Client server model

Vishal's Avatar

Vishal

07 Oct, 2015 01:06 PM

Hi

I am new to arachni. I want to implement arachni in following way. Basically it is a client-server model. A remote client submits url (to be scanned) to the scanner server and server will scan the requested url and notify client once the scan is over. So i would like to know how can i use Arachni for this scenario?

Thanks for your time.

Showing page 2 out of 2. View the first page

  1. Support Staff 31 Posted by Tasos Laskos on 05 Nov, 2015 05:00 AM

    Tasos Laskos's Avatar

    Yep that helps a lot, you're somehow formatting the options improperly.
    Are you sure that the configuration of your client results in the request body having JSON that looks like the following?

    {"url": "http://testhtml5.vulnweb.com"}
    
  2. Support Staff 32 Posted by Tasos Laskos on 05 Nov, 2015 05:02 AM

    Tasos Laskos's Avatar
  3. 33 Posted by Vishal on 05 Nov, 2015 05:09 AM

    Vishal's Avatar

    I got it . It seemed that the request was not built properly. Thanks a lot!

  4. Tasos Laskos closed this discussion on 05 Nov, 2015 03:39 PM.

  5. Vishal re-opened this discussion on 10 Nov, 2015 01:43 AM

  6. 34 Posted by Vishal on 10 Nov, 2015 01:43 AM

    Vishal's Avatar

    Hi
    I am getting NULL as a response of get request. what is meaning of that?

    Regards
    Vishal

  7. Support Staff 35 Posted by Tasos Laskos on 10 Nov, 2015 01:47 AM

    Tasos Laskos's Avatar

    Can you please provide me with the full/raw response? Otherwise I've no way of knowing what's going on.

    Also, you have hardcoded the scan ID in the request URL, maybe you're getting a 404 with an empty body or something because that scan doesn't exit?

  8. 36 Posted by Vishal on 10 Nov, 2015 02:18 AM

    Vishal's Avatar

    Hi

    I found and resolved the error from response and server's state at the time of request. I learned that these are the places to look for. I apologize for the previous comment.

    Thank you.

  9. 37 Posted by Vishal on 10 Nov, 2015 03:10 AM

    Vishal's Avatar

    I am able to get result of scan by using get request. And now I am trying to generate report . But I am not sure about path of the report. I am attaching response of GET/:id/report request.

  10. Support Staff 38 Posted by Tasos Laskos on 10 Nov, 2015 03:20 AM

    Tasos Laskos's Avatar

    These are the scan results in JSON format (although in this case the JSON has been parsed and dumped by PHP), were you looking for something different?

    Also, I don't like that sitemap, that report isn't for a finished scan right?

  11. 39 Posted by Vishal on 10 Nov, 2015 03:22 AM

    Vishal's Avatar

    Yeah I didn't include whole sitemap . I am looking to save result on an xml file.

  12. Support Staff 40 Posted by Tasos Laskos on 10 Nov, 2015 03:23 AM

    Tasos Laskos's Avatar

    You can get that with /report.xml instead of just /report.

  13. 41 Posted by Vishal on 10 Nov, 2015 03:30 AM

    Vishal's Avatar

    I did GET/:id/report.xml and where this file is saved? inside bin folder?

  14. Support Staff 42 Posted by Tasos Laskos on 10 Nov, 2015 03:31 AM

    Tasos Laskos's Avatar

    The server will return an XML response.

  15. 43 Posted by Vishal on 10 Nov, 2015 03:35 AM

    Vishal's Avatar

    ok got it.

  16. 44 Posted by Vishal on 10 Nov, 2015 05:16 AM

    Vishal's Avatar

    Hi

    I ran scan for url http://testhtml5.vulnweb.com. And I am attaching full response here. I noted few things that the status is done . But messages field has "Waiting for the plugins to finish." Also issues field has value "0". So should i wait for some time or the scan is finished?

    Thanks

  17. Support Staff 45 Posted by Tasos Laskos on 10 Nov, 2015 05:47 AM

    Tasos Laskos's Avatar

    That was just the last message before the scan was done, you should only rely on the busy flag to determine status.

    Also, unlike the example in the documentation, you haven't enabled any checks to be performed, so the scan didn't log any issues.

    On a related note, most of your questions could have been answered by reading the REST service's documentation (even at its current form, which is somewhat lacking) or the documentation of your own tools.
    Please take better care in the future.

  18. 46 Posted by Vishal on 10 Nov, 2015 01:15 PM

    Vishal's Avatar

    Thank you. And i will take care of things you have mentioned.

  19. Tasos Laskos closed this discussion on 18 Nov, 2015 07:46 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac