Cloud application Scanning
hi tasos,
i have few application over cloud environment . where i need to login with some credentials first and then click on that web application and it will open up a new url.
now my problem is that, when i login over cloud using login script, then it start scan the cloud portal and not the exact portal on which this scanner should run.
can you give me the steps on how i can run scanner over cloud applications .
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 26 May, 2016 08:35 AM
You're talking about an SSO login right?
That shouldn't be a problem, just perform the login as usual via the login script but set the target URL to the site you want to scan.
2 Posted by naveesharma on 02 Jun, 2016 04:47 AM
Hi Tasos,
i am facing an issue while scanning a cloud application. Every time i scan it gives me different results. i am using the same profile during cli scan. once it show 10 issues where 2 issues are of source file disclosure and at that time it was find private IPs. and another scan shows only 5 issues and no high risk vulnerabilities. scan the number of pages. this is losing my confidence that it scan properly or not.
can you tell me what is wrong ?
i am using below profile.
arachni http://pricxxxxxx/pricingQueryxxxxProduct.htm? --plugin=login_script:script=login_w.rb --session-check-url=https://xxxxx.oxxx.com/app/UserHome --session-check-pattern= /xxxxx/ --scope-exclude-pattern /staging-xxxxx1.pxxxxxxxxxx.com/ --scope-exclude-pattern /app/
if you need i will mail both the reports.
Support Staff 3 Posted by Tasos Laskos on 02 Jun, 2016 07:35 AM
The patterns won't work, you shouldn't be enclosing them in "/" and you shouldn't be leaving spaces when assigning them (i.e. after the
=
), see: https://github.com/Arachni/arachni/wiki/Command-line-user-interface...4 Posted by naveesharma on 02 Jun, 2016 10:57 AM
after making these changes and scanner is not working.
[-] [components/plugins/login_script#set_status:99] Login script: The script was executed successfully, but the login check failed.
5 Posted by naveesharma on 02 Jun, 2016 11:04 AM
run again by making some changes into pattern. now running. waiting for report to generate
Tasos Laskos closed this discussion on 09 Jun, 2016 08:54 AM.