Skip to content
GitLab

RPC client · Changes

Page history
Updated RPC-client (markdown) authored by Tasos Laskos's avatar Tasos Laskos
Show whitespace changes
Inline Side-by-side
guides/user/RPC-client.md
View page @ 734aaafc
## Version 1.1 ## Version 1.3.2
The RPC client command line interface is similar to the The RPC client command line interface is similar to the
[[Command line user interface | Command line user interface]]. [[Command line user interface | Command line user interface]].
...@@ -11,7 +11,357 @@ The differences between the two are: ...@@ -11,7 +11,357 @@ The differences between the two are:
* Support for SSL peer verification for Dispatch server. * Support for SSL peer verification for Dispatch server.
``` ```
Arachni - Web Application Security Scanner Framework v1.1 Arachni - Web Application Security Scanner Framework v1.3.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
(With the support of the community and the Arachni Team.)
Website: http://arachni-scanner.com
Documentation: http://arachni-scanner.com/wiki
Usage: ./bin/arachni [options] URL
Generic
-h, --help Output this message.
--version Show version information.
--authorized-by EMAIL_ADDRESS
E-mail address of the person who authorized the scan.
(It'll make it easier on the sys-admins during log reviews.)
(Will be used as a value for the 'From' HTTP request header.)
Output
--output-verbose Show verbose output.
--output-debug [LEVEL 1-3]
Show debugging information.
--output-only-positives Only output positive results.
Scope
--scope-include-pattern PATTERN
Only include resources whose path/action matches PATTERN.
(Can be used multiple times.)
--scope-include-subdomains
Follow links to subdomains.
(Default: false)
--scope-exclude-pattern PATTERN
Exclude resources whose path/action matches PATTERN.
(Can be used multiple times.)
--scope-exclude-content-pattern PATTERN
Exclude pages whose content matches PATTERN.
(Can be used multiple times.)
--scope-exclude-binaries
Exclude non text-based pages.
(Binary content can confuse passive checks that perform pattern matching.)
--scope-redundant-path-pattern PATTERN:LIMIT
Limit crawl on redundant pages like galleries or catalogs.
(URLs matching PATTERN will be crawled LIMIT amount of times.)
(Can be used multiple times.)
--scope-auto-redundant [LIMIT]
Only follow URLs with identical query parameter names LIMIT amount of times.
(Default: 10)
--scope-directory-depth-limit LIMIT
Directory depth limit.
(Default: inf)
(How deep Arachni should go into the site structure.)
--scope-page-limit LIMIT
How many pages to crawl and audit.
(Default: inf)
--scope-extend-paths FILE
Add the paths in FILE to the ones discovered by the crawler.
(Can be used multiple times.)
--scope-restrict-paths FILE
Use the paths in FILE instead of crawling.
(Can be used multiple times.)
--scope-url-rewrite PATTERN:SUBSTITUTION
Rewrite URLs based on the given PATTERN and SUBSTITUTION.
To convert: http://example.com/articles/some-stuff/23 to http://example.com/articles.php?id=23
Use: articles/[\w-]+/(\d+):articles.php?id=\1
--scope-dom-depth-limit LIMIT
How deep to go into the DOM tree of each page, for pages with JavaScript code.
(Default: 5)
(Setting it to '0' will disable browser analysis.)
--scope-https-only Forces the system to only follow HTTPS URLs.
(Default: false)
Audit
--audit-links Audit links.
--audit-forms Audit forms.
--audit-cookies Audit cookies.
--audit-cookies-extensively
Submit all links and forms of the page along with the cookie permutations.
(*WARNING*: This will severely increase the scan-time.)
--audit-headers Audit headers.
--audit-link-template TEMPLATE
Regular expression with named captures to use to extract input information from generic paths.
To extract the 'input1' and 'input2' inputs from:
http://example.com/input1/value1/input2/value2
Use:
input1/(?<input1>\w+)/input2/(?<input2>\w+)
(Can be used multiple times.)
--audit-jsons Audit JSON request inputs.
--audit-xmls Audit XML request inputs.
--audit-ui-inputs Audit orphan Input elements with events.
--audit-ui-forms Audit UI Forms.
Input and button groups that do not belong to a parent <form> element.
--audit-parameter-names Inject payloads into parameter names.
--audit-with-extra-parameter
Inject payloads into extra element parameters.
--audit-with-both-methods
Audit elements with both GET and POST requests.
(*WARNING*: This will severely increase the scan-time.)
--audit-exclude-vector PATTERN
Exclude input vectorS whose name matches PATTERN.
(Can be used multiple times.)
--audit-include-vector PATTERN
Include only input vectors whose name matches PATTERN.
(Can be used multiple times.)
Input
--input-value PATTERN:VALUE
PATTERN to match against input names and VALUE to use for them.
(Can be used multiple times.)
--input-values-file FILE
YAML file containing a Hash object with regular expressions, to match against input names, as keys and input values as values.
--input-without-defaults
Do not use the system default input values.
--input-force Fill-in even non-empty inputs.
HTTP
--http-user-agent USER_AGENT
Value for the 'User-Agent' HTTP request header.
(Default: Arachni/v1.3.2)
--http-request-concurrency MAX_CONCURRENCY
Maximum HTTP request concurrency.
(Default: 20)
(Be careful not to kill your server.)
(*NOTE*: If your scan seems unresponsive try lowering the limit.)
--http-request-timeout TIMEOUT
HTTP request timeout in milliseconds.
(Default: 10000)
--http-request-redirect-limit LIMIT
Maximum amount of redirects to follow for each HTTP request.
(Default: 5)
--http-request-queue-size QUEUE_SIZE
Maximum amount of requests to keep in the queue.
Bigger size means better scheduling and better performance,
smaller means less RAM consumption.
(Default: 100)
--http-request-header NAME=VALUE
Specify custom headers to be included in the HTTP requests.
(Can be used multiple times.)
--http-response-max-size LIMIT
Do not download response bodies larger than the specified LIMIT, in bytes.
(Default: 500000)
--http-cookie-jar COOKIE_JAR_FILE
Netscape-styled HTTP cookiejar file.
--http-cookie-string COOKIE
Cookie representation as an 'Cookie' HTTP request header.
--http-authentication-username USERNAME
Username for HTTP authentication.
--http-authentication-password PASSWORD
Password for HTTP authentication.
--http-proxy ADDRESS:PORT
Proxy to use.
--http-proxy-authentication USERNAME:PASSWORD
Proxy authentication credentials.
--http-proxy-type http,http_1_0,socks4,socks5,socks4a
Proxy type.
(Default: auto)
--http-ssl-verify-peer Verify SSL peer.
(Default: false)
--http-ssl-verify-host Verify SSL host.
(Default: false)
--http-ssl-certificate PATH
SSL certificate to use.
--http-ssl-certificate-type pem,der
SSL certificate type.
--http-ssl-key PATH SSL private key to use.
--http-ssl-key-type pem,der
SSL key type.
--http-ssl-key-password PASSWORD
Password for the SSL private key.
--http-ssl-ca PATH File holding one or more certificates with which to verify the peer.
--http-ssl-ca-directory PATH
Directory holding multiple certificate files with which to verify the peer.
--http-ssl-version TLSv1,TLSv1_0,TLSv1_1,TLSv1_2,SSLv2,SSLv3
SSL version to use.
Checks
--checks-list [PATTERN] List available checks based on the provided pattern.
(If no pattern is provided all checks will be listed.)
--checks CHECK,CHECK2,...
Comma separated list of checks to load.
Checks are referenced by their filename without the '.rb' extension, use '--checks-list' to list all.
Use '*' as a check name to load all checks or as a wildcard, like so:
xss* to load all XSS checks
sql_injection* to load all SQL injection checks
etc.
You can exclude checks by prefixing their name with a minus sign:
--checks=*,-backup_files,-xss
The above will load all checks except for the 'backup_files' and 'xss' checks.
Or mix and match:
-xss* to unload all XSS checks.
Plugins
--plugins-list [PATTERN]
List available plugins based on the provided pattern.
(If no pattern is provided all plugins will be listed.)
--plugin 'PLUGIN:OPTION=VALUE,OPTION2=VALUE2'
PLUGIN is the name of the plugin as displayed by '--plugins-list'.
(Plugins are referenced by their filename without the '.rb' extension, use '--plugins-list' to list all.)
(Can be used multiple times.)
Platforms
--platforms-list List available platforms.
--platforms-no-fingerprinting
Disable platform fingerprinting.
(By default, the system will try to identify the deployed server-side platforms automatically
in order to avoid sending irrelevant payloads.)
--platforms PLATFORM,PLATFORM2,...
Comma separated list of platforms (by shortname) to audit.
(The given platforms will be used *in addition* to fingerprinting. In order to restrict the audit to
these platforms enable the '--platforms-no-fingerprinting' option.)
Session
--session-check-url URL URL to use to verify that the scanner is still logged in to the web application.
(Requires 'session-check-pattern'.)
--session-check-pattern PATTERN
Pattern used against the body of the 'session-check-url' to verify that the scanner is still logged in to the web application.
(Requires 'session-check-url'.)
Profiles
--profile-save-filepath FILEPATH
Save the current configuration profile/options to FILEPATH.
--profile-load-filepath FILEPATH
Load a configuration profile from FILEPATH.
Browser cluster
--browser-cluster-local-storage FILE
Sets the browsers' local storage using the JSON data in FILE.
--browser-cluster-wait-for-element PATTERN:CSS
Wait for element matching CSS to appear when visiting a page whose URL matches the PATTERN.
--browser-cluster-pool-size SIZE
Amount of browser workers to keep in the pool and put to work.
(Default: 6)
--browser-cluster-job-timeout SECONDS
Maximum allowed time for each job.
(Default: 25)
--browser-cluster-worker-time-to-live LIMIT
Re-spawn the browser of each worker every LIMIT jobs.
(Default: 100)
--browser-cluster-ignore-images
Do not load images.
--browser-cluster-screen-width
Browser screen width.
(Default: 1600)
--browser-cluster-screen-height
Browser screen height.
(Default: 1200)
Report
--report-save-path PATH Directory or file path where to store the scan report.
You can use the generated file to create reports in several formats with the 'arachni_reporter' executable.
Snapshot
--snapshot-save-path PATH
Directory or file path where to store the snapshot of a suspended scan.
You can use the generated file to resume the scan with the 'arachni_restore' executable.
Timeout
--timeout HOURS:MINUTES:SECONDS
Stop the scan after the given duration is exceeded.
--timeout-suspend Suspend after the timeout.
You can use the generated file to resume the scan with the 'arachni_restore' executable.
zapotek@zonster:~/workspace/arachni [bugfix/v1.3.2]$ ./bin/arachni_rpc -h
Arachni - Web Application Security Scanner Framework v1.3.2
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
(With the support of the community and the Arachni Team.) (With the support of the community and the Arachni Team.)
...@@ -82,8 +432,8 @@ Scope ...@@ -82,8 +432,8 @@ Scope
--scope-url-rewrite PATTERN:SUBSTITUTION --scope-url-rewrite PATTERN:SUBSTITUTION
Rewrite URLs based on the given PATTERN and SUBSTITUTION. Rewrite URLs based on the given PATTERN and SUBSTITUTION.
To convert: http://test.com/articles/some-stuff/23 to http://test.com/articles.php?id=23 To convert: http://example.com/articles/some-stuff/23 to http://example.com/articles.php?id=23
Use: /articles\/[\w-]+\/(\d+)/:articles.php?id=\1 Use: articles/[\w-]+/(\d+):articles.php?id=\1
--scope-dom-depth-limit LIMIT --scope-dom-depth-limit LIMIT
How deep to go into the DOM tree of each page, for pages with JavaScript code. How deep to go into the DOM tree of each page, for pages with JavaScript code.
...@@ -110,15 +460,20 @@ Audit ...@@ -110,15 +460,20 @@ Audit
--audit-link-template TEMPLATE --audit-link-template TEMPLATE
Regular expression with named captures to use to extract input information from generic paths. Regular expression with named captures to use to extract input information from generic paths.
To extract the 'input1' and 'input2' inputs from: To extract the 'input1' and 'input2' inputs from:
http://test.com/input1/value1/input2/value2 http://example.com/input1/value1/input2/value2
Use: Use:
/input1\/(?<input1>\w+)\/input2\/(?<input2>\w+)/ input1/(?<input1>\w+)/input2/(?<input2>\w+)
(Can be used multiple times.) (Can be used multiple times.)
--audit-jsons Audit JSON request inputs. --audit-jsons Audit JSON request inputs.
--audit-xmls Audit XML request inputs. --audit-xmls Audit XML request inputs.
--audit-ui-inputs Audit orphan Input elements with events.
--audit-ui-forms Audit UI Forms.
Input and button groups that do not belong to a parent <form> element.
--audit-parameter-names Inject payloads into parameter names. --audit-parameter-names Inject payloads into parameter names.
--audit-with-extra-parameter --audit-with-extra-parameter
...@@ -154,7 +509,7 @@ Input ...@@ -154,7 +509,7 @@ Input
HTTP HTTP
--http-user-agent USER_AGENT --http-user-agent USER_AGENT
Value for the 'User-Agent' HTTP request header. Value for the 'User-Agent' HTTP request header.
(Default: Arachni/v2.0dev) (Default: Arachni/v1.3.2)
--http-request-concurrency MAX_CONCURRENCY --http-request-concurrency MAX_CONCURRENCY
Maximum HTTP request concurrency. Maximum HTTP request concurrency.
...@@ -174,7 +529,7 @@ HTTP ...@@ -174,7 +529,7 @@ HTTP
Maximum amount of requests to keep in the queue. Maximum amount of requests to keep in the queue.
Bigger size means better scheduling and better performance, Bigger size means better scheduling and better performance,
smaller means less RAM consumption. smaller means less RAM consumption.
(Default: 500) (Default: 100)
--http-request-header NAME=VALUE --http-request-header NAME=VALUE
Specify custom headers to be included in the HTTP requests. Specify custom headers to be included in the HTTP requests.
...@@ -298,13 +653,19 @@ Profiles ...@@ -298,13 +653,19 @@ Profiles
Browser cluster Browser cluster
--browser-cluster-local-storage FILE
Sets the browsers' local storage using the JSON data in FILE.
--browser-cluster-wait-for-element PATTERN:CSS
Wait for element matching CSS to appear when visiting a page whose URL matches the PATTERN.
--browser-cluster-pool-size SIZE --browser-cluster-pool-size SIZE
Amount of browser workers to keep in the pool and put to work. Amount of browser workers to keep in the pool and put to work.
(Default: 6) (Default: 6)
--browser-cluster-job-timeout SECONDS --browser-cluster-job-timeout SECONDS
Maximum allowed time for each job. Maximum allowed time for each job.
(Default: 15) (Default: 25)
--browser-cluster-worker-time-to-live LIMIT --browser-cluster-worker-time-to-live LIMIT
Re-spawn the browser of each worker every LIMIT jobs. Re-spawn the browser of each worker every LIMIT jobs.
...@@ -356,4 +717,5 @@ Report ...@@ -356,4 +717,5 @@ Report
Timeout Timeout
--timeout HOURS:MINUTES:SECONDS --timeout HOURS:MINUTES:SECONDS
Stop the scan after the given duration is exceeded. Stop the scan after the given duration is exceeded.
``` ```