Scanning a specific subdomain under another subdomain without other domains.

Stay23's Avatar


08 Nov, 2018 12:12 PM


I'm having a bit of trouble getting Arachni to start for a very specific scope, and couldn't find any other discussions that may point me in the right direction (this was the only thing getting close to this situation:

The domains are:

sub1.subA.domain.tld sub2.subA.domain.tld

Now I would like for the crawler to go through sub1.subA.domain.tld, while not crawling either sub2, subA or the domain itself.

The command I was using is:

arachni --output-verbose --http-request-concurrency=50 --browser-cluster-poolsize=30 --audit-links --audit-forms --audit-headers --report-save-path="/root/Desktop/" --snapshot-save-path="/root/Desktop/" --scope-extend-path="/root/Desktop/scope.txt" https://sub1.subA.domain.tld

But this makes Arachni hang on the 'BrwoserCluster: Initializing 30 browsers..' and when aborting shows no requests have been send.
I've also tried using the sub1.subA.domain.tld as target (without the --scope-extend-path) and tried to use the --scope-include-pattern (with "^https://sub1.subA.domain.tld" while using "subA.domain.tld" and "domain.tld" as target), but can't get it to work.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:


Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac