Custom scan script using REST API
kt
I began working on a custom scan script using the REST API provided through GitHub. I just had a few questions regarding the API -
- Is there a way to properly and extensively monitor and manage
login attempts?
- I have gone off of the code provided in the example on the REST
API Github and when I run this I get a scan, but not an extensive
scan like a normally
./arachni http://URLscan will provide. - Is there a clean and easy way of providing the extensive and full reporting like a normal scan does?
- login_script.txt 2.12 KB
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on Jul 07, 2016 @ 07:12 PM
2 Posted by kt on Jul 07, 2016 @ 07:18 PM
Will modify code to solve question 2.
I see that the code can report an AFR report, but is there a way to have the terminal spit out similar information using a custom script? Instead of building the report, spitting out the information directly to the terminal.
3 Posted by kt on Jul 07, 2016 @ 08:00 PM
Going off of my previous post (Login_Script check_pattern Failing), I was wondering if there is a way to add to the login_script plugin to display outputs when session is logged in and out and displaying current session ID?
Support Staff 4 Posted by Tasos Laskos on Jul 08, 2016 @ 04:37 AM
You can use the
print_statusmethod to print output, getting the session ID would depend on the script, you could either grab the headers of the response or access the cookies viahttp.cookies.5 Posted by kt on Jul 08, 2016 @ 08:05 PM
Is there any way of keeping a tab of wether the scan has continued to stay logged in (I know login monitoring is somewhat limited)? I know in both autologin.rb and login_script.rb there is code that provides a "Logged in successfully" message as well as a cookie variable being set/displayed at the beginning of the scan when the script is first called, but is there a method or plugin in place currently that notifies the user if a logged in session has been logged out, and if it has been logged it will the login plugin be called again and log the scan back in?
Support Staff 6 Posted by Tasos Laskos on Jul 09, 2016 @ 04:34 AM
That already happens, if the scanner gets logged out the system will log in automatically again.
7 Posted by kt on Jul 09, 2016 @ 05:10 AM
Before closing this thread - when the scanner logs out for any reason, will the program display any notifications of a log out and the script logging back in?
Support Staff 8 Posted by Tasos Laskos on Jul 09, 2016 @ 05:13 AM
You'll see a message saying
Trying to re-login.9 Posted by kt on Jul 09, 2016 @ 05:18 AM
Perfect. Thank you for clarification and assistance.
Support Staff 10 Posted by Tasos Laskos on Jul 09, 2016 @ 05:19 AM
No problem.
Tasos Laskos closed this discussion on Jul 09, 2016 @ 05:19 AM.