Passive checks are not performed when crawling is disabled

Varun's Avatar

Varun

02 Aug, 2016 01:13 PM

Hi,

I see that when I use --plugin=vector_feed:yaml_file= with crawling disabled ( --scope-page-limit=0) and check only for passive checks like email, ssn etc( --checks "*email*"), no scans are performed. The HTTP requests count is 0.
Am I missing anything ?

 [~] Audited 2 page snapshots.
 [~] Audit limited to a max of 0 pages.

 [~] Duration: 00:00:04
 [~] Processed 0/0 HTTP requests.
 [~] -- 0.0 requests/second.
 [~] Processed 0/0 browser jobs.
 [~] -- 0.0 second/job.
  1. Support Staff 1 Posted by Tasos Laskos on 02 Aug, 2016 01:23 PM

    Tasos Laskos's Avatar

    The email check you have enabled doesn't perform any requests, it'll just check the content you've supplied via the vector feed data.

  2. 2 Posted by Varun on 02 Aug, 2016 01:41 PM

    Varun's Avatar

    I want to perform the email check/other grep checks on the response on the URLs /links mentioned in the vector feed. How can I do that ?

  3. Support Staff 3 Posted by Tasos Laskos on 02 Aug, 2016 01:44 PM

    Tasos Laskos's Avatar

    I think you're looking for the functionality provided by the --scope-restrict-paths option rather than the vector_feed plugin.

  4. 4 Posted by Varun on 02 Aug, 2016 01:52 PM

    Varun's Avatar

    My use case is that I have an applications making a lot of AJAX calls. I use proxy plugin to capture the ajax requests (get/post request) in a vector.yaml file. Then use this as feed for vector_feed plugin. I want to perform some static grep checks on the responses of the requests.

    I earlier tried --scope-restrict-paths but gave up on this due to following 2 reasons
    1. I was not sure how to specify POST urls in file for --scope-restrict-paths ?
    2. The proxy plugin generates the yaml file that can be used with vector_feed but not with --scope-restrict-paths.

  5. Support Staff 5 Posted by Tasos Laskos on 02 Aug, 2016 01:55 PM

    Tasos Laskos's Avatar

    May I see the vector.yaml file please?

  6. 6 Posted by Varun on 02 Aug, 2016 02:00 PM

    Varun's Avatar

    Something like below

    - :type: :link
      :method: :get
      :action: https://test.com/abc
    
    - :type: page
      :url:  https://test.com/abc
          # response code
      :code: 200
    
  7. Support Staff 7 Posted by Tasos Laskos on 02 Aug, 2016 02:01 PM

    Tasos Laskos's Avatar

    Do page vectors include a body attribute?

  8. 8 Posted by Varun on 02 Aug, 2016 02:05 PM

    Varun's Avatar

    No. Should it ?

  9. Support Staff 9 Posted by Tasos Laskos on 02 Aug, 2016 02:08 PM

    Tasos Laskos's Avatar

    No, I just didn't remember.
    Unfortunately, you can't currently do what you want.

    I could export page bodies as well but those will be the same bodies that were returned at the time of export, the system won't visit the URLs again to grab them.

    vector_feed data are static.

  10. 10 Posted by Varun on 02 Aug, 2016 02:13 PM

    Varun's Avatar

    Is there any other way to do what I want to. Basically, grab different Ajax requests made by my application(get/post) and then run audits on those Urls (both active and passive) ?

  11. Support Staff 11 Posted by Tasos Laskos on 02 Aug, 2016 02:15 PM

    Tasos Laskos's Avatar

    You can use something external (browser or custom scripts) to perform those requests via Arachni's proxy and let it audit the seen resources.

  12. 12 Posted by Varun on 02 Aug, 2016 02:38 PM

    Varun's Avatar

    Thanks but this approach prevents the automation that I intend to do.

    Is there any way where I can specify get and post requests(urls and params) and run both active and passive checks on that by making requests. If there is some standard format in which I can specify the get/post urls/params, I can write some external script to generate that.

    Currently as I understand
    1. With vector_feed plugin makes requests/visit urls only for active checks and not passive checks.
    2. With --scope-restrict-paths, I cannot specify Post request URLs and parameters.

  13. Support Staff 13 Posted by Tasos Laskos on 02 Aug, 2016 03:55 PM

    Tasos Laskos's Avatar

    You can still automate it the same way, but instead of working within Arachni your script will be external -- it can be as easy as a curl call.

    1. No, the vector_feed plugin will not visit anything in any case, it'll just pass the specified vectors to the system be audited as if they were identified via a crawl.
    2. That's correct.
  14. 14 Posted by Varun on 02 Aug, 2016 05:39 PM

    Varun's Avatar

    If I try to write an active grep based check for email or anything that I want to search in response of the requests, will this be good idea ?

    The active check can make requests for the URLs fed in vector_feed and analyze the response.

  15. Support Staff 15 Posted by Tasos Laskos on 02 Aug, 2016 05:58 PM

    Tasos Laskos's Avatar

    Sure, you can do that.

  16. Tasos Laskos closed this discussion on 03 Aug, 2016 02:20 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac