login_script plugin usage
I am running arachni version 1.1-0.5.7, which I downloaded from http://downloads.arachni-scanner.com/arachni-1.1-0.5.7-linux-x86_64..., in a Kali VM. I am trying to audit a website that generates a nonce at the login page, so I've written a little login script to open that page in a browser, according to the instructions here: http://support.arachni-scanner.com/kb/general-use/logging-in-and-ma....
I'm entering in the following command from the bin directory of
the extracted arachnid folder:
./arachni --plugin=login_script:browser=firefox,script=/home/cyber/login1.rb --report-save-path '/home/cyber/arachni.afr' [target URL]
From the program output, it appears there are two errors. I've
included the seemingly relevant parts below, but I can upload the
entire output if that is helpful.
Arachni - Web Application Security Scanner Framework v1.1
Author: Tasos "Zapotek" Laskos <[email blocked]>
(With the support of the community and the Arachni Team.)
Website: http://arachni-scanner.com
Documentation: http://arachni-scanner.com/wiki
[~] No checks were specified, loading all.
[~] No element audit options were specified, will audit links, forms, cookies, JSONs and XMLs.
[*] Initializing...
[*] Preparing plugins...
[*] ... done.
[~] Login script: System paused.
[~] Login script: Running the script.
[-] [ArgumentError] unknown encoding name - utf8
...
[-] Session: [ArgumentError] wrong number of arguments (0 for 1)
...
[-] Login script: A runtime error was encountered while executing the login script.
[~] Login script: Aborting the scan.
...
My question is this: Am I typing the command wrong? Or am I missing some prerequisites for this command to work?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 18 Jun, 2015 03:35 PM
Hey there,
There's no
browseroption for that plugin, it'll be using PhantomJS.You've removed all the good stuff though, I'm afraid I'll need the backtraces and everything.
A look into your script would be helpful as well.
Cheers
2 Posted by Zehr on 18 Jun, 2015 03:47 PM
Ok, I tried the following command instead:
I've attached the login script and full output.Support Staff 3 Posted by Tasos Laskos on 18 Jun, 2015 03:53 PM
Your login script has an error at line 6, apparently
form.select_list( id: 'form:console:0' ).selectis missing an argument.The encoding error is a bug in Arachni though, any chance you can send me the details in private in order to reproduce it?
I won't need to scan anything, just visiting the login page should be enough.
Cheers
4 Posted by Zehr on 18 Jun, 2015 04:08 PM
Ah, I see. I thought the missing argument was referring back to the arachni command. I modified the script, I needed to use
.setrather than.selectand I'm getting a different error, but now I know it's with my script and I'll keep working on it.Interestingly, the encoding error did not reappear after making that change. Unfortunately, I can't share the login page with you because it's behind a VPN firewall.
Thanks for the help
Support Staff 5 Posted by Tasos Laskos on 18 Jun, 2015 04:15 PM
Doing a "Save as" and compressing the directory could work, if you're allowed to share that.
Support Staff 6 Posted by Tasos Laskos on 30 Sep, 2015 02:54 PM
Closing due to lack of feedback, please provide the requested information if you'd like me to pursue this further.
Tasos Laskos closed this discussion on 30 Sep, 2015 02:54 PM.