Can't stop Arachni from accessing certain pages during scan
I'm trying to perform a logged scan on a website, but in order to keep logged in, the root page of the website can't be accessed (the site was configured so that, once logged in, if you access the root page you get logged out).
So, the page that is accessed right after the login is: https://example.com.br/menu.php. If, after the login is successful, I access https://example.com.br, the session expires and the session cookie is invalidated.
I know that the only URLs that interest me are the ones that have "menu.php" and "gestao_municipal.php" in it, so I'm trying to configure Arachni to only access the URLs that have those strings in them, and not access https://example.com.br in any moment during the scan process, but I'm not succeding. The script I'm using is:
arachni https://example.com.br/menu.php --http-cookie-jar="/root/Downloads/cookies.txt" --scope-exclude-pattern="logout" --scope-include-pattern="menu.php|gestao_municipal.php" --scope-directory-depth-limit=6 --scope-page-limit=1000 --scope-dom-depth-limit=2 --scope-auto-redundant=2 --browser-cluster-ignore-images --http-request-timeout=5000 --report-save-path=/root/pentest-web/output/arachni.afr
I also have tried this expression:
--scope-exclude-pattern="example.com.br\z" to try making Arachni NOT include the links in which example.com.br has no characters after ".br"
However, in all those cases, right after the scan starts, I see the following line in Arachni:
[*] XSS in path: Checking for: https://example.com.br/
And the session is immediately invalidated at the browser where I got the session cookie.
Can you help me?
P.S.: I have also tried the expressions:
--scope-include-pattern="gestao_municipal.php" to try making Arachni ONLY include links that have "gestao_municipal.php/" in it;
--scope-include-pattern="gestao_municipal.php/.* " and --scope-include-pattern="menu.php/.* " to try making Arachni ONLY include links that have "gestao_municipal.php/" or "menu.php/" followed by at least one character in it;
--scope-include-pattern="example.com.br/menu.php/.* | example.com.br/gestao_municipal.php/.*" to try making Arachni ONLY include links that have "menu.php/" or "gestao_municipal.php/" followed by at least one character.
These cases gave me 0 scanned pages.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac