tag:support.arachni-scanner.com,2012-07-01:/discussions/questions/13881-is-there-a-way-to-restrict-arachni-scans-to-only-pages-that-were-browsed-using-proxyArachni: Discussion 2017-10-13T20:56:23Ztag:support.arachni-scanner.com,2012-07-01:Comment/437211672017-10-13T09:16:39Z2017-10-13T09:16:39ZIs there a way to restrict Arachni scans to only pages that were browsed using Proxy<div><p>The checks argument should have been:</p>
<pre>
<code>--checks=*,-common*,-backup*,-backdoors*,-directory_listing</code>
</pre>
<p>Can you try setting <code>--scope-page-limit=1</code>?</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/437211672017-10-13T09:26:24Z2017-10-13T09:26:26ZIs there a way to restrict Arachni scans to only pages that were browsed using Proxy<div><p>Hello Tasos,</p>
<p>Thanks for your response! I will try with scope page limit = 1. Meanwhile, when I try with --checks=<em>,-common</em>,-backup*,-backdoors*,-directory_listing, I get an error saying "zsh: no match found". Also, I tried restricting my scans to URLs using --scope-restrict-paths option but looks like its still scanning pages outside the ones I mentioned in the file.</p>
<p>Best,<br>
Vishal</p></div>Vishal Jindaltag:support.arachni-scanner.com,2012-07-01:Comment/437211672017-10-13T09:29:52Z2017-10-13T09:29:52ZIs there a way to restrict Arachni scans to only pages that were browsed using Proxy<div><p>Ah, you're using zsh, I'm not used to that, I'm a Bash guy.<br>
This may work, although I'm not sure:</p>
<pre>
<code>--checks="*,-common*,-backup*,-backdoors*,-directory_listing"</code>
</pre>
<p>About the scope issues, these options are basically the most used and tested ones, so they rarely present bugs anymore, but without access to the site in order to try and reproduce the issue I really won't be able to tell if something's wrong or not.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/437211672017-10-13T09:34:35Z2017-10-13T09:34:35ZIs there a way to restrict Arachni scans to only pages that were browsed using Proxy<div><p>Great! Let me give this a try and let you know if this worked. Is there any other reason you can think of for Arachni to take so much time to scan in comparison to AppScan? The request number goes up 200000 and still scanning.</p>
<p>Best,<br>
Vishal</p></div>Vishal Jindaltag:support.arachni-scanner.com,2012-07-01:Comment/437211672017-10-13T09:41:45Z2017-10-13T09:41:45ZIs there a way to restrict Arachni scans to only pages that were browsed using Proxy<div><p>This may come as a surprise, but I know absolutely nothing about any other similar type of system -- I'm not really into the competition of the thing, this is just a lot of fun for me so I do it.</p>
<p>If I had to guess, different defaults may be in place, differences in how much coverage each scanner provides, different optimizations, a myriad of things could be going on really.</p>
<p>For example, check out the results of the new engine: <a href="http://www.arachni-scanner.com/blog/new-engine-sneak-peek/">http://www.arachni-scanner.com/blog/new-engine-sneak-peek/</a><br>
It's not inconceivable that others figured some of that clever stuff out first.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/437211672017-10-13T09:44:54Z2017-10-13T09:44:55ZIs there a way to restrict Arachni scans to only pages that were browsed using Proxy<div><p>That makes perfect sense! Thanks for your help. Quick question, does the proxy plugin trains the scanner to only scan pages browsed using proxy or does it just train the system to store login session but will scan entire target URL?</p>
<p>Best,<br>
Vishal</p></div>Vishal Jindaltag:support.arachni-scanner.com,2012-07-01:Comment/437211672017-10-13T09:51:16Z2017-10-13T09:51:16ZIs there a way to restrict Arachni scans to only pages that were browsed using Proxy<div><p>Unless you restrict the scope in some fashion, anything the proxy sees will supplement the normal scope of the scan.<br>
Using it as a login tool is sort of a secondary operation and one of the last resorts to be honest, you should give preference to either the <code>autologin</code> plugin or the <code>login_script</code> one if <code>autologin</code> doesn't cover your case.</p>
<p>I almost forgot btw: <a href="http://support.arachni-scanner.com/kb/general-use/optimizing-for-faster-scans">http://support.arachni-scanner.com/kb/general-use/optimizing-for-fa...</a></p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/437211672017-10-13T09:58:21Z2017-10-13T09:58:24ZIs there a way to restrict Arachni scans to only pages that were browsed using Proxy<div><p>Thanks a lot Tasos! That helps.</p>
<p>Best,<br>
Vishal</p></div>Vishal Jindaltag:support.arachni-scanner.com,2012-07-01:Comment/437211672017-10-13T20:56:22Z2017-10-13T20:56:23ZIs there a way to restrict Arachni scans to only pages that were browsed using Proxy<div><p>Hey Tasos,</p>
<p>Checks plugin worked with quotes. Setting scope page limit helped restrict the scan but it only scanned one page. I also tried restrict path by putting 12 URLs in the file and setting page limit to 1 and directory depth limit to 1, still, arachni scanned only 7 total pages out of 12. I am not sure whats happening. I thought it might be due to 5 pages requiring login credentials to be scanned. Unfortunately, autologin plugin doesnt work to automate login event. So, I tried with proxy but still no luck. I would really appreciate your help to understand what am I missing.</p>
<p>Best,<br>
Vishal</p></div>Vishal Jindal