Scan not detecting all issues. Wrong JSON request?
Hello Tasos,
I am having some issues with the new scan request and all the parameters that I want to add, for some reason it is not detecting all issues such as (XSS, SQLi) and in other cases any issue. I added the checks "*" value but still is not detecting everything. Please see below the entire JSON request:
Note that the website that I am using for the testing is http://testsphp.acunetix.com/
REQUEST:
{
"url": "http://testsphp.acunetix.com/",
"http" : {
"user_agent" : "WebSecurity/Arachni",
"request_timeout" : 10000,
"request_redirect_limit" : 5,
"request_concurrency" : 20,
"request_queue_size" : 100,
"response_max_size" : 500000
},
"audit" : {
"parameter_values" : true
},
"input" : {
"default_values" : {
"(?i-mx:name)" : "Arachni_name",
"(?i-mx:user)" : "websecurity_user",
"(?i-mx:usr)" : "websecurity_user",
"(?i-mx:pass)" : "5543!%websecurity_secret",
"(?i-mx:txt)" : "websecurity_text",
"(?i-mx:num)" : "132",
"(?i-mx:amount)" : "100",
"(?i-mx:mail)" : "[email blocked]",
"(?i-mx:account)" : "12",
"(?i-mx:id)" : "1"
},
"without_defaults" : false,
"force" : false
},
"browser_cluster" : {
"pool_size" : 6,
"job_timeout" : 25,
"worker_time_to_live" : 100,
"ignore_images" : false,
"screen_width" : 1600,
"screen_height" : 1200
},
"checks" : ["*"],
"no_fingerprinting" : false
}
FINAL RESPONSE:
{"status":"done","busy":false,"seed":"a7a072bd8b21d13a25b867eb29308818","statistics":{"http":{"request_count":7650,"response_count":7650,"time_out_count":0,"total_responses_per_second":82.7063219831263,"burst_response_time_sum":9.769199,"burst_response_count":79,"burst_responses_per_second":0.203001901022723,"burst_average_response_time":0.123660746835443,"total_average_response_time":0.124756665359477,"max_concurrency":20,"original_max_concurrency":20},"browser_cluster":{"seconds_per_job":5.85882352941176,"total_job_time":498,"queued_job_count":85,"completed_job_count":85},"runtime":476.071901377,"found_pages":77,"audited_pages":135,"current_page":"http://testhtml5.acunetix.com/secured/style.css"},"errors":[],"messages":["Waiting for the plugins to finish."],"issues":[],"sitemap":{}}
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 20 Sep, 2016 07:48 AM
You need to also include:
2 Posted by Jaime Manteiga on 20 Sep, 2016 11:56 AM
Thanks Tasos as always very helpful. Quick question, why at the end of the scan it always shows me this as part of the response:
errors":[],"messages for the plugins to finish."]
I am trying to replicate the same JSON that you send on the WebUI.
Support Staff 3 Posted by Tasos Laskos on 20 Sep, 2016 11:57 AM
That's usually the last message, it doesn't mean that you need to wait, you should only consider the
busystatus.Tasos Laskos closed this discussion on 22 Sep, 2016 09:12 AM.