rescan plugin
I'm trying to use the rescan plugin for the first time and kinda got stuck, not sure if the command is wrong or smth else
--plugin=rescan:afr=a.afr
"a.afr" the name of afr report which is located under /bin generates the following error:
[*] Initialising... [*] Waiting for plugins to settle... [*]
ReScan: System paused. [-] # [-]
/home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/audit_store.rb:127:in
load' [-]
/home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/audit_store.rb:127:in
rescue
in load' [-]
/home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/audit_store.rb:122:in
load' [-]
/home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/plugins/rescan.rb:36:in
run'
[-]
/home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/plugin/manager.rb:112:in
block (3 levels) in run' [-]
/home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/utilities.rb:450:in
call'
[-]
/home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/utilities.rb:450:in
exception_jail' [-]
/home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/plugin/manager.rb:107:in
block
(2 levels) in run' [-] [-] Parent: [-] Arachni::Plugin::Manager [-]
[-] Block: [-]
#Proc:0x00000000d33bf0@/home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/plugin/manager.rb:107
[-] [-] Caller: [-]
/home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/utilities.rb:450:in
exception_jail' [-]
/home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/plugin/manager.rb:107:in
block
(2 levels) in run' [-] ----
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 23 Apr, 2013 12:31 AM
May I see the AFR file please? Looks like it might be corrupted somehow because neither YAML nor Marshal could read it.
2 Posted by user021 on 23 Apr, 2013 08:18 AM
I noticed this morning that the content of report file was almost null, probably was overwritten before i managed to get the right syntax for the command, it works allright now.
user021 closed this discussion on 23 Apr, 2013 08:18 AM.
user021 re-opened this discussion on 23 Apr, 2013 02:45 PM
3 Posted by user021 on 23 Apr, 2013 02:45 PM
Relayed to rescan plugin, without the plugin, when starting a scan, and first request returns status 403, the audit will take place for that page(not sure if that's ok) but after that it will stop, however, when the rescan plugin is used, even if web server returns 403 on each page (idk how it reacts with other bad response codes), the audit will still take place on each page.
Since most of scanners automatically shut down after a number of bad responses are reached, a nice feature to have would be to automatically pause the scan instead if possible.
Speaking about pausing the scan, haven't used much the UI but i seen that there is a pause button, how do i do that from console?
Support Staff 4 Posted by Tasos Laskos on 23 Apr, 2013 03:04 PM
Its description pretty much says it all:
If the server breaks between scans and it starts returning
403
s there's nothing that can be done, Arachni will try to audit all the pages you provided it via therescan
plugin.Do most scanners really do that? That's a terrible idea, you can't assume that because you got a few bad responses everything will behave the same way.
Also, I'm assuming you suggested that the scan be paused so that you can fix the server issue and then continue? That doesn't seem like a good idea either, you'd end up with a half-corrupt scan. You're better off canceling, fixing the server and then starting fresh.
About pausing via the CLI, you can't currently but seems like an easy fix, I'll add it to the experimental branch once v0.4.2 is out -- in a few days.
Tasos Laskos closed this discussion on 23 Apr, 2013 03:04 PM.
user021 re-opened this discussion on 05 Jul, 2013 07:44 AM
5 Posted by user021 on 05 Jul, 2013 07:44 AM
r@r-virtual-machine:~/Desktop/ad/bin$ ./arachni --audit-link --audit-forms --audit-cookies --audit-headers --modules=sqli,trainer plugin=rescan:afr=a.afr --link-count=1777 --user-agent=Mozilla/5.0 --exclude-binaries --auto-redundant=2 --exclude=jpg,mp4,js,css -v 'http://www.potterybarnkids.com/'
/home/r/Desktop/ad/system/gems/bundler/gems/arachni-2469e3f247d1/lib/arachni/options.rb:777:in `url=': Invalid URL argument, please provide a full absolute URL and try again. (Arachni::Options::Error::InvalidURL)
from /home/r/Desktop/ad/system/gems/bundler/gems/arachni-2469e3f247d1/lib/arachni/options.rb:1293:in `parse'
from /home/r/Desktop/ad/system/gems/bundler/gems/arachni-2469e3f247d1/lib/arachni/options.rb:1531:in `method_missing'
from /home/r/Desktop/ad/system/gems/bundler/gems/arachni-2469e3f247d1/bin/arachni:20:in `<top (required)>'
from /home/r/Desktop/ad/bin/../system/arachni-ui-web/bin/arachni:16:in `load'
from /home/r/Desktop/ad/bin/../system/arachni-ui-web/bin/arachni:16:in `<main>'
What i am missing here?
Support Staff 6 Posted by Tasos Laskos on 05 Jul, 2013 08:59 PM
You typed
plugin=rescan:afr=a.afr
instead of--plugin=rescan:afr=a.afr
.Tasos Laskos closed this discussion on 05 Jul, 2013 08:59 PM.
user021 re-opened this discussion on 05 Jul, 2013 09:10 PM
7 Posted by user021 on 05 Jul, 2013 09:10 PM
*facepalm* how could i not see that lalz
user021 closed this discussion on 05 Jul, 2013 09:10 PM.