachni MSF plug-in.
...@@ -1140,7 +1140,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1140,7 +1140,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1 Version: 0.1.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/metareport.rb Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/metareport.rb
[**] afr: [*] afr:
-------------------- --------------------
Name: Arachni Framework Report Name: Arachni Framework Report
Description: Saves the file in the default Arachni Framework Report (.afr) format. Description: Saves the file in the default Arachni Framework Report (.afr) format.
...@@ -1154,7 +1154,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1154,7 +1154,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1 Version: 0.1.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/afr.rb Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/afr.rb
[**] html: [*] html:
-------------------- --------------------
Name: HTML Report Name: HTML Report
Description: Exports a report as an HTML document. Description: Exports a report as an HTML document.
...@@ -1173,7 +1173,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1173,7 +1173,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.3.1 Version: 0.3.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/html.rb Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/html.rb
[**] ap: [*] ap:
-------------------- --------------------
Name: AP Name: AP
Description: Awesome prints an AuditStore hash. Description: Awesome prints an AuditStore hash.
...@@ -1181,7 +1181,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1181,7 +1181,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1 Version: 0.1.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/ap.rb Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/ap.rb
[**] marshal: [*] marshal:
-------------------- --------------------
Name: Marshal Report Name: Marshal Report
Description: Exports the audit results as a Marshal file. Description: Exports the audit results as a Marshal file.
...@@ -1195,7 +1195,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1195,7 +1195,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1 Version: 0.1.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/marshal.rb Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/marshal.rb
[**] json: [*] json:
-------------------- --------------------
Name: JSON Report Name: JSON Report
Description: Exports the audit results as a JSON file. Description: Exports the audit results as a JSON file.
...@@ -1209,7 +1209,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1209,7 +1209,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1 Version: 0.1.1
Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/json.rb Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/json.rb
[**] stdout: [*] stdout:
-------------------- --------------------
Name: Stdout Name: Stdout
Description: Prints the results to standard output. Description: Prints the results to standard output.
...@@ -1221,9 +1221,9 @@ Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/stdout.r ...@@ -1221,9 +1221,9 @@ Path: /home/zapotek/builds/arachni/gems/gems/arachni-0.4.1dev/reports/stdout.r
<h3 id='repload'><a href='#repload'>Load a report (--repload)</a></h3> <h3 id='repload'><a href='#repload'>Load a report (--repload)</a></h3>
**Expects**: Arachni Framework Report (.afr) file *Expects*: Arachni Framework Report (.afr) file
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Tells Arachni to load an Arachni Framework Report (.afr) file. Tells Arachni to load an Arachni Framework Report (.afr) file.
You can use this option to load a report file and convert it to another format. You can use this option to load a report file and convert it to another format.
...@@ -1264,12 +1264,12 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -1264,12 +1264,12 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] URL: http://testfire.net/ [~] URL: http://testfire.net/
[~] User agent: Arachni/v0.4.2 [~] User agent: Arachni/v0.4.2
[**] Audited elements: [*] Audited elements:
[~] ** Forms [~] * Forms
[**] Modules: xss [*] Modules: xss
[**] Cookies: [*] Cookies:
[~] ASP.NET_SessionId = zdjkcj2t3qdmmw555alngpbm [~] ASP.NET_SessionId = zdjkcj2t3qdmmw555alngpbm
[~] amSessionId = 203429333847 [~] amSessionId = 203429333847
...@@ -1299,7 +1299,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -1299,7 +1299,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] ha.ckers - http://ha.ckers.org/xss.html [~] ha.ckers - http://ha.ckers.org/xss.html
[~] Secunia - http://secunia.com/advisories/9716/ [~] Secunia - http://secunia.com/advisories/9716/
[**] Variations [*] Variations
[~] ---------- [~] ----------
[~] Variation 1: [~] Variation 1:
[~] URL: http://testfire.net/search.aspx [~] URL: http://testfire.net/search.aspx
...@@ -1313,13 +1313,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -1313,13 +1313,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] --------------- [~] ---------------
[**] Resolver [*] Resolver
[~] ~~~~~~~~~~~~~~ [~] ~~~~~~~~~~~~~~
[~] Description: Resolves vulnerable hostnames to IP addresses. [~] Description: Resolves vulnerable hostnames to IP addresses.
[~] testfire.net: 65.61.137.117 [~] testfire.net: 65.61.137.117
[**] Health map [*] Health map
[~] ~~~~~~~~~~~~~~ [~] ~~~~~~~~~~~~~~
[~] Description: Generates a simple list of safe/unsafe URLs. [~] Description: Generates a simple list of safe/unsafe URLs.
...@@ -1334,7 +1334,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -1334,7 +1334,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[+] Without issues: 1 [+] Without issues: 1
[-] With issues: 1 ( 50% ) [-] With issues: 1 ( 50% )
[**] Profiler [*] Profiler
[~] ~~~~~~~~~~~~~~ [~] ~~~~~~~~~~~~~~
[~] Description: Examines the behavior of the web application gathering general statistics [~] Description: Examines the behavior of the web application gathering general statistics
and performs taint analysis to determine which inputs affect the output. and performs taint analysis to determine which inputs affect the output.
...@@ -1345,10 +1345,10 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -1345,10 +1345,10 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[+] Form using the 'txtSearch' input at 'http://testfire.net/' pointing to 'http://testfire.net/search.aspx' using 'GET'. [+] Form using the 'txtSearch' input at 'http://testfire.net/' pointing to 'http://testfire.net/search.aspx' using 'GET'.
[~] It was submitted using the following parameters: [~] It was submitted using the following parameters:
[~] ** txtSearch = arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1 [~] * txtSearch = arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1
[~] [~]
[~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1': [~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_text023849c38925e2af028a2eb4e1dc41afd7dc7a238195c1c2ae00438d1dae00e1':
[~] ** Body [~] * Body
``` ```
...@@ -1366,16 +1366,16 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -1366,16 +1366,16 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[**] Creating HTML report... [*] Creating HTML report...
[**] Saved in '2012-09-09 02.43.42 +0300.html'. [*] Saved in '2012-09-09 02.43.42 +0300.html'.
``` ```
<h3 id='report'><a href='#report'>Report (--report)</a></h3> <h3 id='report'><a href='#report'>Report (--report)</a></h3>
**Expects**: repname *Expects*: repname
**Default**: stdout *Default*: stdout
**Multiple invocations?**: yes *Multiple invocations?*: yes
Tells Arachni which report component to use. Tells Arachni which report component to use.
Reports are referenced by their filename without the '.rb' extension, use '--lsrep' to see all. Reports are referenced by their filename without the '.rb' extension, use '--lsrep' to see all.
...@@ -1398,64 +1398,64 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -1398,64 +1398,64 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] No audit options were specified. [~] No audit options were specified.
[~] -> Will audit links, forms and cookies. [~] -> Will audit links, forms and cookies.
[**] Initialising... [*] Initialising...
[**] Waiting for plugins to settle... [*] Waiting for plugins to settle...
[**] [HTTP: 200] http://testfire.net/ [*] [HTTP: 200] http://testfire.net/
[**] Harvesting HTTP responses... [*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while. [~] Depending on server responsiveness and network conditions this may take a while.
[**] Auditing: [HTTP: 200] http://testfire.net/ [*] Auditing: [HTTP: 200] http://testfire.net/
[**] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'. [*] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'. [*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'. [*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'. [*] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'. [*] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'. [*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'. [*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'. [*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] Harvesting HTTP responses... [*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while. [~] Depending on server responsiveness and network conditions this may take a while.
[**] Profiler: Analyzing response #3... [*] Profiler: Analyzing response #3...
[**] Profiler: Analyzing response #4... [*] Profiler: Analyzing response #4...
[~] Trainer: Found 1 new links. [~] Trainer: Found 1 new links.
[**] Profiler: Analyzing response #5... [*] Profiler: Analyzing response #5...
[**] Profiler: Analyzing response #6... [*] Profiler: Analyzing response #6...
[**] XSS: Analyzing response #9... [*] XSS: Analyzing response #9...
[**] XSS: Analyzing response #10... [*] XSS: Analyzing response #10...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx ) [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] XSS: Analyzing response #13... [*] XSS: Analyzing response #13...
[**] XSS: Analyzing response #14... [*] XSS: Analyzing response #14...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx ) [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] XSS: Analyzing response #17... [*] XSS: Analyzing response #17...
[**] XSS: Analyzing response #18... [*] XSS: Analyzing response #18...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx ) [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] Profiler: Analyzing response #8... [*] Profiler: Analyzing response #8...
[**] Profiler: Analyzing response #7... [*] Profiler: Analyzing response #7...
[**] XSS: Analyzing response #12... [*] XSS: Analyzing response #12...
[**] XSS: Analyzing response #11... [*] XSS: Analyzing response #11...
[**] XSS: Analyzing response #15... [*] XSS: Analyzing response #15...
[**] XSS: Analyzing response #16... [*] XSS: Analyzing response #16...
[**] XSS: Analyzing response #19... [*] XSS: Analyzing response #19...
[**] XSS: Analyzing response #20... [*] XSS: Analyzing response #20...
[**] Resolver: Resolving hostnames... [*] Resolver: Resolving hostnames...
[**] Resolver: Done! [*] Resolver: Done!
[**] Dumping audit results in '2012-09-09 02.45.19 +0300.afr'. [*] Dumping audit results in '2012-09-09 02.45.19 +0300.afr'.
[**] Done! [*] Done!
[**] Creating HTML report... [*] Creating HTML report...
[**] Saved in 'my_html_report.html'. [*] Saved in 'my_html_report.html'.
[~] 100.0% [>] 100% [~] 100.0% [>] 100%
[~] Est. remaining time: --:--:-- [~] Est. remaining time: --:--:--
...@@ -1483,9 +1483,9 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -1483,9 +1483,9 @@ Arachni - Web Application Security Scanner Framework v0.4.2
<h3 id='lsplug'><a href='#lsplug'>List plugins (--lsplug)</a></h3> <h3 id='lsplug'><a href='#lsplug'>List plugins (--lsplug)</a></h3>
**Expects**: <n/a> *Expects*: <n/a>
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Lists all available plugins. Lists all available plugins.
...@@ -1513,7 +1513,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -1513,7 +1513,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] Available plugins: [~] Available plugins:
[**] resolver: [*] resolver:
-------------------- --------------------
Name: Resolver Name: Resolver
Description: Resolves vulnerable hostnames to IP addresses. Description: Resolves vulnerable hostnames to IP addresses.
...@@ -1521,7 +1521,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1521,7 +1521,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1 Version: 0.1.1
Path: /home/zapotek/workspace/arachni/plugins/defaults/resolver.rb Path: /home/zapotek/workspace/arachni/plugins/defaults/resolver.rb
[**] healthmap: [*] healthmap:
-------------------- --------------------
Name: Health map Name: Health map
Description: Generates a simple list of safe/unsafe URLs. Description: Generates a simple list of safe/unsafe URLs.
...@@ -1529,7 +1529,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1529,7 +1529,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.3 Version: 0.1.3
Path: /home/zapotek/workspace/arachni/plugins/defaults/healthmap.rb Path: /home/zapotek/workspace/arachni/plugins/defaults/healthmap.rb
[**] profiler: [*] profiler:
-------------------- --------------------
Name: Profiler Name: Profiler
Description: Examines the behavior of the web application gathering general statistics Description: Examines the behavior of the web application gathering general statistics
...@@ -1540,7 +1540,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1540,7 +1540,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.5 Version: 0.1.5
Path: /home/zapotek/workspace/arachni/plugins/defaults/profiler.rb Path: /home/zapotek/workspace/arachni/plugins/defaults/profiler.rb
[**] uniformity: [*] uniformity:
-------------------- --------------------
Name: Uniformity (Lack of central sanitization) Name: Uniformity (Lack of central sanitization)
Description: Analyzes the scan results and logs issues which persist across different pages. Description: Analyzes the scan results and logs issues which persist across different pages.
...@@ -1550,7 +1550,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1550,7 +1550,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2 Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/uniformity.rb Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/uniformity.rb
[**] manual_verification: [*] manual_verification:
-------------------- --------------------
Name: Issues requiring manual verification Name: Issues requiring manual verification
Description: The HTTP responses of the issues logged by this plugin exhibit a suspicious pattern Description: The HTTP responses of the issues logged by this plugin exhibit a suspicious pattern
...@@ -1561,7 +1561,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1561,7 +1561,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2 Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/manual_verification.rb Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/manual_verification.rb
[**] timing_attacks: [*] timing_attacks:
-------------------- --------------------
Name: Timing attack anomalies Name: Timing attack anomalies
Description: Analyzes the scan results and logs issues that used timing attacks Description: Analyzes the scan results and logs issues that used timing attacks
...@@ -1574,7 +1574,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1574,7 +1574,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.4 Version: 0.1.4
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/timing_attacks.rb Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/timing_attacks.rb
[**] discovery: [*] discovery:
-------------------- --------------------
Name: Discovery module response anomalies Name: Discovery module response anomalies
Description: Analyzes the scan results and identifies issues logged by discovery modules Description: Analyzes the scan results and identifies issues logged by discovery modules
...@@ -1586,7 +1586,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1586,7 +1586,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2 Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/discovery.rb Path: /home/zapotek/workspace/arachni/plugins/defaults/meta/remedies/discovery.rb
[**] autothrottle: [*] autothrottle:
-------------------- --------------------
Name: AutoThrottle Name: AutoThrottle
Description: Monitors HTTP response times and automatically Description: Monitors HTTP response times and automatically
...@@ -1596,7 +1596,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1596,7 +1596,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.3 Version: 0.1.3
Path: /home/zapotek/workspace/arachni/plugins/defaults/autothrottle.rb Path: /home/zapotek/workspace/arachni/plugins/defaults/autothrottle.rb
[**] content_types: [*] content_types:
-------------------- --------------------
Name: Content-types Name: Content-types
Description: Logs content-types of server responses. Description: Logs content-types of server responses.
...@@ -1612,7 +1612,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1612,7 +1612,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.4 Version: 0.1.4
Path: /home/zapotek/workspace/arachni/plugins/defaults/content_types.rb Path: /home/zapotek/workspace/arachni/plugins/defaults/content_types.rb
[**] libnotify: [*] libnotify:
-------------------- --------------------
Name: libnotify Name: libnotify
Description: Uses the libnotify library to send notifications for each discovered issue Description: Uses the libnotify library to send notifications for each discovered issue
...@@ -1627,7 +1627,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1627,7 +1627,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1 Version: 0.1.1
Path: /home/zapotek/workspace/arachni/plugins/libnotify.rb Path: /home/zapotek/workspace/arachni/plugins/libnotify.rb
[**] cookie_collector: [*] cookie_collector:
-------------------- --------------------
Name: Cookie collector Name: Cookie collector
Description: Monitors and collects cookies while establishing a timeline of changes. Description: Monitors and collects cookies while establishing a timeline of changes.
...@@ -1639,15 +1639,15 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1639,15 +1639,15 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.5 Version: 0.1.5
Path: /home/zapotek/workspace/arachni/plugins/cookie_collector.rb Path: /home/zapotek/workspace/arachni/plugins/cookie_collector.rb
[**] proxy: [*] proxy:
-------------------- --------------------
Name: Proxy Name: Proxy
Description: Description:
** Gathers data based on user actions and exchanged HTTP * Gathers data based on user actions and exchanged HTTP
traffic and pushes that data to the framework's page-queue to be audited. traffic and pushes that data to the framework's page-queue to be audited.
** Updates the framework cookies with the cookies of the HTTP requests and * Updates the framework cookies with the cookies of the HTTP requests and
responses, thus it can also be used to login to a web application. responses, thus it can also be used to login to a web application.
** Supports SSL interception. * Supports SSL interception.
To skip crawling and only audit elements discovered by using the proxy To skip crawling and only audit elements discovered by using the proxy
set '--link-count=0'. set '--link-count=0'.
...@@ -1671,7 +1671,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1671,7 +1671,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.2 Version: 0.2
Path: /home/zapotek/workspace/arachni/plugins/proxy.rb Path: /home/zapotek/workspace/arachni/plugins/proxy.rb
[**] beep_notify: [*] beep_notify:
-------------------- --------------------
Name: Beep notify Name: Beep notify
Description: It beeps when the scan finishes. Description: It beeps when the scan finishes.
...@@ -1690,7 +1690,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1690,7 +1690,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1 Version: 0.1
Path: /home/zapotek/workspace/arachni/plugins/beep_notify.rb Path: /home/zapotek/workspace/arachni/plugins/beep_notify.rb
[**] rescan: [*] rescan:
-------------------- --------------------
Name: ReScan Name: ReScan
Description: It uses the AFR report of a previous scan to Description: It uses the AFR report of a previous scan to
...@@ -1706,7 +1706,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1706,7 +1706,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2 Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/rescan.rb Path: /home/zapotek/workspace/arachni/plugins/rescan.rb
[**] http_dicattack: [*] http_dicattack:
-------------------- --------------------
Name: HTTP dictionary attacker Name: HTTP dictionary attacker
Description: Uses wordlists to crack password protected directories. Description: Uses wordlists to crack password protected directories.
...@@ -1728,15 +1728,15 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1728,15 +1728,15 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2 Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/http_dicattack.rb Path: /home/zapotek/workspace/arachni/plugins/http_dicattack.rb
[**] vector_feed: [*] vector_feed:
-------------------- --------------------
Name: Vector feed Name: Vector feed
Description: Reads in vector data from which it creates elements to be audited. Description: Reads in vector data from which it creates elements to be audited.
Can be used to perform extremely specialized/narrow audits on a per vector/element basis. Can be used to perform extremely specialized/narrow audits on a per vector/element basis.
Notes: Notes:
** To only audit the vectors in the feed you must set the 'link-count' limit to 0 to prevent crawling. * To only audit the vectors in the feed you must set the 'link-count' limit to 0 to prevent crawling.
** Can handle multiple YAML documents. * Can handle multiple YAML documents.
Example YAML file: Example YAML file:
- -
...@@ -1805,7 +1805,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1805,7 +1805,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2 Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/vector_feed.rb Path: /home/zapotek/workspace/arachni/plugins/vector_feed.rb
[**] script: [*] script:
-------------------- --------------------
Name: Script Name: Script
Description: Loads and runs an external Ruby script under the scope of a plugin, Description: Loads and runs an external Ruby script under the scope of a plugin,
...@@ -1822,7 +1822,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1822,7 +1822,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.1 Version: 0.1.1
Path: /home/zapotek/workspace/arachni/plugins/script.rb Path: /home/zapotek/workspace/arachni/plugins/script.rb
[**] email_notify: [*] email_notify:
-------------------- --------------------
Name: E-mail notify Name: E-mail notify
Description: Sends a notification (and optionally a report) over SMTP at the end of the scan. Description: Sends a notification (and optionally a report) over SMTP at the end of the scan.
...@@ -1886,7 +1886,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1886,7 +1886,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2 Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/email_notify.rb Path: /home/zapotek/workspace/arachni/plugins/email_notify.rb
[**] autologin: [*] autologin:
-------------------- --------------------
Name: AutoLogin Name: AutoLogin
Description: It looks for the login form in the user provided URL, Description: It looks for the login form in the user provided URL,
...@@ -1914,7 +1914,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1914,7 +1914,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.5 Version: 0.1.5
Path: /home/zapotek/workspace/arachni/plugins/autologin.rb Path: /home/zapotek/workspace/arachni/plugins/autologin.rb
[**] waf_detector: [*] waf_detector:
-------------------- --------------------
Name: WAF Detector Name: WAF Detector
Description: Performs basic profiling on the web application Description: Performs basic profiling on the web application
...@@ -1937,7 +1937,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ...@@ -1937,7 +1937,7 @@ Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
Version: 0.1.2 Version: 0.1.2
Path: /home/zapotek/workspace/arachni/plugins/waf_detector.rb Path: /home/zapotek/workspace/arachni/plugins/waf_detector.rb
[**] form_dicattack: [*] form_dicattack:
-------------------- --------------------
Name: Form dictionary attacker Name: Form dictionary attacker
Description: Uses wordlists to crack login forms. Description: Uses wordlists to crack login forms.
...@@ -1979,9 +1979,9 @@ Path: /home/zapotek/workspace/arachni/plugins/form_dicattack.rb ...@@ -1979,9 +1979,9 @@ Path: /home/zapotek/workspace/arachni/plugins/form_dicattack.rb
<h3 id='plugin'><a href='#plugin'>Plugin (--plugin)</a></h3> <h3 id='plugin'><a href='#plugin'>Plugin (--plugin)</a></h3>
**Expects**: plugin name *Expects*: plugin name
**Default**: disabled *Default*: disabled
**Multiple invocations?**: yes *Multiple invocations?*: yes
Tells Arachni which plugin components to run. Tells Arachni which plugin components to run.
Plugins are referenced by their filename without the '.rb' extension, use '--lsplug' to see all. Plugins are referenced by their filename without the '.rb' extension, use '--lsplug' to see all.
...@@ -2007,95 +2007,95 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2007,95 +2007,95 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] No audit options were specified. [~] No audit options were specified.
[~] -> Will audit links, forms and cookies. [~] -> Will audit links, forms and cookies.
[**] Initialising... [*] Initialising...
[~] AutoLogin: System paused. [~] AutoLogin: System paused.
[**] Waiting for plugins to settle... [*] Waiting for plugins to settle...
[**] AutoLogin: Found log-in form with name: login [*] AutoLogin: Found log-in form with name: login
[+] AutoLogin: Form submitted successfully. [+] AutoLogin: Form submitted successfully.
[~] AutoLogin: Cookies set to: [~] AutoLogin: Cookies set to:
[~] AutoLogin: ** ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55 [~] AutoLogin: * ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55
[~] AutoLogin: ** amSessionId = 204023334531 [~] AutoLogin: * amSessionId = 204023334531
[~] AutoLogin: ** amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ= [~] AutoLogin: * amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ=
[~] AutoLogin: ** amUserId = 100116014 [~] AutoLogin: * amUserId = 100116014
[~] AutoLogin: ** amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9 [~] AutoLogin: * amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9
[**] [HTTP: 200] http://testfire.net/ [*] [HTTP: 200] http://testfire.net/
[**] Harvesting HTTP responses... [*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while. [~] Depending on server responsiveness and network conditions this may take a while.
[**] Auditing: [HTTP: 200] http://testfire.net/ [*] Auditing: [HTTP: 200] http://testfire.net/
[**] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'. [*] Profiler: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] Profiler: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'. [*] Profiler: Auditing form variable '__original_values__' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'. [*] Profiler: Auditing form variable '__sample_values__' with action 'http://testfire.net/search.aspx'.
[**] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'. [*] Profiler: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'. [*] Profiler: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] Profiler: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'. [*] Profiler: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
[**] Profiler: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'. [*] Profiler: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
[**] Profiler: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'. [*] Profiler: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'. [*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'. [*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
[**] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'. [*] XSS: Auditing link variable 'content' with action 'http://testfire.net/default.aspx?content=inside_contact.htm'.
[**] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'. [*] XSS: Auditing form variable 'txtSearch' with action 'http://testfire.net/search.aspx'.
[**] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'ASP.NET_SessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amSessionId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amUserInfo' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amUserId' with action 'http://testfire.net/'.
[**] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'. [*] XSS: Auditing cookie variable 'amCreditOffer' with action 'http://testfire.net/'.
[**] Harvesting HTTP responses... [*] Harvesting HTTP responses...
[~] Depending on server responsiveness and network conditions this may take a while. [~] Depending on server responsiveness and network conditions this may take a while.
[**] Profiler: Analyzing response #6... [*] Profiler: Analyzing response #6...
[**] Profiler: Analyzing response #7... [*] Profiler: Analyzing response #7...
[**] XSS: Analyzing response #26... [*] XSS: Analyzing response #26...
[**] XSS: Analyzing response #27... [*] XSS: Analyzing response #27...
[~] Trainer: Found 1 new links. [~] Trainer: Found 1 new links.
[**] Profiler: Analyzing response #9... [*] Profiler: Analyzing response #9...
[**] Profiler: Analyzing response #8... [*] Profiler: Analyzing response #8...
[**] XSS: Analyzing response #28... [*] XSS: Analyzing response #28...
[**] XSS: Analyzing response #15... [*] XSS: Analyzing response #15...
[**] XSS: Analyzing response #16... [*] XSS: Analyzing response #16...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx ) [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] XSS: Analyzing response #22... [*] XSS: Analyzing response #22...
[**] XSS: Analyzing response #30... [*] XSS: Analyzing response #30...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx ) [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] Profiler: Analyzing response #10... [*] Profiler: Analyzing response #10...
[**] XSS: Analyzing response #31... [*] XSS: Analyzing response #31...
[**] XSS: Analyzing response #32... [*] XSS: Analyzing response #32...
[**] Profiler: Analyzing response #11... [*] Profiler: Analyzing response #11...
[**] Profiler: Analyzing response #12... [*] Profiler: Analyzing response #12...
[**] Profiler: Analyzing response #14... [*] Profiler: Analyzing response #14...
[**] Profiler: Analyzing response #13... [*] Profiler: Analyzing response #13...
[**] XSS: Analyzing response #33... [*] XSS: Analyzing response #33...
[**] XSS: Analyzing response #17... [*] XSS: Analyzing response #17...
[**] XSS: Analyzing response #18... [*] XSS: Analyzing response #18...
[**] XSS: Analyzing response #19... [*] XSS: Analyzing response #19...
[**] XSS: Analyzing response #34... [*] XSS: Analyzing response #34...
[**] XSS: Analyzing response #20... [*] XSS: Analyzing response #20...
[**] XSS: Analyzing response #21... [*] XSS: Analyzing response #21...
[**] XSS: Analyzing response #23... [*] XSS: Analyzing response #23...
[+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx ) [+] XSS: In form var 'txtSearch' ( http://testfire.net/search.aspx )
[**] XSS: Analyzing response #35... [*] XSS: Analyzing response #35...
[**] XSS: Analyzing response #24... [*] XSS: Analyzing response #24...
[**] XSS: Analyzing response #25... [*] XSS: Analyzing response #25...
[**] XSS: Analyzing response #29... [*] XSS: Analyzing response #29...
[**] Resolver: Resolving hostnames... [*] Resolver: Resolving hostnames...
[**] Resolver: Done! [*] Resolver: Done!
[**] Dumping audit results in '2012-09-09 02.48.17 +0300.afr'. [*] Dumping audit results in '2012-09-09 02.48.17 +0300.afr'.
[**] Done! [*] Done!
...@@ -2117,14 +2117,14 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2117,14 +2117,14 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] URL: http://testfire.net/ [~] URL: http://testfire.net/
[~] User agent: Arachni/v0.4.2 [~] User agent: Arachni/v0.4.2
[**] Audited elements: [*] Audited elements:
[~] ** Links [~] * Links
[~] ** Forms [~] * Forms
[~] ** Cookies [~] * Cookies
[**] Modules: xss [*] Modules: xss
[**] Filters: [*] Filters:
[~] Exclude: [~] Exclude:
[~] (?-mix:logout) [~] (?-mix:logout)
...@@ -2154,7 +2154,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2154,7 +2154,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] ha.ckers - http://ha.ckers.org/xss.html [~] ha.ckers - http://ha.ckers.org/xss.html
[~] Secunia - http://secunia.com/advisories/9716/ [~] Secunia - http://secunia.com/advisories/9716/
[**] Variations [*] Variations
[~] ---------- [~] ----------
[~] Variation 1: [~] Variation 1:
[~] URL: http://testfire.net/search.aspx [~] URL: http://testfire.net/search.aspx
...@@ -2185,7 +2185,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2185,7 +2185,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] ha.ckers - http://ha.ckers.org/xss.html [~] ha.ckers - http://ha.ckers.org/xss.html
[~] Secunia - http://secunia.com/advisories/9716/ [~] Secunia - http://secunia.com/advisories/9716/
[**] Variations [*] Variations
[~] ---------- [~] ----------
[~] Variation 1: [~] Variation 1:
[~] URL: http://testfire.net/search.aspx?txtSearch=arachni_text [~] URL: http://testfire.net/search.aspx?txtSearch=arachni_text
...@@ -2199,13 +2199,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2199,13 +2199,13 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[~] --------------- [~] ---------------
[**] Resolver [*] Resolver
[~] ~~~~~~~~~~~~~~ [~] ~~~~~~~~~~~~~~
[~] Description: Resolves vulnerable hostnames to IP addresses. [~] Description: Resolves vulnerable hostnames to IP addresses.
[~] testfire.net: 65.61.137.117 [~] testfire.net: 65.61.137.117
[**] Health map [*] Health map
[~] ~~~~~~~~~~~~~~ [~] ~~~~~~~~~~~~~~
[~] Description: Generates a simple list of safe/unsafe URLs. [~] Description: Generates a simple list of safe/unsafe URLs.
...@@ -2221,7 +2221,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2221,7 +2221,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[+] Without issues: 1 [+] Without issues: 1
[-] With issues: 2 ( 67% ) [-] With issues: 2 ( 67% )
[**] Profiler [*] Profiler
[~] ~~~~~~~~~~~~~~ [~] ~~~~~~~~~~~~~~
[~] Description: Examines the behavior of the web application gathering general statistics [~] Description: Examines the behavior of the web application gathering general statistics
and performs taint analysis to determine which inputs affect the output. and performs taint analysis to determine which inputs affect the output.
...@@ -2232,18 +2232,18 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2232,18 +2232,18 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[+] Form using the 'txtSearch' input at 'http://testfire.net/' pointing to 'http://testfire.net/search.aspx' using 'GET'. [+] Form using the 'txtSearch' input at 'http://testfire.net/' pointing to 'http://testfire.net/search.aspx' using 'GET'.
[~] It was submitted using the following parameters: [~] It was submitted using the following parameters:
[~] ** txtSearch = arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6 [~] * txtSearch = arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6
[~] [~]
[~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6': [~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_texte4e549408422875958476160732390defefcac7c2bd8353d918fe452d20de2a6':
[~] ** Body [~] * Body
[+] Link using the 'txtSearch' input at 'http://testfire.net/search.aspx?txtSearch=arachni_text' pointing to 'http://testfire.net/search.aspx?txtSearch=arachni_text' using 'GET'. [+] Link using the 'txtSearch' input at 'http://testfire.net/search.aspx?txtSearch=arachni_text' pointing to 'http://testfire.net/search.aspx?txtSearch=arachni_text' using 'GET'.
[~] It was submitted using the following parameters: [~] It was submitted using the following parameters:
[~] ** txtSearch = arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056 [~] * txtSearch = arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056
[~] [~]
[~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056': [~] The taint landed in the following elements at 'http://testfire.net/search.aspx?txtSearch=arachni_text5f2703a5211db19a9020f7443f6a440fbc95cda90b7c2d53912f5ce47d050056':
[~] ** Body [~] * Body
[**] AutoLogin [*] AutoLogin
[~] ~~~~~~~~~~~~~~ [~] ~~~~~~~~~~~~~~
[~] Description: It looks for the login form in the user provided URL, [~] Description: It looks for the login form in the user provided URL,
merges its input fields with the user supplied parameters and sets the cookies merges its input fields with the user supplied parameters and sets the cookies
...@@ -2252,11 +2252,11 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2252,11 +2252,11 @@ Arachni - Web Application Security Scanner Framework v0.4.2
[+] Form submitted successfully. [+] Form submitted successfully.
[~] Cookies set to: [~] Cookies set to:
[~] ** ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55 [~] * ASP.NET_SessionId = 14kge555fdb4bjflm3rx3t55
[~] ** amSessionId = 204023334531 [~] * amSessionId = 204023334531
[~] ** amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ= [~] * amUserInfo = UserName=anNtaXRo&Password=RGVtbzEyMzQ=
[~] ** amUserId = 100116014 [~] * amUserId = 100116014
[~] ** amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9 [~] * amCreditOffer = CardType=Gold&Limit=10000&Interest=7.9
[~] 100.0% [>] 100% [~] 100.0% [>] 100%
[~] Est. remaining time: --:--:-- [~] Est. remaining time: --:--:--
...@@ -2285,25 +2285,25 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2285,25 +2285,25 @@ Arachni - Web Application Security Scanner Framework v0.4.2
<h3 id='proxy_server'><a href='#proxy_server'>Proxy server (--proxy)</a></h3> <h3 id='proxy_server'><a href='#proxy_server'>Proxy server (--proxy)</a></h3>
**Expects**: server:port *Expects*: server:port
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Tells Arachni to send all requests via a proxy server. Tells Arachni to send all requests via a proxy server.
<h3 id='proxy-auth'><a href='#proxy-auth'>Proxy authentication (--proxy-auth)</a></h3> <h3 id='proxy-auth'><a href='#proxy-auth'>Proxy authentication (--proxy-auth)</a></h3>
**Expects**: username:password *Expects*: username:password
**Default**: disabled *Default*: disabled
**Multiple invocations?**: no *Multiple invocations?*: no
Tells Arachni authenticate itself with the proxy server using the supplied username and password. Tells Arachni authenticate itself with the proxy server using the supplied username and password.
<h3 id='proxy-type'><a href='#proxy-type'>Proxy type (--proxy-type)</a></h3> <h3 id='proxy-type'><a href='#proxy-type'>Proxy type (--proxy-type)</a></h3>
**Expects**: http, http_1_0, socks4, socks5, socks4a *Expects*: http, http_1_0, socks4, socks5, socks4a
**Default**: disabled OR http *Default*: disabled OR http
**Multiple invocations?**: no *Multiple invocations?*: no
Tells Arachni what protocol to use to connect and comunicate with the proxy server. Tells Arachni what protocol to use to connect and comunicate with the proxy server.
...@@ -2336,12 +2336,12 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2336,12 +2336,12 @@ Arachni - Web Application Security Scanner Framework v0.4.2
--debug Show what is happening internally. --debug Show what is happening internally.
(You should give it a shot sometime ;) ) (You should give it a shot sometime ;) )
--only-positives Echo positive results **only**. --only-positives Echo positive results *only*.
--http-req-limit=<integer> Concurrent HTTP requests limit. --http-req-limit=<integer> Concurrent HTTP requests limit.
(Default: 20) (Default: 20)
(Be careful not to kill your server.) (Be careful not to kill your server.)
(**NOTE**: If your scan seems unresponsive try lowering the limit.) (*NOTE*: If your scan seems unresponsive try lowering the limit.)
--http-timeout=<integer> HTTP request timeout in milliseconds. --http-timeout=<integer> HTTP request timeout in milliseconds.
...@@ -2377,8 +2377,8 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2377,8 +2377,8 @@ Arachni - Web Application Security Scanner Framework v0.4.2
--load-profile=<filepath> Load a run profile from <filepath>. --load-profile=<filepath> Load a run profile from <filepath>.
(Can be used multiple times.) (Can be used multiple times.)
(You can complement it with more options, except for: (You can complement it with more options, except for:
** --modules * --modules
** --redundant) * --redundant)
--show-profile Will output the running profile as CLI arguments. --show-profile Will output the running profile as CLI arguments.
...@@ -2390,7 +2390,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2390,7 +2390,7 @@ Arachni - Web Application Security Scanner Framework v0.4.2
(Can be used multiple times.) (Can be used multiple times.)
-i <regexp> -i <regexp>
--include=<regexp> Include **only** urls matching <regex>. --include=<regexp> Include *only* urls matching <regex>.
(Can be used multiple times.) (Can be used multiple times.)
--redundant=<regexp>:<limit> --redundant=<regexp>:<limit>
...@@ -2442,19 +2442,19 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2442,19 +2442,19 @@ Arachni - Web Application Security Scanner Framework v0.4.2
(Can be used multiple times.) (Can be used multiple times.)
--audit-headers Audit HTTP headers. --audit-headers Audit HTTP headers.
(**NOTE**: Header audits use brute force. (*NOTE*: Header audits use brute force.
Almost all valid HTTP request headers will be audited Almost all valid HTTP request headers will be audited
even if there's no indication that the web app uses them.) even if there's no indication that the web app uses them.)
(**WARNING**: Enabling this option will result in increased requests, (*WARNING*: Enabling this option will result in increased requests,
maybe by an order of magnitude.) maybe by an order of magnitude.)
Coverage ----------------------- Coverage -----------------------
--audit-cookies-extensively Submit all links and forms of the page along with the cookie permutations. --audit-cookies-extensively Submit all links and forms of the page along with the cookie permutations.
(**WARNING**: This will severely increase the scan-time.) (*WARNING*: This will severely increase the scan-time.)
--fuzz-methods Audit links, forms and cookies using both GET and POST requests. --fuzz-methods Audit links, forms and cookies using both GET and POST requests.
(**WARNING**: This will severely increase the scan-time.) (*WARNING*: This will severely increase the scan-time.)
--exclude-binaries Exclude non text-based pages from the audit. --exclude-binaries Exclude non text-based pages from the audit.
(Binary content can confuse recon modules that perform pattern matching.) (Binary content can confuse recon modules that perform pattern matching.)
...@@ -2471,17 +2471,17 @@ Arachni - Web Application Security Scanner Framework v0.4.2 ...@@ -2471,17 +2471,17 @@ Arachni - Web Application Security Scanner Framework v0.4.2
Comma separated list of modules to load. Comma separated list of modules to load.
(Modules are referenced by their filename without the '.rb' extension, use '--lsmod' to list all. (Modules are referenced by their filename without the '.rb' extension, use '--lsmod' to list all.
Use '**' as a module name to deploy all modules or as a wildcard, like so: Use '*' as a module name to deploy all modules or as a wildcard, like so:
xss** to load all xss modules xss* to load all xss modules
sqli** to load all sql injection modules sqli* to load all sql injection modules
etc. etc.
You can exclude modules by prefixing their name with a minus sign: You can exclude modules by prefixing their name with a minus sign:
--modules=**,-backup_files,-xss --modules=*,-backup_files,-xss
The above will load all modules except for the 'backup_files' and 'xss' modules. The above will load all modules except for the 'backup_files' and 'xss' modules.
Or mix and match: Or mix and match:
-xss** to unload all xss modules.) -xss* to unload all xss modules.)
Reports ------------------------ Reports ------------------------
......