Arachni - Web Application Security Scanner Framework v0.4.7 Author: Tasos "Zapotek" Laskos (With the support of the community and the Arachni Team.) Website: http://arachni-scanner.com Documentation: http://arachni-scanner.com/wiki [~] No modules were specified. [~] -> Will run all mods. [~] No audit options were specified. [~] -> Will audit links, forms and cookies. [*] Initialising... [*] Waiting for plugins to settle... [*] Spider: [HTTP: 200] http://testphp.vulnweb.com/ [~] Identified as: nginx, php [*] Resolver: Resolving hostnames... [*] Resolver: Done!  [*] Dumping audit results in '2014-08-06 15.47.42 +0100.afr'. [*] Done! ================================================================================ [+] Web Application Security Report - Arachni Framework [~] Report generated on: 2014-08-06 15:47:42 +0100 [~] Report false positives at: http://github.com/Arachni/arachni/issues [+] System settings: [~] --------------- [~] Version: 0.4.7 [~] Revision: 0.2.8 [~] Audit started on: Wed Aug 6 15:47:39 2014 [~] Audit finished on: Wed Aug 6 15:47:40 2014 [~] Runtime: 00:00:01 [~] URL: http://testphp.vulnweb.com/ [~] User agent: Arachni/v0.4.7 [*] Audited elements: [~] * Links [~] * Forms [~] * Cookies [*] Modules: code_injection, code_injection_php_input_wrapper, code_injection_timing, csrf, file_inclusion, ldapi, os_cmd_injection, os_cmd_injection_timing, path_traversal, response_splitting, rfi, session_fixation, source_code_disclosure, sqli, sqli_blind_rdiff, sqli_blind_timing, trainer, unvalidated_redirect, xpath, xss, xss_event, xss_path, xss_script_tag, xss_tag, allowed_methods, backdoors, backup_files, common_directories, common_files, directory_listing, captcha, credit_card, cvs_svn_users, emails, form_upload, html_objects, http_only_cookies, insecure_cookies, mixed_resource, password_autocomplete, private_ip, ssn, unencrypted_password_forms, htaccess_limit, http_put, interesting_responses, localstart_asp, webdav, x_forwarded_for_access_restriction_bypass, xst [~] =========================== [+] 0 issues were detected. [+] Plugin data: [~] --------------- [*] Health map [~] ~~~~~~~~~~~~~~ [~] Description: Generates a simple list of safe/unsafe URLs. [~] Legend: [+] No issues [-] Has issues [+] http://testphp.vulnweb.com/ [~] Total: 1 [+] Without issues: 1 [-] With issues: 0 ( 0% )  [~] 0.0% [=> ] 100% [~] Est. remaining time: --:--:--  [~] Crawling, discovered 1 pages and counting.  [~] Sent 1 requests. [~] Received and analyzed 1 responses. [~] In 00:00:01 [~] Average: 0 requests/second.  [~] Burst response time total 0 [~] Burst response count total 0 [~] Burst average response time 0 [~] Burst average 0 requests/second [~] Timed-out requests 0 [~] Original max concurrency 20 [~] Throttled max concurrency 20