Arachni Grid
Hi,
I'm planning to use arachni to scan my web applications, I want to
configure it as a grid, if i have multiple dispatcher in a grid,
say 3 node, do I have to host a postgres DB for each node? how and
where the scan result will be saved? do I have to create a custom
script to retrieve the results? or I can use another node running
arachni_web to monitor those node on the grid?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 06 Oct, 2016 12:14 PM
Hello,
The DB dependency is only for the WebUI, the scanner Instances don't store results, they just keep them in memory and send them to the interface that's controlling them when asked.
You can take advantage of a grid configuration by either the
arachni_rpc
(a CLI client) or thearachni_web
(the WebUI) executables.If you use the
arachni_rpc
method, results will be stored in an.afr
file at the end of the scan, which you can then use to generate reports in multiple formats usingarachni_reporter
.If you choose to go with
arachni_web
, results will be stored in the DB and you can then export them in any of the available formats via the WebUI.2 Posted by denny on 06 Oct, 2016 02:05 PM
Thank you for your answer, my apology I didn’t read the manual thoroughly, but there’s one more thing I’m still curious, if I create a grid, will I be able to dispatch a scan to that grid using
arachni_rpc
and monitor it via web if I register that grid in thearachni_web
?I plan to run a scan automatically by sending rpc command to a set of arachni node, and it would be convenient if I could monitor the whole process via web interface, am I able to do that using
arachni_web
? Or I supposed to create custom web app to do that?Support Staff 3 Posted by Tasos Laskos on 06 Oct, 2016 03:56 PM
No you can't do that, only the client that requested that an Instance be dispatched can interact with it.
When a dispatch call is made, along with an Instance's connection info, an auth token is issued; that token is then passed along with each RPC call.
This is so that 3rd parties can't hijack your Instance, either intentionally or by mistake.
4 Posted by denny on 06 Oct, 2016 04:39 PM
ah I see, thank you for your explanation.
Support Staff 5 Posted by Tasos Laskos on 06 Oct, 2016 08:18 PM
No problem.
Tasos Laskos closed this discussion on 06 Oct, 2016 08:18 PM.