Is there a way to restrict Arachni scans to only pages that were browsed using Proxy

Vishal Jindal's Avatar

Vishal Jindal

10 Oct, 2017 03:25 PM

Hello,

Is there a way to restrict Arachni from scanning other web links embedded in the page. I am trying to perform scan on three pages, that I browse using Arachni proxy, but the tool scans for over 50 pages and takes over 12 hours to complete scan. Is there something I am doing wrong? I am using following command:

./arachni https://XXXXXX.XXXXXXX.com --scope-page-limit=0 --plugin=proxy --scope-directory-depth-limit=0 --scope-auto-redundant=5 --checks="*",-common,-backup,-backdoors,-directory_listing

Also, it is still performing checks for common directories and backup directories.

Best,
Vishal

  1. Support Staff 1 Posted by Tasos Laskos on 13 Oct, 2017 09:16 AM

    Tasos Laskos's Avatar

    The checks argument should have been:

    --checks=*,-common*,-backup*,-backdoors*,-directory_listing
    

    Can you try setting --scope-page-limit=1?

  2. 2 Posted by Vishal Jindal on 13 Oct, 2017 09:26 AM

    Vishal Jindal's Avatar

    Hello Tasos,

    Thanks for your response! I will try with scope page limit = 1. Meanwhile, when I try with --checks=,-common,-backup*,-backdoors*,-directory_listing, I get an error saying "zsh: no match found". Also, I tried restricting my scans to URLs using --scope-restrict-paths option but looks like its still scanning pages outside the ones I mentioned in the file.

    Best,
    Vishal

  3. Support Staff 3 Posted by Tasos Laskos on 13 Oct, 2017 09:29 AM

    Tasos Laskos's Avatar

    Ah, you're using zsh, I'm not used to that, I'm a Bash guy.
    This may work, although I'm not sure:

    --checks="*,-common*,-backup*,-backdoors*,-directory_listing"
    

    About the scope issues, these options are basically the most used and tested ones, so they rarely present bugs anymore, but without access to the site in order to try and reproduce the issue I really won't be able to tell if something's wrong or not.

  4. 4 Posted by Vishal Jindal on 13 Oct, 2017 09:34 AM

    Vishal Jindal's Avatar

    Great! Let me give this a try and let you know if this worked. Is there any other reason you can think of for Arachni to take so much time to scan in comparison to AppScan? The request number goes up 200000 and still scanning.

    Best,
    Vishal

  5. Support Staff 5 Posted by Tasos Laskos on 13 Oct, 2017 09:41 AM

    Tasos Laskos's Avatar

    This may come as a surprise, but I know absolutely nothing about any other similar type of system -- I'm not really into the competition of the thing, this is just a lot of fun for me so I do it.

    If I had to guess, different defaults may be in place, differences in how much coverage each scanner provides, different optimizations, a myriad of things could be going on really.

    For example, check out the results of the new engine: http://www.arachni-scanner.com/blog/new-engine-sneak-peek/
    It's not inconceivable that others figured some of that clever stuff out first.

  6. 6 Posted by Vishal Jindal on 13 Oct, 2017 09:44 AM

    Vishal Jindal's Avatar

    That makes perfect sense! Thanks for your help. Quick question, does the proxy plugin trains the scanner to only scan pages browsed using proxy or does it just train the system to store login session but will scan entire target URL?

    Best,
    Vishal

  7. Support Staff 7 Posted by Tasos Laskos on 13 Oct, 2017 09:51 AM

    Tasos Laskos's Avatar

    Unless you restrict the scope in some fashion, anything the proxy sees will supplement the normal scope of the scan.
    Using it as a login tool is sort of a secondary operation and one of the last resorts to be honest, you should give preference to either the autologin plugin or the login_script one if autologin doesn't cover your case.

    I almost forgot btw: http://support.arachni-scanner.com/kb/general-use/optimizing-for-fa...

  8. 8 Posted by Vishal Jindal on 13 Oct, 2017 09:58 AM

    Vishal Jindal's Avatar

    Thanks a lot Tasos! That helps.

    Best,
    Vishal

  9. Tasos Laskos closed this discussion on 13 Oct, 2017 10:04 AM.

  10. Vishal Jindal re-opened this discussion on 13 Oct, 2017 08:56 PM

  11. 9 Posted by Vishal Jindal on 13 Oct, 2017 08:56 PM

    Vishal Jindal's Avatar

    Hey Tasos,

    Checks plugin worked with quotes. Setting scope page limit helped restrict the scan but it only scanned one page. I also tried restrict path by putting 12 URLs in the file and setting page limit to 1 and directory depth limit to 1, still, arachni scanned only 7 total pages out of 12. I am not sure whats happening. I thought it might be due to 5 pages requiring login credentials to be scanned. Unfortunately, autologin plugin doesnt work to automate login event. So, I tried with proxy but still no luck. I would really appreciate your help to understand what am I missing.

    Best,
    Vishal

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac