tag:support.arachni-scanner.com,2012-07-01:/discussions/questions/89-api-question-launching-arachni-from-codeArachni: Discussion 2013-01-30T16:24:13Ztag:support.arachni-scanner.com,2012-07-01:Comment/243827372013-01-30T15:29:20Z2013-01-30T15:31:11ZAPI Question: Launching Arachni from code <div><p>I've put some effort into cleaning up the libs to make scripting
easier but there aren't any guides available yet because the
interface isn't stable yet, I keep updating it.</p>
<p>Now that I got the boilerplate out of the way, yes you can do
what you want quite easily (not from Python though), for
example:</p>
<pre>
<code># This depends on your setup.
#require '../../../lib/arachni'
require 'arachni'
# Uncomment if you want to see system output.
#require 'arachni/ui/cli/output'
# By passing a block we ask the Framework to reset itself once the block
# is executed so that it'll be ready for re-use.
Arachni::Framework.new do |f|
# You can also set these individually like so:
# f.opts.url = 'http://testfire.net'
# f.opts.audit :links, :forms
#
# But calling #set is cleaner.
f.opts.set url: 'http://testfire.net',
audit: [:links, :forms, :cookies],
# Only audit one page -- for the purposes of this demo.
link_count_limit: 1
# Load all XSS modules -- to load all available modules use '*'.
f.modules.load 'xss*'
# Run the audit.
f.run
# Go through the logged issues.
f.auditstore.issues.each do |i|
puts "#{i.name.capitalize} in #{i.elem} input '#{i.var}' submitted to '#{i.url}'."
end
end</code>
</pre>
<p>This is the simplest scenario, you can actually audit individual
pages or custom pages and the same goes for elements or bypass the
modules or issue logging or whatever.</p>
<p>Right now, the best place to look is the RSpec examples and the
Arachni code itself.<br>
Of course, if you need help you can give me a shout and I'll be
glad to clarify things for you.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/243827372013-01-30T15:39:32Z2013-01-30T15:39:32ZAPI Question: Launching Arachni from code <div><p>Or did you mean RPC instance? Working over RPC without the
Dispatcher?</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/243827372013-01-30T15:47:40Z2013-01-30T15:47:40ZAPI Question: Launching Arachni from code <div><p>No that is perfect.</p>
<p>I am simply trying to run arachni automatically on web servers
found during a scan, and using nmap-parser have list of hosts and
services already in my ruby env.</p>
<p>Fantastic. Thanks!</p></div>lsmercertag:support.arachni-scanner.com,2012-07-01:Comment/243827372013-01-30T16:24:13Z2013-01-30T16:24:13ZAPI Question: Launching Arachni from code <div><p>Cool, be careful though to either pass a block to
<code>Framework#new</code> (like in the example) or call
<code>#reset</code> on a Framework instance you're finished using
or run each scan in its own process because Arachni is designed to
expect a clean env for each scan, ideally using a process per
scan.</p></div>Tasos Laskos