Arachni Grid

denny's Avatar

denny

06 Oct, 2016 11:55 AM

Hi,
I'm planning to use arachni to scan my web applications, I want to configure it as a grid, if i have multiple dispatcher in a grid, say 3 node, do I have to host a postgres DB for each node? how and where the scan result will be saved? do I have to create a custom script to retrieve the results? or I can use another node running arachni_web to monitor those node on the grid?

  1. Support Staff 1 Posted by Tasos Laskos on 06 Oct, 2016 12:14 PM

    Tasos Laskos's Avatar

    Hello,

    The DB dependency is only for the WebUI, the scanner Instances don't store results, they just keep them in memory and send them to the interface that's controlling them when asked.

    You can take advantage of a grid configuration by either the arachni_rpc (a CLI client) or the arachni_web (the WebUI) executables.
    If you use the arachni_rpc method, results will be stored in an .afr file at the end of the scan, which you can then use to generate reports in multiple formats using arachni_reporter.
    If you choose to go with arachni_web, results will be stored in the DB and you can then export them in any of the available formats via the WebUI.

  2. 2 Posted by denny on 06 Oct, 2016 02:05 PM

    denny's Avatar

    Thank you for your answer, my apology I didn’t read the manual thoroughly, but there’s one more thing I’m still curious, if I create a grid, will I be able to dispatch a scan to that grid using arachni_rpc and monitor it via web if I register that grid in the arachni_web ?
    I plan to run a scan automatically by sending rpc command to a set of arachni node, and it would be convenient if I could monitor the whole process via web interface, am I able to do that using arachni_web? Or I supposed to create custom web app to do that?

  3. Support Staff 3 Posted by Tasos Laskos on 06 Oct, 2016 03:56 PM

    Tasos Laskos's Avatar

    No you can't do that, only the client that requested that an Instance be dispatched can interact with it.
    When a dispatch call is made, along with an Instance's connection info, an auth token is issued; that token is then passed along with each RPC call.

    This is so that 3rd parties can't hijack your Instance, either intentionally or by mistake.

  4. 4 Posted by denny on 06 Oct, 2016 04:39 PM

    denny's Avatar

    ah I see, thank you for your explanation.

  5. Support Staff 5 Posted by Tasos Laskos on 06 Oct, 2016 08:18 PM

    Tasos Laskos's Avatar

    No problem.

  6. Tasos Laskos closed this discussion on 06 Oct, 2016 08:18 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac