Custom scan script using REST API

kt's Avatar


07 Jul, 2016 07:08 PM

I began working on a custom scan script using the REST API provided through GitHub. I just had a few questions regarding the API -

  1. Is there a way to properly and extensively monitor and manage login attempts?
  2. I have gone off of the code provided in the example on the REST API Github and when I run this I get a scan, but not an extensive scan like a normally ./arachni http://URL scan will provide.
  3. Is there a clean and easy way of providing the extensive and full reporting like a normal scan does?
  1. Support Staff 1 Posted by Tasos Laskos on 07 Jul, 2016 07:12 PM

    Tasos Laskos's Avatar
    1. No, not really.
    2. See:
    3. Are you looking for an AFR report?
  2. 2 Posted by kt on 07 Jul, 2016 07:18 PM

    kt's Avatar

    Will modify code to solve question 2.

    I see that the code can report an AFR report, but is there a way to have the terminal spit out similar information using a custom script? Instead of building the report, spitting out the information directly to the terminal.

  3. 3 Posted by kt on 07 Jul, 2016 08:00 PM

    kt's Avatar

    Going off of my previous post (Login_Script check_pattern Failing), I was wondering if there is a way to add to the login_script plugin to display outputs when session is logged in and out and displaying current session ID?

  4. Support Staff 4 Posted by Tasos Laskos on 08 Jul, 2016 04:37 AM

    Tasos Laskos's Avatar

    You can use the print_status method to print output, getting the session ID would depend on the script, you could either grab the headers of the response or access the cookies via http.cookies.

  5. 5 Posted by kt on 08 Jul, 2016 08:05 PM

    kt's Avatar

    Is there any way of keeping a tab of wether the scan has continued to stay logged in (I know login monitoring is somewhat limited)? I know in both autologin.rb and login_script.rb there is code that provides a "Logged in successfully" message as well as a cookie variable being set/displayed at the beginning of the scan when the script is first called, but is there a method or plugin in place currently that notifies the user if a logged in session has been logged out, and if it has been logged it will the login plugin be called again and log the scan back in?

  6. Support Staff 6 Posted by Tasos Laskos on 09 Jul, 2016 04:34 AM

    Tasos Laskos's Avatar

    That already happens, if the scanner gets logged out the system will log in automatically again.

  7. 7 Posted by kt on 09 Jul, 2016 05:10 AM

    kt's Avatar

    Before closing this thread - when the scanner logs out for any reason, will the program display any notifications of a log out and the script logging back in?

  8. Support Staff 8 Posted by Tasos Laskos on 09 Jul, 2016 05:13 AM

    Tasos Laskos's Avatar

    You'll see a message saying Trying to re-login.

  9. 9 Posted by kt on 09 Jul, 2016 05:18 AM

    kt's Avatar

    Perfect. Thank you for clarification and assistance.

  10. Support Staff 10 Posted by Tasos Laskos on 09 Jul, 2016 05:19 AM

    Tasos Laskos's Avatar

    No problem.

  11. Tasos Laskos closed this discussion on 09 Jul, 2016 05:19 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac