tag:support.arachni-scanner.com,2012-07-01:/discussions/questions/14287-reports-from-command-line-much-larger-than-web-interfaceArachni: Discussion 2017-12-21T19:07:00Ztag:support.arachni-scanner.com,2012-07-01:Comment/441536852017-11-28T17:42:20Z2017-11-28T17:42:21ZReports from command line much larger than web interface<div><p>Hi, apologies if this has been discussed already but I could not find it in the discussion groups. I am having an issue with an excessively large index.html file produced from running a scan from the command line.<br>
When I run a report from the web interface, I created a custom profile to use and the output is a very reasonable size (about 16MB) and very clean; it's actually very impressive. However, when I run the same scan from the command line, using the same profile, with the command:<br>
./arachni --profile-load-filepath=/opt/data/profiles/arachni-TestOne.afp https://URL/ the index.html produced in the report is over 400MB in size; this is the index.html alone, not the folder size; the subsequent folders appear to have the same data from either web or command line.<br>
Is there something I am doing wrong with the command line scan? I could not find an option that points in this direction. I am hoping to integrate this with our development environment so the command line option is critical.<br>
Any help is greatly appreciated.</p></div>John Rodgertag:support.arachni-scanner.com,2012-07-01:Comment/441536852017-12-19T16:31:01Z2017-12-19T16:31:01ZReports from command line much larger than web interface<div><p>Hello,</p>
<p>Do both scans (CLI, WebUI) have in the same results?</p>
<p>Cheers</p>
<p>PS. Sorry for the excessively late reply, I've been working on <a href="http://www.arachni-scanner.com/blog/new-engine-sitrep/">something</a>.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/441536852017-12-19T17:57:59Z2017-12-19T17:58:00ZReports from command line much larger than web interface<div><p>Hi Tasos, thanks for getting back to me.</p>
<p>I believe I was doing something wrong, that was not evident from the app logs. I have since streamlined my profile, and that particular issue has not arisen again so I think this was a false alarm and can be ignored, or laughed at, depending on which you prefer. I am currently working on getting the login scripts working, but that is proceeding well.</p>
<p>I would like to mention, I am currently testing several pentesting applications, among them w3af and owasp zap, and your software is far ahead in terms of accuracy and usability.</p>
<p>Please continue to do what you do; arachni is excellent.</p></div>John Rodgertag:support.arachni-scanner.com,2012-07-01:Comment/441536852017-12-19T20:14:00Z2017-12-19T20:14:00ZReports from command line much larger than web interface<div><p>Glad you sorted it out and thank you very much for the kind words.</p>
<p>Cheers man</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/441536852017-12-21T18:03:07Z2017-12-21T18:03:08ZReports from command line much larger than web interface<div><p>Not trying to reopen this ticket, just an FYI...<br>
I believe I figured out what the issue was, and it was related to the login function. The site I am using to test arachni on is bWAPP, so it has plenty of built-in vulnerabilities. Apparently arachni was working a little too well; while probing the website, it also reset the user password, and I did not have the exclude string for 'Logout' present. So, halfway thru it was logging out and attempting to log back in, many times, generating a lot of unnecessary data.<br>
After fixing this issue, I ran the report again with the 'exclude=Logout' option, dumped the mysql password database before running the script and reimporting afterwards, and the generated index.html comes in at 20MB, instead of 250MB.<br>
So yes the problem was of my own making. All is working now and looks to be ready for prime time.<br>
Thanks Tasos!</p></div>John Rodgertag:support.arachni-scanner.com,2012-07-01:Comment/441536852017-12-21T19:06:59Z2017-12-21T19:06:59ZReports from command line much larger than web interface<div><p>Excellent, let me know if you need anything else.</p>
<p>Cheers</p></div>Tasos Laskos