Understanding how Arachni finds the vulnerabilities

amanda.barbosa's Avatar


02 Jan, 2019 03:48 PM

Hello! I used Arachni to scan a website and it found a Cross-Site Request Forgery. I understand Arachni performs some tests and injections in order to say that this vulnerability exists, and I would like to know where in the report is the explanation of how this vulnerability was found. There are some lines in the report that say "// Injected by Arachni::Browser::Javascript", does this have something to do with it?

The point is that I would like to prove this vulnerability (and many others), and I would like to know how Arachni can help me do that, if it has a list of steps of what it did to find that issue in the page.


Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:


Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac