tag:support.arachni-scanner.com,2012-07-01:/discussions/questions/13347-scope-extend-paths-not-sure-if-it-is-workingArachni: Discussion 2017-05-19T14:28:09Ztag:support.arachni-scanner.com,2012-07-01:Comment/425879912017-05-18T19:31:06Z2017-05-18T19:31:07Z--scope-extend-paths - not sure if it is working?<div><p>Hi,</p>
<p>I am using Arachni CLI, I am using the following command:</p>
<p>"bin/arachni --scope-include-subdomains --scope-extend-paths ./ctm_security_scanner/spider_these_urls.txt --profile-load-filepath ./security_scanner/Security_Profile.afp --report-save-path=arachni_report.afr <a href="https://enquiry-submitter.test.io">https://enquiry-submitter.test.io</a> | tee arachni_log.txt"</p>
<p>The "--scope-extend-paths" I have added points to "spider_these_urls.txt" which contains:</p>
<p>http://app:8081/private/ping<br>
http://app:8081/health<br>
http://app:8081/swagger<br>
<a href="http://spiderme.com/yeah">http://spiderme.com/yeah</a></p>
<p>However, in the log output it shows all of the directories that it spiders through but not the above 4, where does it show that this is actually spidering into those urls?</p></div>Zukkytag:support.arachni-scanner.com,2012-07-01:Comment/425879912017-05-19T13:06:57Z2017-05-19T13:06:57Z--scope-extend-paths - not sure if it is working?<div><p>Try setting <code>--profile-load-filepath</code> first because right now the profile is overriding the other options.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/425879912017-05-19T14:06:36Z2017-05-19T14:06:38Z--scope-extend-paths - not sure if it is working?<div><p>Ok, I moved "--profile-load-filepath" to the start, it now looks like such:</p>
<p>"bin/arachni --profile-load-filepath ./ctm_security_scanner/Security_Profile.afp --scope-include-subdomains --scope-extend-paths ./security_scanner/spider_these_urls.txt --report-save-path=arachni_report.afr <a href="https://enquiry-submitter.test.io/health">https://enquiry-submitter.test.io/health</a> | tee arachni_log.txt"</p>
<p>When I traverse through the arachni_log.txt I cannot find anywhere where it tells me that it has loaded in the urls from spider_these_urls.txt?</p></div>Zukkytag:support.arachni-scanner.com,2012-07-01:Comment/425879912017-05-19T14:11:12Z2017-05-19T14:11:12Z--scope-extend-paths - not sure if it is working?<div><p>It won't say that explicitly, it'll just include them in the scan, you should see them in the resulting sitemap at the end of the scan.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/425879912017-05-19T14:12:01Z2017-05-19T14:12:01Z--scope-extend-paths - not sure if it is working?<div><p>By the way, I see that the target and the paths in the file are in different domains, if that's indeed the case then the file paths won't be followed. You can't cross domains, only subdomains.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/425879912017-05-19T14:26:54Z2017-05-19T14:26:57Z--scope-extend-paths - not sure if it is working?<div><p>I was unaware of the domains, I removed the domains that changed and only included subdomains, I also ensured to use the same domain url. Changing the order has also helped. It is all working and I can see the traversed subdomains that were scanned (read from the spider_these_urls.txt) in the Arachni report at the end. Thank you Tasos, your help has been incredible over the past few days of questions i've been throwing across. Keep being you. Zukky</p></div>Zukkytag:support.arachni-scanner.com,2012-07-01:Comment/425879912017-05-19T14:28:09Z2017-05-19T14:28:09Z--scope-extend-paths - not sure if it is working?<div><p>Haha no worries.</p></div>Tasos Laskos