rescan plugin

user021's Avatar

user021

22 Apr, 2013 08:08 PM

I'm trying to use the rescan plugin for the first time and kinda got stuck, not sure if the command is wrong or smth else

--plugin=rescan:afr=a.afr

"a.afr" the name of afr report which is located under /bin generates the following error:

[*] Initialising... [*] Waiting for plugins to settle... [*] ReScan: System paused. [-] # [-] /home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/audit_store.rb:127:in load' [-] /home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/audit_store.rb:127:inrescue in load' [-] /home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/audit_store.rb:122:in load' [-] /home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/plugins/rescan.rb:36:inrun' [-] /home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/plugin/manager.rb:112:in block (3 levels) in run' [-] /home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/utilities.rb:450:incall' [-] /home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/utilities.rb:450:in exception_jail' [-] /home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/plugin/manager.rb:107:inblock (2 levels) in run' [-] [-] Parent: [-] Arachni::Plugin::Manager [-] [-] Block: [-] #Proc:0x00000000d33bf0@/home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/plugin/manager.rb:107 [-] [-] Caller: [-] /home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/utilities.rb:450:in exception_jail' [-] /home/r/Desktop/ad/system/gems/bundler/gems/arachni-63c6ff0d26b6/lib/arachni/plugin/manager.rb:107:inblock (2 levels) in run' [-] ----

  1. Support Staff 1 Posted by Tasos Laskos on 23 Apr, 2013 12:31 AM

    Tasos Laskos's Avatar

    May I see the AFR file please? Looks like it might be corrupted somehow because neither YAML nor Marshal could read it.

  2. 2 Posted by user021 on 23 Apr, 2013 08:18 AM

    user021's Avatar

    I noticed this morning that the content of report file was almost null, probably was overwritten before i managed to get the right syntax for the command, it works allright now.

  3. user021 closed this discussion on 23 Apr, 2013 08:18 AM.

  4. user021 re-opened this discussion on 23 Apr, 2013 02:45 PM

  5. 3 Posted by user021 on 23 Apr, 2013 02:45 PM

    user021's Avatar

    Relayed to rescan plugin, without the plugin, when starting a scan, and first request returns status 403, the audit will take place for that page(not sure if that's ok) but after that it will stop, however, when the rescan plugin is used, even if web server returns 403 on each page (idk how it reacts with other bad response codes), the audit will still take place on each page.
    Since most of scanners automatically shut down after a number of bad responses are reached, a nice feature to have would be to automatically pause the scan instead if possible.
    Speaking about pausing the scan, haven't used much the UI but i seen that there is a pause button, how do i do that from console?

  6. Support Staff 4 Posted by Tasos Laskos on 23 Apr, 2013 03:04 PM

    Tasos Laskos's Avatar

    Its description pretty much says it all:

     [*] rescan:
    --------------------
    Name:           ReScan
    Description:    It uses the AFR report of a previous scan to
                    extract the sitemap in order to avoid a redundant crawl.
    

    If the server breaks between scans and it starts returning 403s there's nothing that can be done, Arachni will try to audit all the pages you provided it via the rescan plugin.

    Do most scanners really do that? That's a terrible idea, you can't assume that because you got a few bad responses everything will behave the same way.

    Also, I'm assuming you suggested that the scan be paused so that you can fix the server issue and then continue? That doesn't seem like a good idea either, you'd end up with a half-corrupt scan. You're better off canceling, fixing the server and then starting fresh.

    About pausing via the CLI, you can't currently but seems like an easy fix, I'll add it to the experimental branch once v0.4.2 is out -- in a few days.

  7. Tasos Laskos closed this discussion on 23 Apr, 2013 03:04 PM.

  8. user021 re-opened this discussion on 05 Jul, 2013 07:44 AM

  9. 5 Posted by user021 on 05 Jul, 2013 07:44 AM

    user021's Avatar

    r@r-virtual-machine:~/Desktop/ad/bin$ ./arachni --audit-link --audit-forms --audit-cookies --audit-headers --modules=sqli,trainer plugin=rescan:afr=a.afr --link-count=1777 --user-agent=Mozilla/5.0 --exclude-binaries --auto-redundant=2 --exclude=jpg,mp4,js,css -v 'http://www.potterybarnkids.com/'
    /home/r/Desktop/ad/system/gems/bundler/gems/arachni-2469e3f247d1/lib/arachni/options.rb:777:in `url=': Invalid URL argument, please provide a full absolute URL and try again. (Arachni::Options::Error::InvalidURL)
    from /home/r/Desktop/ad/system/gems/bundler/gems/arachni-2469e3f247d1/lib/arachni/options.rb:1293:in `parse'
    from /home/r/Desktop/ad/system/gems/bundler/gems/arachni-2469e3f247d1/lib/arachni/options.rb:1531:in `method_missing'
    from /home/r/Desktop/ad/system/gems/bundler/gems/arachni-2469e3f247d1/bin/arachni:20:in `<top (required)>'
    from /home/r/Desktop/ad/bin/../system/arachni-ui-web/bin/arachni:16:in `load'
    from /home/r/Desktop/ad/bin/../system/arachni-ui-web/bin/arachni:16:in `<main>'

    What i am missing here?

  10. Support Staff 6 Posted by Tasos Laskos on 05 Jul, 2013 08:59 PM

    Tasos Laskos's Avatar

    You typed plugin=rescan:afr=a.afr instead of --plugin=rescan:afr=a.afr.

  11. Tasos Laskos closed this discussion on 05 Jul, 2013 08:59 PM.

  12. user021 re-opened this discussion on 05 Jul, 2013 09:10 PM

  13. 7 Posted by user021 on 05 Jul, 2013 09:10 PM

    user021's Avatar

    *facepalm* how could i not see that lalz

  14. user021 closed this discussion on 05 Jul, 2013 09:10 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac