Incomplete security audit when using scope-restrict-paths

Nik's Avatar


03 May, 2018 06:39 AM


We are using scope-restrict-paths to restrict the scan to a file containing a list of pre-selected URLs. This is necessary because the sites are very large and an exhaustive scan is infeasible.

However, when using this approach, many security issues are not found. I gather from a similar forum posting in 2016 that Arachni does not use a browser to process the pages when crawler is disabled. This could be the reason and seems like a significant issue but there does not seem to be a solution available in the documentation.

Can you suggest a way to make Arachni use the browser and thus perform a complete scan in this situation?


  1. Support Staff 1 Posted by Tasos Laskos on 04 May, 2018 08:40 AM

    Tasos Laskos's Avatar

    Do the URLs have fragments that are used for client-side routing?

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:


Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac