Help Understanding Arachni

danmartinj's Avatar

danmartinj

30 Apr, 2018 06:42 PM

Hello,

I am trying to come up to speed with web app security testing and more specifically finding a good scanner tool. Currently, I am trying to successfully test my local metasploitable3 GlassFish app. I am not really understanding why I am not able to expand my site map with all available sub urls. Currently I am using:

./arachni https://192.168.1.223:4848 --plugin=autologin:url=https://192.168.1.223:4848/common/index.jsf,parameters="j_username=admin&j_password=sploit&loginButton=Login&loginButton.DisabledHiddenField=true",check="Logout" --scope-exclude-pattern=logout

This command indicates to me a 200 response code and it sends out almost a 1,000 requests within 45 minutes but when I go to site map it only shows 2 pages scanned so maybe I am not properly logging in. At this point it seems like I am missing something easy. Perhaps someone can provide me some advise.

R
Joe

  1. Support Staff 1 Posted by Tasos Laskos on 04 May, 2018 08:42 AM

    Tasos Laskos's Avatar

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

13 Aug, 2018 01:14 PM
07 Aug, 2018 04:15 AM
02 Aug, 2018 05:11 PM
01 Aug, 2018 08:06 PM
01 Aug, 2018 02:50 PM