Arachni seems to be not scanning

chris's Avatar

chris

06 Aug, 2014 02:55 PM

Hello, there!

I'm running arachni (against a vulnerabilty test site) and it seems to be not scanning the site. And don't has raised any errors.

Below the output (also I've attached an output file) of the command "arachni http://http://testphp.vulnweb.com --debug".

Any tips? Thanks!

Arachni - Web Application Security Scanner Framework v0.4.7
Author: Tasos "Zapotek" Laskos [email blocked]

       (With the support of the community and the Arachni Team.)

Website: http://arachni-scanner.com Documentation: http://arachni-scanner.com/wiki

[~] No modules were specified. [~] -> Will run all mods.

[~] No audit options were specified. [~] -> Will audit links, forms and cookies.

[*] Initialising... [*] Waiting for plugins to settle... [!] HTTP: ------------ [!] HTTP: Queued request. [!] HTTP: ID#: 0 [!] HTTP: URL: http://testphp.vulnweb.com/ [!] HTTP: Method: get [!] HTTP: Params: [!] HTTP: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Encoding"=>"gzip, deflate", "User-Agent"=>"Arachni/v0.4.7"} [!] HTTP: Train?: false [!] HTTP: ------------ [!] HTTP: ------------ [!] HTTP: Got response for request ID#: 0 [!] HTTP: Status: 200 [!] HTTP: Error msg: No error [!] HTTP: URL: http://testphp.vulnweb.com/ [!] HTTP: Headers: HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 06 Aug 2014 14:52:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Content-Encoding: gzip

[!] HTTP: Parsed headers: {"Server"=>"nginx/1.4.1", "Date"=>"Wed, 06 Aug 2014 14:52:10 GMT", "Content-Type"=>"text/html", "Transfer-Encoding"=>"chunked", "Connection"=>"keep-alive", "X-Powered-By"=>"PHP/5.3.10-1~lucid+2uwsgi2", "Content-Encoding"=>"gzip"} [!] HTTP: ------------ [*] Spider: [HTTP: 200] http://testphp.vulnweb.com/ [~] Identified as: nginx, php [!] [!] Waiting on the following (6) plugins to finish: [!] autothrottle, healthmap, discovery, timing_attacks, uniformity, resolver [!] [*] Resolver: Resolving hostnames... [*] Resolver: Done! [!] [!] Waiting on the following (5) plugins to finish: [!] healthmap, discovery, timing_attacks, uniformity, resolver [!]

[*] Dumping audit results in '2014-08-06 15.52.13 +0100.afr'. [*] Done!

[+] Web Application Security Report - Arachni Framework

[~] Report generated on: 2014-08-06 15:52:13 +0100 [~] Report false positives at: http://github.com/Arachni/arachni/issues

[+] System settings: [~] --------------- [~] Version: 0.4.7 [~] Revision: 0.2.8 [~] Audit started on: Wed Aug 6 15:52:10 2014 [~] Audit finished on: Wed Aug 6 15:52:11 2014 [~] Runtime: 00:00:01

[~] URL: http://testphp.vulnweb.com/ [~] User agent: Arachni/v0.4.7

[*] Audited elements: [~] * Links [~] * Forms [~] * Cookies

[*] Modules: code_injection, code_injection_php_input_wrapper, code_injection_timing, csrf, file_inclusion, ldapi, os_cmd_injection, os_cmd_injection_timing, path_traversal, response_splitting, rfi, session_fixation, source_code_disclosure, sqli, sqli_blind_rdiff, sqli_blind_timing, trainer, unvalidated_redirect, xpath, xss, xss_event, xss_path, xss_script_tag, xss_tag, allowed_methods, backdoors, backup_files, common_directories, common_files, directory_listing, captcha, credit_card, cvs_svn_users, emails, form_upload, html_objects, http_only_cookies, insecure_cookies, mixed_resource, password_autocomplete, private_ip, ssn, unencrypted_password_forms, htaccess_limit, http_put, interesting_responses, localstart_asp, webdav, x_forwarded_for_access_restriction_bypass, xst

[~] ===========================

[+] 0 issues were detected.

[+] Plugin data: [~] ---------------

[*] Health map [~] ~~~~~~~~~~~~~~ [~] Description: Generates a simple list of safe/unsafe URLs.

[~] Legend: [+] No issues [-] Has issues

[+] http://testphp.vulnweb.com/

[~] Total: 1 [+] Without issues: 1 [-] With issues: 0 ( 0% )

[~] 0.0% [=> ] 100% [~] Est. remaining time: --:--:--

[~] Crawling, discovered 1 pages and counting.

[~] Sent 1 requests. [~] Received and analyzed 1 responses. [~] In 00:00:01 [~] Average: 0 requests/second.

[~] Burst response time total 0 [~] Burst response count total 0 [~] Burst average response time 0 [~] Burst average 0 requests/second [~] Timed-out requests 0 [~] Original max concurrency 20 [~] Throttled max concurrency 20

  1. 1 Posted by chris on 06 Aug, 2014 04:13 PM

    chris's Avatar

    Nervermind. Seems to be a problem with my shell environment. I'm using ZSH.

    I'll keep you posted.

    Thanks.

  2. Tasos Laskos closed this discussion on 11 Aug, 2014 01:05 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac