Plugin vector_feed doesnt work

KxCode's Avatar

KxCode

06 Jan, 2016 09:56 AM

Arachni cant find vulnerables with vector_feed plugin, the comandline and the yaml file like below:

./arachni http://phptest.vulnweb.com --plugin=vector_feed:yaml_file=/root/Desktop/vectors_post.yml --checks=xss* --scope-page-limit=1

vectors_post.xml:

#
# Generated by the Proxy plugin of the Arachni Web Application Security Scanner Framework.
#
# The contents of this file are formatted for use with the 'vector_feed' plugin.
# You can use this file to save and then feed these vectors back to Arachni
# without needing to operate the proxy again.
#

---
- :type: :form
  :method: :post
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    uuname: a
    upass: a
    upass2: a
    urname: a
    ucc: a
    uemail: a
    uphone: a
    uaddress: a
    signup: signup
  :source: 
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    Accept-Encoding: gzip, deflate
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    From: ''
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36
      (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    Referer: http://testphp.vulnweb.com/signup.php
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    Pragma: no-cache
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    Host: testphp.vulnweb.com
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    Proxy-Connection: keep-alive
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    Cache-Control: max-age=0
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    Origin: http://testphp.vulnweb.com
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    Upgrade-Insecure-Requests: '1'
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    Content-Type: application/x-www-form-urlencoded
- :type: :header
  :method: :get
  :action: http://testphp.vulnweb.com/secured/newuser.php
  :inputs:
    Accept-Language: zh-CN,zh;q=0.8,en;q=0.6,zh-TW;q=0.4
  1. 1 Posted by KxCode on 06 Jan, 2016 09:57 AM

    KxCode's Avatar

    attached yaml file

  2. Support Staff 2 Posted by Tasos Laskos on 06 Jan, 2016 12:19 PM

    Tasos Laskos's Avatar

    Thanks for the feedback, looking into it.

    Cheers

  3. Support Staff 3 Posted by Tasos Laskos on 06 Jan, 2016 12:33 PM

    Tasos Laskos's Avatar

    Turns out it's the scope page restriction, if you set it to 3 it will work although it shouldn't behave this way.

  4. Support Staff 4 Posted by Tasos Laskos on 06 Jan, 2016 01:17 PM

    Tasos Laskos's Avatar

    Erm, turns out you have the wrong URL, it's http://testphp.vulnweb.com not http://phptest.vulnweb.com.

    You also need to set --scope-page-limit=0 like the plugin's description says.

    Cheers

  5. Tasos Laskos closed this discussion on 06 Jan, 2016 01:17 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac