Help Understanding Arachni

danmartinj's Avatar


30 Apr, 2018 06:42 PM


I am trying to come up to speed with web app security testing and more specifically finding a good scanner tool. Currently, I am trying to successfully test my local metasploitable3 GlassFish app. I am not really understanding why I am not able to expand my site map with all available sub urls. Currently I am using:

./arachni --plugin=autologin:url=,parameters="j_username=admin&j_password=sploit&loginButton=Login&loginButton.DisabledHiddenField=true",check="Logout" --scope-exclude-pattern=logout

This command indicates to me a 200 response code and it sends out almost a 1,000 requests within 45 minutes but when I go to site map it only shows 2 pages scanned so maybe I am not properly logging in. At this point it seems like I am missing something easy. Perhaps someone can provide me some advise.


  1. Support Staff 1 Posted by Tasos Laskos on 04 May, 2018 08:42 AM

    Tasos Laskos's Avatar

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:


Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac