Reports from command line much larger than web interface
John Rodger
Hi, apologies if this has been discussed already but I could not find it in the discussion groups. I am having an issue with an excessively large index.html file produced from running a scan from the command line.
When I run a report from the web interface, I created a custom profile to use and the output is a very reasonable size (about 16MB) and very clean; it's actually very impressive. However, when I run the same scan from the command line, using the same profile, with the command:
./arachni --profile-load-filepath=/opt/data/profiles/arachni-TestOne.afp https://URL/ the index.html produced in the report is over 400MB in size; this is the index.html alone, not the folder size; the subsequent folders appear to have the same data from either web or command line.
Is there something I am doing wrong with the command line scan? I could not find an option that points in this direction. I am hoping to integrate this with our development environment so the command line option is critical.
Any help is greatly appreciated.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on Dec 19, 2017 @ 04:31 PM
Hello,
Do both scans (CLI, WebUI) have in the same results?
Cheers
PS. Sorry for the excessively late reply, I've been working on something.
2 Posted by John Rodger on Dec 19, 2017 @ 05:57 PM
Hi Tasos, thanks for getting back to me.
I believe I was doing something wrong, that was not evident from the app logs. I have since streamlined my profile, and that particular issue has not arisen again so I think this was a false alarm and can be ignored, or laughed at, depending on which you prefer. I am currently working on getting the login scripts working, but that is proceeding well.
I would like to mention, I am currently testing several pentesting applications, among them w3af and owasp zap, and your software is far ahead in terms of accuracy and usability.
Please continue to do what you do; arachni is excellent.
Support Staff 3 Posted by Tasos Laskos on Dec 19, 2017 @ 08:14 PM
Glad you sorted it out and thank you very much for the kind words.
Cheers man
Tasos Laskos closed this discussion on Dec 19, 2017 @ 08:14 PM.
John Rodger re-opened this discussion on Dec 21, 2017 @ 06:03 PM
4 Posted by John Rodger on Dec 21, 2017 @ 06:03 PM
Not trying to reopen this ticket, just an FYI...
I believe I figured out what the issue was, and it was related to the login function. The site I am using to test arachni on is bWAPP, so it has plenty of built-in vulnerabilities. Apparently arachni was working a little too well; while probing the website, it also reset the user password, and I did not have the exclude string for 'Logout' present. So, halfway thru it was logging out and attempting to log back in, many times, generating a lot of unnecessary data.
After fixing this issue, I ran the report again with the 'exclude=Logout' option, dumped the mysql password database before running the script and reimporting afterwards, and the generated index.html comes in at 20MB, instead of 250MB.
So yes the problem was of my own making. All is working now and looks to be ready for prime time.
Thanks Tasos!
Support Staff 5 Posted by Tasos Laskos on Dec 21, 2017 @ 07:06 PM
Excellent, let me know if you need anything else.
Cheers
Tasos Laskos closed this discussion on Dec 21, 2017 @ 07:06 PM.