tag:support.arachni-scanner.com,2012-07-01:/discussions/problems/3483-arachni-sent-thousands-of-emailsArachni: Discussion 2015-04-06T07:17:25Ztag:support.arachni-scanner.com,2012-07-01:Comment/364967532015-04-06T07:09:11Z2015-04-06T07:09:12ZArachni sent thousands of emails<div><p>Hi Tasos,</p>
<p>As the subject, Arachni tried to fill in information on a
contact form on my website and redo that action over 2000 times
within a scanning session. So I received over 2000 emails from
<a href="mailto:arachni@email.gr">arachni@email.gr</a>. I guess
that action is used to check XSS, right? Is it possible to check
XSS without sending email or reduce the number of emails as least
as possible such as not up to 5 emails every contact form?</p>
<p>By the way, I want to say thank you to you for developing
Arachni. It's great.</p>
<p>Have a nice day.</p></div>Daniel Leonardtag:support.arachni-scanner.com,2012-07-01:Comment/364967532015-04-06T07:17:25Z2015-04-06T07:17:25ZArachni sent thousands of emails<div><p>Hey Daniel,</p>
<p>You'll need to exclude these forms from the scope of the scan
using the <a href="https://github.com/Arachni/arachni/wiki/Command-line-user-interface#scope-exclude-pattern">
--scope-exclude-pattern</a> option, you can pass it a pattern that
matches the form's action.</p>
<p>There's no way to limit how many times any given input vector is
going to be submitted, as that'd make its audit useless. Like you
saw, there are thousands of tests that need to be performed for
each input, limiting them to a smaller amount would be the same as
skipping it.</p>
<p>And you're very welcome. :)</p>
<p>Cheers</p></div>Tasos Laskos