tag:support.arachni-scanner.com,2012-07-01:/discussions/problems/4073-passive-checks-are-not-performed-when-crawling-is-disabledArachni: Discussion 2016-08-03T14:20:12Ztag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T13:23:25Z2016-08-02T13:23:25ZPassive checks are not performed when crawling is disabled<div><p>The email check you have enabled doesn't perform any requests,
it'll just check the content you've supplied via the vector feed
data.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T13:41:42Z2016-08-02T13:41:43ZPassive checks are not performed when crawling is disabled<div><p>I want to perform the email check/other grep checks on the
response on the URLs /links mentioned in the vector feed. How can I
do that ?</p></div>Varuntag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T13:44:03Z2016-08-02T13:44:03ZPassive checks are not performed when crawling is disabled<div><p>I think you're looking for the functionality provided by the
<a href="https://github.com/Arachni/arachni/wiki/Command-line-user-interface#scope-restrict-paths">
--scope-restrict-paths</a> option rather than the
<code>vector_feed</code> plugin.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T13:52:40Z2016-08-02T13:52:42ZPassive checks are not performed when crawling is disabled<div><p>My use case is that I have an applications making a lot of AJAX
calls. I use proxy plugin to capture the ajax requests (get/post
request) in a vector.yaml file. Then use this as feed for
vector_feed plugin. I want to perform some static grep checks on
the responses of the requests.</p>
<p>I earlier tried --scope-restrict-paths but gave up on this due
to following 2 reasons<br>
1. I was not sure how to specify POST urls in file for
--scope-restrict-paths ?<br>
2. The proxy plugin generates the yaml file that can be used with
vector_feed but not with --scope-restrict-paths.</p></div>Varuntag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T13:55:53Z2016-08-02T13:55:53ZPassive checks are not performed when crawling is disabled<div><p>May I see the <code>vector.yaml</code> file please?</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T14:00:12Z2016-08-02T14:01:33ZPassive checks are not performed when crawling is disabled<div><p>Something like below</p>
<pre>
<code>- :type: :link
:method: :get
:action: https://test.com/abc
- :type: page
:url: https://test.com/abc
# response code
:code: 200</code>
</pre></div>Varuntag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T14:01:14Z2016-08-02T14:01:14ZPassive checks are not performed when crawling is disabled<div><p>Do <code>page</code> vectors include a <code>body</code>
attribute?</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T14:05:03Z2016-08-02T14:05:03ZPassive checks are not performed when crawling is disabled<div><p>No. Should it ?</p></div>Varuntag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T14:08:03Z2016-08-02T14:08:03ZPassive checks are not performed when crawling is disabled<div><p>No, I just didn't remember.<br>
Unfortunately, you can't currently do what you want.</p>
<p>I could export page bodies as well but those will be the same
bodies that were returned at the time of export, the system won't
visit the URLs again to grab them.</p>
<p><code>vector_feed</code> data are static.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T14:13:38Z2016-08-02T14:13:40ZPassive checks are not performed when crawling is disabled<div><p>Is there any other way to do what I want to. Basically, grab
different Ajax requests made by my application(get/post) and then
run audits on those Urls (both active and passive) ?</p></div>Varuntag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T14:15:43Z2016-08-02T14:15:43ZPassive checks are not performed when crawling is disabled<div><p>You can use something external (browser or custom scripts) to
perform those requests via Arachni's proxy and let it audit the
seen resources.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T14:38:26Z2016-08-02T15:53:07ZPassive checks are not performed when crawling is disabled<div><p>Thanks but this approach prevents the automation that I intend
to do.</p>
<p>Is there any way where I can specify get and post requests(urls
and params) and run both active and passive checks on that by
making requests. If there is some standard format in which I can
specify the get/post urls/params, I can write some external script
to generate that.</p>
<p>Currently as I understand<br>
1. With vector_feed plugin makes requests/visit urls only for
active checks and not passive checks.<br>
2. With --scope-restrict-paths, I cannot specify Post request URLs
and parameters.</p></div>Varuntag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T15:55:57Z2016-08-02T15:55:57ZPassive checks are not performed when crawling is disabled<div><p>You can still automate it the same way, but instead of working
within Arachni your script will be external -- it can be as easy as
a <code>curl</code> call.</p>
<ol>
<li>No, the <code>vector_feed</code> plugin will not visit anything
in any case, it'll just pass the specified vectors to the system be
audited as if they were identified via a crawl.<br></li>
<li>That's correct.</li>
</ol></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T17:39:07Z2016-08-02T17:39:09ZPassive checks are not performed when crawling is disabled<div><p>If I try to write an active grep based check for email or
anything that I want to search in response of the requests, will
this be good idea ?</p>
<p>The active check can make requests for the URLs fed in
vector_feed and analyze the response.</p></div>Varuntag:support.arachni-scanner.com,2012-07-01:Comment/404569622016-08-02T17:58:19Z2016-08-02T17:58:19ZPassive checks are not performed when crawling is disabled<div><p>Sure, you can do that.</p></div>Tasos Laskos