Problem with detecting vulnerabilities with arachni on DVWA

hasna.gouram's Avatar


03 Jan, 2017 07:54 PM


I have been trying to find vulnerabilities such as XSS and PathTraversal but Atachni does not find any of them.

PS: i'm using arachni with Line command.

I have read that we have to create a profile or something like that (but i don't think that it is possible with Line command

Please can you help me trying to find a way to detect these vulnerabilities.

  1. Support Staff 1 Posted by Tasos Laskos on 12 Jan, 2017 10:52 AM

    Tasos Laskos's Avatar

    These types of applications require a lot of configuration, you'll need to specify a login procedure, exclude resources that can log you out as well as exclude resources that control the level of security.
    Educational applications really shouldn't be used as benchmarks unless you're familiar enough with both the application and the scanner in order to configure both properly.

    I don't have the time to search for the appropriate configuration but if you look through older discussions you'll find a way to do that.


  2. Tasos Laskos closed this discussion on 12 Jan, 2017 10:52 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac