Unable to start the service

Mohamed Zahid's Avatar

Mohamed Zahid

19 Aug, 2016 11:01 AM

Dear Team,

I'm unable to start the web app scanning service.

unable to type any command or paste the command too.

Please help me with this.

Regards,
Zahid

  1. Support Staff 1 Posted by Tasos Laskos on 19 Aug, 2016 11:02 AM

    Tasos Laskos's Avatar

    Hello,

    Can you show me what you're trying to do and the result?

  2. 2 Posted by Mohamed Zahid on 19 Aug, 2016 11:05 AM

    Mohamed Zahid's Avatar

    Hi Tasos,

    I need to scan a web application site http://janaticscrm.net

    As the help file the command says i need to run a batch file @bin/arachni_web

    then run a command arachni --http-authentication-username VAPT --http-authentication-password VAPT#$123 http://www.janaticscrm.net/

    but i'm unable to enter any command, what i get is this in the picture attached herewith.

  3. Support Staff 3 Posted by Tasos Laskos on 19 Aug, 2016 11:08 AM

    Tasos Laskos's Avatar

    bin/arachni_web starts the web interface at http://localhost:9292, you can visit that address with your browser and perform and manage scans.

    bin/arachni is the CLI interface, you can use it to start a scan from the terminal.

  4. 4 Posted by Mohamed Zahid on 19 Aug, 2016 11:10 AM

    Mohamed Zahid's Avatar

    i will have a check tasos,

    Thank you.

    I'll back.

  5. 5 Posted by Mohamed Zahid on 19 Aug, 2016 11:13 AM

    Mohamed Zahid's Avatar

    Hi tasos,

    Our colleague has resigned the company & he is unreachable.

    Is there a way to reset the password.

    Please help

  6. Support Staff 6 Posted by Tasos Laskos on 19 Aug, 2016 11:18 AM

    Tasos Laskos's Avatar

    You can use bin/arachni_web_change_password:

    bin/arachni_web_change_password <e-mail> <password>
    
  7. 7 Posted by Mohamed Zahid on 19 Aug, 2016 11:27 AM

    Mohamed Zahid's Avatar

    the bat file is just opening a cmd prompt window then its being closed.

    I'm unable to type anything in it

  8. Support Staff 8 Posted by Tasos Laskos on 19 Aug, 2016 11:28 AM

    Tasos Laskos's Avatar

    You need to open a terminal and run it, not click on it.

  9. 9 Posted by Mohamed Zahid on 19 Aug, 2016 11:30 AM

    Mohamed Zahid's Avatar

    i'm using a windows server machine

  10. Support Staff 10 Posted by Tasos Laskos on 19 Aug, 2016 11:31 AM

    Tasos Laskos's Avatar

    Windows servers have cmd.exe too.

  11. 11 Posted by Mohamed Zahid on 19 Aug, 2016 11:44 AM

    Mohamed Zahid's Avatar

    Got it Tasos

    Thank you for your timely help.

    I have got it done.

    I have a Web UI with me & its very easy to scan the URL.

    Cheers,
    Zahid

  12. Support Staff 12 Posted by Tasos Laskos on 19 Aug, 2016 12:18 PM

    Tasos Laskos's Avatar

    Glad you got it working.

  13. Tasos Laskos closed this discussion on 19 Aug, 2016 12:18 PM.

  14. Mohamed Zahid re-opened this discussion on 19 Aug, 2016 12:22 PM

  15. 13 Posted by Mohamed Zahid on 19 Aug, 2016 12:22 PM

    Mohamed Zahid's Avatar

    tasos are u still here

  16. 14 Posted by Mohamed Zahid on 19 Aug, 2016 12:25 PM

    Mohamed Zahid's Avatar

    i have a query, in the scanning section. what we have here is Default, SQL Injection Profile & XSS Profile.

    Which one would be better for generating a typical Vulnerability Analysis Report.

    And what type of a report would i be getting if i get to scan a web app site using default profile.

    Please provide me a differentiation.

    Regards,
    Zahid

  17. Support Staff 15 Posted by Tasos Laskos on 19 Aug, 2016 12:27 PM

    Tasos Laskos's Avatar

    The default profile loads all checks so it's the better choice.

    At the end of the scan you'll be able to get the results in the following formats: https://github.com/Arachni/arachni/tree/experimental#reporters

  18. 16 Posted by Mohamed Zahid on 19 Aug, 2016 12:41 PM

    Mohamed Zahid's Avatar

    tasos u have got me wrong
    its not the type of reports.

    i'm talking about the result of the type of scans.

  19. Support Staff 17 Posted by Tasos Laskos on 19 Aug, 2016 12:45 PM

    Tasos Laskos's Avatar

    I'm not sure what you mean, but the default profile will check for all vulnerabilities while the others will only check for XSS and SQL accordingly.

  20. 18 Posted by Mohamed Zahid on 19 Aug, 2016 01:12 PM

    Mohamed Zahid's Avatar

    so you mean to say that default profile includes the combination of xss & also sql combined.

    i'm i right in what im saying.

    ok tasos one more help

    i have run a full web app scan using cmd prompt, now to get a report in html what shall i do

  21. Support Staff 19 Posted by Tasos Laskos on 20 Aug, 2016 04:20 PM

    Tasos Laskos's Avatar

    The default includes all checks, XSS, SQL Injection and many more; you can find more details on the default profile's page.

    If you need to scan via the CLI the report will be in the AFR format and will be saved in the same directory from which you run the CLI.
    You can then pass the AFR file to bin/arachni_reporter and convert it to HTML.

  22. Tasos Laskos closed this discussion on 24 Aug, 2016 12:14 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac