Arachni sent thousands of emails

Daniel Leonard's Avatar

Daniel Leonard

06 Apr, 2015 07:09 AM

Hi Tasos,

As the subject, Arachni tried to fill in information on a contact form on my website and redo that action over 2000 times within a scanning session. So I received over 2000 emails from [email blocked]. I guess that action is used to check XSS, right? Is it possible to check XSS without sending email or reduce the number of emails as least as possible such as not up to 5 emails every contact form?

By the way, I want to say thank you to you for developing Arachni. It's great.

Have a nice day.

  1. Support Staff 1 Posted by Tasos Laskos on 06 Apr, 2015 07:17 AM

    Tasos Laskos's Avatar

    Hey Daniel,

    You'll need to exclude these forms from the scope of the scan using the --scope-exclude-pattern option, you can pass it a pattern that matches the form's action.

    There's no way to limit how many times any given input vector is going to be submitted, as that'd make its audit useless. Like you saw, there are thousands of tests that need to be performed for each input, limiting them to a smaller amount would be the same as skipping it.

    And you're very welcome. :)


  2. Tasos Laskos closed this discussion on 06 Apr, 2015 07:17 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac