Passive checks are not performed when crawling is disabled
Hi,
I see that when I use --plugin=vector_feed:yaml_file= with
crawling disabled ( --scope-page-limit=0) and check only for
passive checks like email, ssn etc( --checks "*email*"), no scans
are performed. The HTTP requests count is 0.
Am I missing anything ?
[~] Audited 2 page snapshots.
[~] Audit limited to a max of 0 pages.
[~] Duration: 00:00:04
[~] Processed 0/0 HTTP requests.
[~] -- 0.0 requests/second.
[~] Processed 0/0 browser jobs.
[~] -- 0.0 second/job.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 02 Aug, 2016 01:23 PM
The email check you have enabled doesn't perform any requests, it'll just check the content you've supplied via the vector feed data.
2 Posted by Varun on 02 Aug, 2016 01:41 PM
I want to perform the email check/other grep checks on the response on the URLs /links mentioned in the vector feed. How can I do that ?
Support Staff 3 Posted by Tasos Laskos on 02 Aug, 2016 01:44 PM
I think you're looking for the functionality provided by the --scope-restrict-paths option rather than the
vector_feed
plugin.4 Posted by Varun on 02 Aug, 2016 01:52 PM
My use case is that I have an applications making a lot of AJAX calls. I use proxy plugin to capture the ajax requests (get/post request) in a vector.yaml file. Then use this as feed for vector_feed plugin. I want to perform some static grep checks on the responses of the requests.
I earlier tried --scope-restrict-paths but gave up on this due to following 2 reasons
1. I was not sure how to specify POST urls in file for --scope-restrict-paths ?
2. The proxy plugin generates the yaml file that can be used with vector_feed but not with --scope-restrict-paths.
Support Staff 5 Posted by Tasos Laskos on 02 Aug, 2016 01:55 PM
May I see the
vector.yaml
file please?6 Posted by Varun on 02 Aug, 2016 02:00 PM
Something like below
Support Staff 7 Posted by Tasos Laskos on 02 Aug, 2016 02:01 PM
Do
page
vectors include abody
attribute?8 Posted by Varun on 02 Aug, 2016 02:05 PM
No. Should it ?
Support Staff 9 Posted by Tasos Laskos on 02 Aug, 2016 02:08 PM
No, I just didn't remember.
Unfortunately, you can't currently do what you want.
I could export page bodies as well but those will be the same bodies that were returned at the time of export, the system won't visit the URLs again to grab them.
vector_feed
data are static.10 Posted by Varun on 02 Aug, 2016 02:13 PM
Is there any other way to do what I want to. Basically, grab different Ajax requests made by my application(get/post) and then run audits on those Urls (both active and passive) ?
Support Staff 11 Posted by Tasos Laskos on 02 Aug, 2016 02:15 PM
You can use something external (browser or custom scripts) to perform those requests via Arachni's proxy and let it audit the seen resources.
12 Posted by Varun on 02 Aug, 2016 02:38 PM
Thanks but this approach prevents the automation that I intend to do.
Is there any way where I can specify get and post requests(urls and params) and run both active and passive checks on that by making requests. If there is some standard format in which I can specify the get/post urls/params, I can write some external script to generate that.
Currently as I understand
1. With vector_feed plugin makes requests/visit urls only for active checks and not passive checks.
2. With --scope-restrict-paths, I cannot specify Post request URLs and parameters.
Support Staff 13 Posted by Tasos Laskos on 02 Aug, 2016 03:55 PM
You can still automate it the same way, but instead of working within Arachni your script will be external -- it can be as easy as a
curl
call.vector_feed
plugin will not visit anything in any case, it'll just pass the specified vectors to the system be audited as if they were identified via a crawl.14 Posted by Varun on 02 Aug, 2016 05:39 PM
If I try to write an active grep based check for email or anything that I want to search in response of the requests, will this be good idea ?
The active check can make requests for the URLs fed in vector_feed and analyze the response.
Support Staff 15 Posted by Tasos Laskos on 02 Aug, 2016 05:58 PM
Sure, you can do that.
Tasos Laskos closed this discussion on 03 Aug, 2016 02:20 PM.