root@kali:~# arachni http://192.168.1.25:8080/ --plugin=login_script:script=/root/goat-login --scope-include-subdomains --check=xss --output-debug 4 Arachni - Web Application Security Scanner Framework v1.5 Author: Tasos "Zapotek" Laskos (With the support of the community and the Arachni Team.) Website: http://arachni-scanner.com Documentation: http://arachni-scanner.com/wiki [~] No element audit options were specified, will audit links, forms, cookies, UI inputs, UI forms, JSONs and XMLs. [*] Initializing... [*] Preparing plugins... [2017-03-23 20:02:14 -0400 - 0.0] [!!] [browser#start_webdriver:1336] Browser: Starting WebDriver... [2017-03-23 20:02:14 -0400 - 0.0] [!] [browser#spawn_phantomjs:1227] Browser: Spawning PhantomJS... [2017-03-23 20:02:14 -0400 - 0.0] [!] [browser#start_proxy:1318] Browser: Booting up... [2017-03-23 20:02:14 -0400 - 0.0] [!!] [browser#start_proxy:1320] Browser: Starting proxy... [2017-03-23 20:02:14 -0400 - 0.0] [!!] [http/proxy_server#start_async:61] ProxyServer: Starting... [2017-03-23 20:02:14 -0400 - 0.1] [!!] [http/proxy_server#start_async:78] ProxyServer: ...started at: http://127.0.0.1:20669 [2017-03-23 20:02:14 -0400 - 0.1] [!!] [browser#start_proxy:1332] Browser: ... started proxy at: http://127.0.0.1:20669 [2017-03-23 20:02:14 -0400 - 0.0] [!!] [browser#spawn_phantomjs:1242] Browser: Attempt #0, chose port number 5565 [2017-03-23 20:02:14 -0400 - 0.0] [!!] [browser#spawn_phantomjs:1246] Browser: Spawning process: /usr/bin/phantomjs [2017-03-23 20:02:14 -0400 - 0.0] [!!] [browser#spawn_phantomjs:1267] Browser: Process spawned, waiting for WebDriver server... [2017-03-23 20:02:15 -0400 - 0.7] [!!] [browser#spawn_phantomjs:1281] Browser: ...WebDriver server is up. [2017-03-23 20:02:15 -0400 - 0.0] [!!] [browser#spawn_phantomjs:1289] Browser: 10887: Started PID: 10890 [INFO - 2017-03-24T00:02:15.504Z] GhostDriver - Main - running on port 5565 [2017-03-23 20:02:15 -0400 - 0.8] [!] [browser#spawn_phantomjs:1293] Browser: PhantomJS is ready. [2017-03-23 20:02:15 -0400 - 0.0] [!!] [browser#start_webdriver:1338] Browser: ... started WebDriver at: http://127.0.0.1:5565 [2017-03-23 20:02:15 -0400 - 0.0] [!] [browser#start_webdriver:1340] Browser: ...boot-up completed. [2017-03-23 20:02:15 -0400 - 0.0] [!] [session#login_from_sequence:321] Session: Logging in via sequence: # [~] Login script: Running the script. [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:542] Client: ------------ [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:543] Client: Queued request. [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:544] Client: ID#: 0 [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:545] Client: Performer: nil [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:546] Client: URL: http://192.168.1.25:8080/WebGoat/j_spring_security_check [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:547] Client: Method: post [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:548] Client: Params: {} [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:549] Client: Body: {"username"=>"guest", "password"=>"guest"} [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:550] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.5", "Accept-Language"=>"en-US,en;q=0.8,he;q=0.6", "X-Arachni-Scan-Seed"=>"dbca9d6ecaeea4ed212650d7a7ad471a"} [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:551] Client: Cookies: {} [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:552] Client: Train?: false [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:553] Client: Fingerprint?: true [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#forward_request:554] Client: ------------ [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#global_on_complete:609] Client: ------------ [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#global_on_complete:610] Client: Got response for request ID#: 0 POST /WebGoat/j_spring_security_check HTTP/1.1 Host: 192.168.1.25:8080 Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.8,he;q=0.6 X-Arachni-Scan-Seed: dbca9d6ecaeea4ed212650d7a7ad471a Content-Length: 29 Content-Type: application/x-www-form-urlencoded username=guest&password=guest [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#global_on_complete:611] Client: Performer: nil [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#global_on_complete:612] Client: Status: 302 [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#global_on_complete:613] Client: Code: ok [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#global_on_complete:614] Client: Message: No error [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#global_on_complete:615] Client: URL: http://192.168.1.25:8080/WebGoat/j_spring_security_check [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#global_on_complete:616] Client: Headers: HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=6054557F430953269E2306B6E19BA995; Path=/WebGoat/; HttpOnly Location: http://192.168.1.25:8080/WebGoat/welcome.mvc Content-Length: 0 Date: Fri, 24 Mar 2017 00:02:15 GMT [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#global_on_complete:617] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Set-Cookie"=>"JSESSIONID=6054557F430953269E2306B6E19BA995; Path=/WebGoat/; HttpOnly", "Location"=>"http://192.168.1.25:8080/WebGoat/welcome.mvc", "Content-Length"=>"0", "Date"=>"Fri, 24 Mar 2017 00:02:15 GMT"} [2017-03-23 20:02:15 -0400 - 0.0] [!!!!] [http/client#global_on_complete:625] Client: ------------ [2017-03-23 20:02:15 -0400 - 0.0] [!!] [browser/javascript#wait_till_ready:161] Waiting for custom JS... [-] [utilities#exception_jail:428] Session: [Selenium::WebDriver::Error::WebDriverError] unexpected response, code=404, content-type="text/plain" Error - Unable to load Atom 'execute_script' from file ':/ghostdriver/./third_party/webdriver-atoms/execute_script.js' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/http/common.rb:88:in `create_response' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/http/default.rb:86:in `request' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/http/common.rb:59:in `call' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/bridge.rb:653:in `raw_execute' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/bridge.rb:631:in `execute' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/bridge.rb:192:in `url' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/common/driver.rb:142:in `current_url' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/browser.rb:413:in `dom_url' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/browser.rb:1064:in `response' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/browser/javascript.rb:119:in `supported?' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/browser/javascript.rb:163:in `wait_till_ready' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/browser.rb:372:in `wait_till_ready' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/components/plugins/login_script.rb:48:in `block in prepare' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/session.rb:322:in `login_from_sequence' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/session.rb:245:in `block in login' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/utilities.rb:425:in `exception_jail' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/session.rb:244:in `login' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/components/plugins/login_script.rb:57:in `prepare' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/plugin/manager.rb:69:in `block (2 levels) in run' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/utilities.rb:425:in `exception_jail' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/plugin/manager.rb:68:in `block in run' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/plugin/manager.rb:65:in `each' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/plugin/manager.rb:65:in `run' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/framework/parts/state.rb:348:in `prepare' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/lib/arachni/framework.rb:110:in `run' [-] [utilities#exception_jail:428] Session: /usr/share/arachni/ui/cli/framework.rb:80:in `block in run' [-] [utilities#exception_jail:429] Session: [-] [utilities#exception_jail:430] Session: Parent: [-] [utilities#exception_jail:431] Session: Arachni::Session [-] [utilities#exception_jail:432] Session: [-] [utilities#exception_jail:433] Session: Block: [-] [utilities#exception_jail:434] Session: # [-] [utilities#exception_jail:435] Session: [-] [utilities#exception_jail:436] Session: Caller: [-] [utilities#exception_jail:437] Session: /usr/share/arachni/lib/arachni/utilities.rb:425:in `exception_jail' [-] [utilities#exception_jail:437] Session: /usr/share/arachni/lib/arachni/session.rb:244:in `login' [-] [utilities#exception_jail:437] Session: /usr/share/arachni/components/plugins/login_script.rb:57:in `prepare' [-] [utilities#exception_jail:437] Session: /usr/share/arachni/lib/arachni/plugin/manager.rb:69:in `block (2 levels) in run' [-] [utilities#exception_jail:437] Session: /usr/share/arachni/lib/arachni/utilities.rb:425:in `exception_jail' [-] [utilities#exception_jail:437] Session: /usr/share/arachni/lib/arachni/plugin/manager.rb:68:in `block in run' [-] [utilities#exception_jail:437] Session: /usr/share/arachni/lib/arachni/plugin/manager.rb:65:in `each' [-] [utilities#exception_jail:437] Session: /usr/share/arachni/lib/arachni/plugin/manager.rb:65:in `run' [-] [utilities#exception_jail:437] Session: /usr/share/arachni/lib/arachni/framework/parts/state.rb:348:in `prepare' [-] [utilities#exception_jail:437] Session: /usr/share/arachni/lib/arachni/framework.rb:110:in `run' [-] [utilities#exception_jail:437] Session: /usr/share/arachni/ui/cli/framework.rb:80:in `block in run' [-] [utilities#exception_jail:438] Session: -------------------------------------------------------------------------------- [2017-03-23 20:02:15 -0400 - 0.0] [!] [browser#shutdown:378] Browser: Shutting down... [2017-03-23 20:02:15 -0400 - 0.0] [!!] [browser#shutdown:380] Browser: Killing process. [2017-03-23 20:02:15 -0400 - 0.0] [!!] [browser#shutdown:389] Browser: Shutting down proxy... [2017-03-23 20:02:15 -0400 - 0.7] [!!] [http/proxy_server#shutdown:95] ProxyServer: Shutting down... [2017-03-23 20:02:15 -0400 - 0.0] [!!!] [http/proxy_server/connection#on_close:221] Connection: Closed because: [NilClass] [2017-03-23 20:02:15 -0400 - 0.1] [!!] [http/proxy_server#shutdown:102] ProxyServer: ...shutdown. [2017-03-23 20:02:15 -0400 - 0.1] [!!] [browser#shutdown:391] Browser: ...done. [2017-03-23 20:02:15 -0400 - 0.1] [!] [browser#shutdown:401] Browser: ...shutdown complete. [-] [components/plugins/login_script#prepare:59] Login script: [Selenium::WebDriver::Error::WebDriverError] unexpected response, code=404, content-type="text/plain" Error - Unable to load Atom 'execute_script' from file ':/ghostdriver/./third_party/webdriver-atoms/execute_script.js' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/http/common.rb:88:in `create_response' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/http/default.rb:86:in `request' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/http/common.rb:59:in `call' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/bridge.rb:653:in `raw_execute' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/bridge.rb:631:in `execute' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/remote/bridge.rb:192:in `url' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/selenium-webdriver-3.0.1/lib/selenium/webdriver/common/driver.rb:142:in `current_url' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/browser.rb:413:in `dom_url' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/browser.rb:1064:in `response' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/browser/javascript.rb:119:in `supported?' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/browser/javascript.rb:163:in `wait_till_ready' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/browser.rb:372:in `wait_till_ready' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/components/plugins/login_script.rb:48:in `block in prepare' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/session.rb:322:in `login_from_sequence' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/session.rb:245:in `block in login' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/utilities.rb:425:in `exception_jail' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/session.rb:244:in `login' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/components/plugins/login_script.rb:57:in `prepare' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/plugin/manager.rb:69:in `block (2 levels) in run' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/utilities.rb:425:in `exception_jail' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/plugin/manager.rb:68:in `block in run' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/plugin/manager.rb:65:in `each' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/plugin/manager.rb:65:in `run' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/framework/parts/state.rb:348:in `prepare' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/lib/arachni/framework.rb:110:in `run' [-] [components/plugins/login_script#prepare:59] Login script: /usr/share/arachni/ui/cli/framework.rb:80:in `block in run' [-] [components/plugins/login_script#set_status:99] Login script: An error was encountered while executing the login script. [~] Login script: Aborting the scan. [*] ... done. [2017-03-23 20:02:15 -0400 - 0.0] [!] [plugin/manager#block:164] [2017-03-23 20:02:15 -0400 - 0.0] [!] [plugin/manager#block:165] Waiting on 5 plugins to finish: [2017-03-23 20:02:15 -0400 - 0.0] [!] [plugin/manager#block:166] autothrottle, healthmap, uniformity, timing_attacks, discovery [2017-03-23 20:02:15 -0400 - 0.0] [!] [plugin/manager#block:167] ================================================================================ [+] Web Application Security Report - Arachni Framework [~] Report generated on: 2017-03-23 20:02:15 -0400 [~] Report false positives at: http://github.com/Arachni/arachni/issues [+] System settings: [~] --------------- [~] Version: 1.5 [~] Seed: dbca9d6ecaeea4ed212650d7a7ad471a [~] Audit started on: 2017-03-23 20:02:14 -0400 [~] Audit finished on: 2017-03-23 20:02:15 -0400 [~] Runtime: 00:00:00 [~] URL: http://192.168.1.25:8080/ [~] User agent: Arachni/v1.5 [*] Audited elements: [~] * Links [~] * Forms [~] * Cookies [~] * XMLs [~] * JSONs [~] * UI inputs [~] * UI forms [*] Checks: xss [~] =========================== [+] 0 issues were detected. [+] Plugin data: [~] --------------- [*] Login script [~] ~~~~~~~~~~~~~~ [~] Description: Loads and sets an external script as the system's login sequence, to be executed prior to the scan and whenever a log-out is detected. The script needn't necessarily perform an actual login operation. If another process is used to manage sessions, the script can be used to communicate with that process and, for example, load and set cookies from a shared cookie-jar. # Ruby ## With browser (slow) If a [browser](http://watir.github.io/) is available, it will be exposed to the script via the `browser` variable. Otherwise, that variable will have a value of `nil`. browser.goto 'http://testfire.net/bank/login.aspx' form = browser.form( id: 'login' ) form.text_field( name: 'uid' ).set 'jsmith' form.text_field( name: 'passw' ).set 'Demo1234' form.submit # You can also configure the session check from the script, dynamically, # if you don't want to set static options via the user interface. framework.options.session.check_url = browser.url framework.options.session.check_pattern = /Sign Off|MY ACCOUNT/ ## Without browser (fast) If a real browser environment is not required for the login operation, then using the system-wide HTTP interface is preferable, as it will be much faster and consume much less resources. response = http.post( 'http://testfire.net/bank/login.aspx', parameters: { 'uid' => 'jsmith', 'passw' => 'Demo1234' }, mode: :sync, update_cookies: true ) framework.options.session.check_url = to_absolute( response.headers.location, response.url ) framework.options.session.check_pattern = /Sign Off|MY ACCOUNT/ ## From cookie-jar If an external process is used to manage sessions, you can keep Arachni in sync by loading cookies from a shared Netscape-style cookie-jar file. http.cookie_jar.load 'cookies.txt' ## Advanced session check configuration In addition to just settings the `check_url` and `check_pattern` options, you can also set arbitrary HTTP request options for the login check, to cover cases where extra tokens or a method other than `GET` must be used. session.check_options = { # :get, :post, :put, :delete method: :post, # URL query parameters. parameters: { 'param1' => 'value' }, # Request body parameters -- can also be a String instead of Hash. body: { 'body_param1' => 'value' }, cookies: { 'custom_cookie' => 'value' }, headers: { 'X-Custom-Header' => 'value' } } # Javascript When the given script has a `.js` file extension, it will be loaded and executed in the browser, within the page of the target URL. document.getElementById( 'uid' ).value = 'jsmith'; document.getElementById( 'passw' ).value = 'Demo1234'; document.getElementById( 'login' ).submit(); [+] An error was encountered while executing the login script. [~] Report saved at: /usr/share/arachni/bin/192.168.1.25 2017-03-23 20_02_15 -0400.afr [0.0MB] [~] The scan has logged errors: /usr/share/arachni/logs/error-10881.log [~] Audited 0 page snapshots. [~] Duration: 00:00:01 [~] Processed 1/1 HTTP requests. [~] -- 0.0 requests/second. [~] Processed 0/0 browser jobs. [~] -- 0.0 second/job. [~] Burst response time sum 0.001 seconds [~] Burst response count 1 [~] Burst average response time 0.001 seconds [~] Burst average 0.0 requests/second [~] Timed-out requests 0 [~] Original max concurrency 20 [~] Throttled max concurrency 20