Use of --scope-restrict-paths
Hi Tasos,
i think i miss something in understanding scope-restrict-paths.
i run the following:
TEST1
arachni --check=xss_dom http://mywebsitetotest
it give me xss_dom issue, Great !!
now i run
TEST2:
arachni --check=- http://mywebsitetotest
to get a list of crawled url that i put in a file urlcrawled
nicely the faulty url is in the file.
i run :
arachni --check=xss_dom --scope-restrict-paths=urlcrawled http://mywebsitetotest
unfortunally, the issue discovered in TEST1 does not show
...
Where is my mistake in the process ?
Thanks.
Seb
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 02 Jun, 2016 12:36 PM
I think I see what's wrong.
The
--scope-restrict-paths
option disables crawling but this also means that the browsers won't process the pages.If your page needs a browser to load it in order to get to the point where it's vulnerable then the issue will be missed.
Does that sound like a plausible scenario?
2 Posted by sebastien.aucou... on 02 Jun, 2016 01:06 PM
It seems plausible because when i run :
arachni --check=xss_dom http://mywebsitetotest --browser-cluster-pool-size=0
the issue is not found.
You may ask, why i split the job into 2 one : crawl and check.
In fact, my need is i do not want arachni to test https link or test outside domains link when scanning the http port.
So i clean the crawled url file to remove those unwanted link before doing the checks but with the limitation we pinpoint, this not work.
do you think it is possible to do it using another arachni parameters ?
Support Staff 3 Posted by Tasos Laskos on 02 Jun, 2016 01:12 PM
Arachni won't audit external resources, not even in subdomains (although you can enable that).
For scope options see: https://github.com/Arachni/arachni/wiki/Command-line-user-interface...
4 Posted by sebastien.aucou... on 02 Jun, 2016 01:34 PM
Thanks Tasos,
i am now reassured that external resources, and subdomains will not be audit.
I read the link you attach,
the option only-https is nice to only follow the https links,
unfortunatly the only-http is missing to match my needs.
BTW thanks for help.
Support Staff 5 Posted by Tasos Laskos on 02 Jun, 2016 01:36 PM
You can do something like
--scope-exclude-pattern=^https:
, this should exclude HTTPS links.Tasos Laskos closed this discussion on 03 Aug, 2016 02:26 PM.