Skip to content
GitLab

RPC client · Changes

Page history
Updated RPC-client (markdown) authored by Tasos Laskos's avatar Tasos Laskos
Show whitespace changes
Inline Side-by-side
guides/user/RPC-client.md
View page @ 4ea57ec0
## Version 1.0 ## Version 1.1
The RPC client command line interface is similar to the The RPC client command line interface is similar to the
[[Command line user interface | Command line user interface]]. [[Command line user interface | Command line user interface]].
...@@ -11,8 +11,8 @@ The differences between the two are: ...@@ -11,8 +11,8 @@ The differences between the two are:
* Support for SSL peer verification for Dispatch server. * Support for SSL peer verification for Dispatch server.
``` ```
Arachni - Web Application Security Scanner Framework v1.0 Arachni - Web Application Security Scanner Framework v1.1
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -87,7 +87,7 @@ Scope ...@@ -87,7 +87,7 @@ Scope
--scope-dom-depth-limit LIMIT --scope-dom-depth-limit LIMIT
How deep to go into the DOM tree of each page, for pages with JavaScript code. How deep to go into the DOM tree of each page, for pages with JavaScript code.
(Default: 10) (Default: 5)
(Setting it to '0' will disable browser analysis.) (Setting it to '0' will disable browser analysis.)
--scope-https-only Forces the system to only follow HTTPS URLs. --scope-https-only Forces the system to only follow HTTPS URLs.
...@@ -115,6 +115,15 @@ Audit ...@@ -115,6 +115,15 @@ Audit
/input1\/(?<input1>\w+)\/input2\/(?<input2>\w+)/ /input1\/(?<input1>\w+)\/input2\/(?<input2>\w+)/
(Can be used multiple times.) (Can be used multiple times.)
--audit-jsons Audit JSON request inputs.
--audit-xmls Audit XML request inputs.
--audit-parameter-names Inject payloads into parameter names.
--audit-with-extra-parameter
Inject payloads into extra element parameters.
--audit-with-both-methods --audit-with-both-methods
Audit elements with both GET and POST requests. Audit elements with both GET and POST requests.
(*WARNING*: This will severely increase the scan-time.) (*WARNING*: This will severely increase the scan-time.)
...@@ -145,7 +154,7 @@ Input ...@@ -145,7 +154,7 @@ Input
HTTP HTTP
--http-user-agent USER_AGENT --http-user-agent USER_AGENT
Value for the 'User-Agent' HTTP request header. Value for the 'User-Agent' HTTP request header.
(Default: Arachni/v1.0) (Default: Arachni/v2.0dev)
--http-request-concurrency MAX_CONCURRENCY --http-request-concurrency MAX_CONCURRENCY
Maximum HTTP request concurrency. Maximum HTTP request concurrency.
...@@ -155,7 +164,7 @@ HTTP ...@@ -155,7 +164,7 @@ HTTP
--http-request-timeout TIMEOUT --http-request-timeout TIMEOUT
HTTP request timeout in milliseconds. HTTP request timeout in milliseconds.
(Default: 50000) (Default: 10000)
--http-request-redirect-limit LIMIT --http-request-redirect-limit LIMIT
Maximum amount of redirects to follow for each HTTP request. Maximum amount of redirects to follow for each HTTP request.
...@@ -173,7 +182,7 @@ HTTP ...@@ -173,7 +182,7 @@ HTTP
--http-response-max-size LIMIT --http-response-max-size LIMIT
Do not download response bodies larger than the specified LIMIT, in bytes. Do not download response bodies larger than the specified LIMIT, in bytes.
(Default: inf) (Default: 500000)
--http-cookie-jar COOKIE_JAR_FILE --http-cookie-jar COOKIE_JAR_FILE
Netscape-styled HTTP cookiejar file. Netscape-styled HTTP cookiejar file.
...@@ -197,6 +206,34 @@ HTTP ...@@ -197,6 +206,34 @@ HTTP
Proxy type. Proxy type.
(Default: auto) (Default: auto)
--http-ssl-verify-peer Verify SSL peer.
(Default: false)
--http-ssl-verify-host Verify SSL host.
(Default: false)
--http-ssl-certificate PATH
SSL certificate to use.
--http-ssl-certificate-type pem,der
SSL certificate type.
--http-ssl-key PATH SSL private key to use.
--http-ssl-key-type pem,der
SSL key type.
--http-ssl-key-password PASSWORD
Password for the SSL private key.
--http-ssl-ca PATH File holding one or more certificates with which to verify the peer.
--http-ssl-ca-directory PATH
Directory holding multiple certificate files with which to verify the peer.
--http-ssl-version TLSv1,TLSv1_0,TLSv1_1,TLSv1_2,SSLv2,SSLv3
SSL version to use.
Checks Checks
--checks-list [PATTERN] List available checks based on the provided pattern. --checks-list [PATTERN] List available checks based on the provided pattern.
...@@ -207,7 +244,7 @@ Checks ...@@ -207,7 +244,7 @@ Checks
Checks are referenced by their filename without the '.rb' extension, use '--checks-list' to list all. Checks are referenced by their filename without the '.rb' extension, use '--checks-list' to list all.
Use '*' as a check name to load all checks or as a wildcard, like so: Use '*' as a check name to load all checks or as a wildcard, like so:
xss* to load all XSS checks xss* to load all XSS checks
sqli* to load all SQL injection checks sql_injection* to load all SQL injection checks
etc. etc.
You can exclude checks by prefixing their name with a minus sign: You can exclude checks by prefixing their name with a minus sign:
...@@ -267,7 +304,7 @@ Browser cluster ...@@ -267,7 +304,7 @@ Browser cluster
--browser-cluster-job-timeout SECONDS --browser-cluster-job-timeout SECONDS
Maximum allowed time for each job. Maximum allowed time for each job.
(Default: 120) (Default: 15)
--browser-cluster-worker-time-to-live LIMIT --browser-cluster-worker-time-to-live LIMIT
Re-spawn the browser of each worker every LIMIT jobs. Re-spawn the browser of each worker every LIMIT jobs.
......