or Create a profile

Home Questions

Plugint to search for a string ocurence in BODY.

Tomas D.'s Avatar

Tomas D.

17 Jan, 2017 01:17 PM

Helo,

Question: Is there a plugin that could search for string occurence in BODY and report that string occurence?

Anyway I could develop it by myself if needed, just asking anyway for any TIP or Adivce, where to begin.

Thanks for your advice and thanks for the great work with arachni.

Tomas D.

  1. Support Staff 1 Posted by Tasos Laskos on 17 Jan, 2017 01:57 PM

    Tasos Laskos's Avatar

    Hello,

    You need to write a check like this one: https://github.com/Arachni/arachni/blob/experimental/components/che...

    You'll just need to change the filename, class name, the info and of course the regexp.

    Cheers

  2. 2 Posted by Tomas D. on 17 Jan, 2017 05:51 PM

    Tomas D.'s Avatar

    Helped a lot! Thanks Mr!

    If I could have a second, developer question.:
    -Is there a component example, utilising Arachni::Component::Options?

    My motivation: Maybe after I do some research about Arachni::Component::Options, I could publish a component named "Search String in 'Response-BODY'", to the comunity. I know that component like this, is not directly related to web security, but could be pratcital in some way.

    P.S.: The modularity of arachni is nice thing to play with.

    have a nice day

  3. 3 Posted by Tomas D. on 17 Jan, 2017 05:55 PM

    Tomas D.'s Avatar

    And my messy conversation title has to be corrected or deleted:

    "Plugin, to search for a string occurrence in BODY."

    sorry :) did come out unchecked.

  4. Support Staff 4 Posted by Tasos Laskos on 18 Jan, 2017 12:12 PM

    Tasos Laskos's Avatar

    In that case you'll need to write a plugin rather than a check.
    The closest existing plugin is the page_dump one: https://github.com/Arachni/arachni/blob/experimental/components/plu...

    You'll need to set a similar callback to process each page and page.body and then log your results using the register_results method.

    The format of the results however is completely up to you and if you want those results to be included in the reports (other than the default AFR one), you'll need to add the relevant plugin formatters.

    I'd suggest checking out the existing plugins and their formatters to get a feel for how things work.
    If you don't feel comfortable writing this plugin yourself you can open a feature request on GitHub and I'll add one myself for a future release.

    Cheers

  5. Tasos Laskos closed this discussion on 05 Feb, 2017 11:12 AM.

Comments are currently closed for this discussion. You can start a new one.

  • New Issue

  • Conversation Started

  • The discussion is closed

    No more actions from Arachni or the discussion starter are required.

  • Re-open the discussion

Private Permissions

This discussion is private. Only you and Arachni support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

19 Oct, 2023 06:03 PM Error - Not able Scan /ruby/lib/ruby/gems/2.7.0/gems/arachni-1.6.1.3/lib/arachni/rpc/server/framework.rb:156:in `block in run'
12 Aug, 2023 11:04 AM Error when launching arachni_web
08 May, 2023 05:30 PM Security Assessment
05 May, 2023 10:53 AM REST API - Not detecting Any Issues
16 Mar, 2023 02:43 AM BITCOIN LOTTERY - SOFTWARE FREE

Recent Articles

Optimizing for faster scans
Service scanning
Software as a Service (Saas)