Is there a way to restrict Arachni scans to only pages that were browsed using Proxy
Hello,
Is there a way to restrict Arachni from scanning other web links embedded in the page. I am trying to perform scan on three pages, that I browse using Arachni proxy, but the tool scans for over 50 pages and takes over 12 hours to complete scan. Is there something I am doing wrong? I am using following command:
./arachni https://XXXXXX.XXXXXXX.com --scope-page-limit=0 --plugin=proxy --scope-directory-depth-limit=0 --scope-auto-redundant=5 --checks="*",-common,-backup,-backdoors,-directory_listing
Also, it is still performing checks for common directories and backup directories.
Best,
Vishal
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 13 Oct, 2017 09:16 AM
The checks argument should have been:
Can you try setting
--scope-page-limit=1
?2 Posted by Vishal Jindal on 13 Oct, 2017 09:26 AM
Hello Tasos,
Thanks for your response! I will try with scope page limit = 1. Meanwhile, when I try with --checks=,-common,-backup*,-backdoors*,-directory_listing, I get an error saying "zsh: no match found". Also, I tried restricting my scans to URLs using --scope-restrict-paths option but looks like its still scanning pages outside the ones I mentioned in the file.
Best,
Vishal
Support Staff 3 Posted by Tasos Laskos on 13 Oct, 2017 09:29 AM
Ah, you're using zsh, I'm not used to that, I'm a Bash guy.
This may work, although I'm not sure:
About the scope issues, these options are basically the most used and tested ones, so they rarely present bugs anymore, but without access to the site in order to try and reproduce the issue I really won't be able to tell if something's wrong or not.
4 Posted by Vishal Jindal on 13 Oct, 2017 09:34 AM
Great! Let me give this a try and let you know if this worked. Is there any other reason you can think of for Arachni to take so much time to scan in comparison to AppScan? The request number goes up 200000 and still scanning.
Best,
Vishal
Support Staff 5 Posted by Tasos Laskos on 13 Oct, 2017 09:41 AM
This may come as a surprise, but I know absolutely nothing about any other similar type of system -- I'm not really into the competition of the thing, this is just a lot of fun for me so I do it.
If I had to guess, different defaults may be in place, differences in how much coverage each scanner provides, different optimizations, a myriad of things could be going on really.
For example, check out the results of the new engine: http://www.arachni-scanner.com/blog/new-engine-sneak-peek/
It's not inconceivable that others figured some of that clever stuff out first.
6 Posted by Vishal Jindal on 13 Oct, 2017 09:44 AM
That makes perfect sense! Thanks for your help. Quick question, does the proxy plugin trains the scanner to only scan pages browsed using proxy or does it just train the system to store login session but will scan entire target URL?
Best,
Vishal
Support Staff 7 Posted by Tasos Laskos on 13 Oct, 2017 09:51 AM
Unless you restrict the scope in some fashion, anything the proxy sees will supplement the normal scope of the scan.
Using it as a login tool is sort of a secondary operation and one of the last resorts to be honest, you should give preference to either the
autologin
plugin or thelogin_script
one ifautologin
doesn't cover your case.I almost forgot btw: http://support.arachni-scanner.com/kb/general-use/optimizing-for-fa...
8 Posted by Vishal Jindal on 13 Oct, 2017 09:58 AM
Thanks a lot Tasos! That helps.
Best,
Vishal
Tasos Laskos closed this discussion on 13 Oct, 2017 10:04 AM.
Vishal Jindal re-opened this discussion on 13 Oct, 2017 08:56 PM
9 Posted by Vishal Jindal on 13 Oct, 2017 08:56 PM
Hey Tasos,
Checks plugin worked with quotes. Setting scope page limit helped restrict the scan but it only scanned one page. I also tried restrict path by putting 12 URLs in the file and setting page limit to 1 and directory depth limit to 1, still, arachni scanned only 7 total pages out of 12. I am not sure whats happening. I thought it might be due to 5 pages requiring login credentials to be scanned. Unfortunately, autologin plugin doesnt work to automate login event. So, I tried with proxy but still no luck. I would really appreciate your help to understand what am I missing.
Best,
Vishal