Use of --scope-restrict-paths

sebastien.aucouturier's Avatar

sebastien.aucouturier

02 Jun, 2016 09:33 AM

Hi Tasos,

i think i miss something in understanding scope-restrict-paths.

i run the following:
TEST1
arachni --check=xss_dom http://mywebsitetotest
it give me xss_dom issue, Great !!

now i run
TEST2:
arachni --check=- http://mywebsitetotest
to get a list of crawled url that i put in a file urlcrawled
nicely the faulty url is in the file.
i run :
arachni --check=xss_dom --scope-restrict-paths=urlcrawled http://mywebsitetotest

unfortunally, the issue discovered in TEST1 does not show ...
Where is my mistake in the process ?

Thanks.
Seb

  1. Support Staff 1 Posted by Tasos Laskos on 02 Jun, 2016 12:36 PM

    Tasos Laskos's Avatar

    I think I see what's wrong.
    The --scope-restrict-paths option disables crawling but this also means that the browsers won't process the pages.
    If your page needs a browser to load it in order to get to the point where it's vulnerable then the issue will be missed.

    Does that sound like a plausible scenario?

  2. 2 Posted by sebastien.aucou... on 02 Jun, 2016 01:06 PM

    sebastien.aucouturier's Avatar

    It seems plausible because when i run :
    arachni --check=xss_dom http://mywebsitetotest --browser-cluster-pool-size=0
    the issue is not found.

    You may ask, why i split the job into 2 one : crawl and check.
    In fact, my need is i do not want arachni to test https link or test outside domains link when scanning the http port.
    So i clean the crawled url file to remove those unwanted link before doing the checks but with the limitation we pinpoint, this not work.
    do you think it is possible to do it using another arachni parameters ?

  3. Support Staff 3 Posted by Tasos Laskos on 02 Jun, 2016 01:12 PM

    Tasos Laskos's Avatar

    Arachni won't audit external resources, not even in subdomains (although you can enable that).
    For scope options see: https://github.com/Arachni/arachni/wiki/Command-line-user-interface...

  4. 4 Posted by sebastien.aucou... on 02 Jun, 2016 01:34 PM

    sebastien.aucouturier's Avatar

    Thanks Tasos,
    i am now reassured that external resources, and subdomains will not be audit.

    I read the link you attach,
    the option only-https is nice to only follow the https links,
    unfortunatly the only-http is missing to match my needs.
    BTW thanks for help.

  5. Support Staff 5 Posted by Tasos Laskos on 02 Jun, 2016 01:36 PM

    Tasos Laskos's Avatar

    You can do something like --scope-exclude-pattern=^https:, this should exclude HTTPS links.

  6. Tasos Laskos closed this discussion on 03 Aug, 2016 02:26 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac