Arachni Rest API & Arachni WebUI integration

Charles's Avatar

Charles

20 Jul, 2017 04:01 PM

Hi Arachni Team!

Currently I am utilizing your Arachni scan for doing some security Audits on some websites. I have moved over to the WebUI because it contributes to the auditing and debugging experience. However I am having one problem with it that I would like to inquire as to a its resolution. Namely this problem is that sometime the Arachni scan adds an excess load to servers running the site. This is problematic and I would like to automate some mechanism for pausing the scan when the threshold is breached.

My first thought was to have an excess load trigger the execution of a REST api command to pause a scan being run by an arachni_web instance. However I soon realized that the REST server does not share context with the WebUI server via the default settings. I am wondering if this is possible because if it were it would enable some pretty useful synchronization with the server on my end and Arachni's server instance.

Also I see in the README that Arachni had the capacity to 'With the ability to auto-detect server health and adjust its concurrency automatically'. For some reason I did not see how to implement this feature in my scan profile. Also I may be misinterpreting its meaning of server as corresponding to my server when it is meaning Arachni's server.

Finally if this integration between my server health, REST calls and the WebUI instance is not something readily configurable, I was planning on pursuing it anyway. This is because I like the WebUI and do not want to move to REST API usage. I see that I could implement via Python a program to login to the site and pause it manually. This would entail significantly more amount of overhead so I was wondering if you had any other ideas on how I might accomplish this goal.

Thanks for your help and sharing your tool with me!

  1. Support Staff 1 Posted by Tasos Laskos on 31 Jul, 2017 07:29 AM

    Tasos Laskos's Avatar

    The system will automatically throttle itself down if it senses that the remove server is having a hard time, that's on by default.

    As for what you're trying to do, I'm afraid it's not possible in a straightforward way, like you said the 2 interfaces do not share any context.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac