how to check the scanner progress

naveesharma's Avatar

naveesharma

04 May, 2016 07:44 AM

i am using arachni on command line and have no clue about the progress of scanner. how much it is done and how much more time its going to take. can any one help me on this.

Also provide the configuration steps to configure postgre with arachni web.

  1. Support Staff 1 Posted by Tasos Laskos on 04 May, 2016 08:22 AM

    Tasos Laskos's Avatar

    Hello,

    There's no progress information in Arachni.
    About setting up PG see: https://github.com/Arachni/arachni-ui-web/wiki/database#postgresql

    Cheers

  2. Tasos Laskos closed this discussion on 04 May, 2016 08:22 AM.

  3. naveesharma re-opened this discussion on 04 May, 2016 09:54 AM

  4. 2 Posted by naveesharma on 04 May, 2016 09:54 AM

    naveesharma's Avatar

    Thanks for quick response. is there any way to estimate the expected time ?

  5. Support Staff 3 Posted by Tasos Laskos on 04 May, 2016 09:55 AM

    Tasos Laskos's Avatar

    Not really, that's why there's no progress shown.

  6. 4 Posted by naveesharma on 04 May, 2016 10:24 AM

    naveesharma's Avatar

    i must say this tool is very good. i tried lot many tools and this is the one which has all type of penetration attacks..

    how we can check verification and validation of users ?

  7. Support Staff 5 Posted by Tasos Laskos on 04 May, 2016 10:25 AM

    Tasos Laskos's Avatar

    I'm not sure what you mean about the users.

  8. 6 Posted by naveesharma on 04 May, 2016 10:57 AM

    naveesharma's Avatar

    lets say one application have login page with different user privileges. can we check one user can see the data of others . or user name password hacking

  9. Support Staff 7 Posted by Tasos Laskos on 04 May, 2016 10:58 AM

    Tasos Laskos's Avatar

    There's no reliable way to automate this, Arachni doesn't include this functionality.

  10. 8 Posted by naveesharma on 04 May, 2016 11:35 AM

    naveesharma's Avatar

    i have one more query.. how we can test a web app with login details. i mean app will open its tabs only once you logged in.

  11. Support Staff 9 Posted by Tasos Laskos on 04 May, 2016 11:39 AM

    Tasos Laskos's Avatar
  12. 10 Posted by naveesharma on 04 May, 2016 11:57 AM

    naveesharma's Avatar

    i will try this..how about changing web link from localhost:9292 to accessing from other computer browser with ip address.

  13. Support Staff 11 Posted by Tasos Laskos on 04 May, 2016 12:02 PM

    Tasos Laskos's Avatar

    If you pass the -h flag to arachni_web you'll see the available options.

    Cheers

  14. 12 Posted by naveesharma on 04 May, 2016 12:34 PM

    naveesharma's Avatar

    great support guys so quick to respond. thanks .

  15. Support Staff 13 Posted by Tasos Laskos on 04 May, 2016 12:43 PM

    Tasos Laskos's Avatar

    My pleasure.

    Cheers

  16. Tasos Laskos closed this discussion on 04 May, 2016 12:43 PM.

  17. naveesharma re-opened this discussion on 05 May, 2016 05:08 AM

  18. 14 Posted by naveesharma on 05 May, 2016 05:08 AM

    naveesharma's Avatar

    i was running a scan on static web site and it keep on running for 24 hrs. but after 36 hrs today when i check the progress the cli screen shows killed and no report is being generated. Because of this i lost my 2 days effort .

    1. is there any way to recover or generate the report.

    2. what could be the reason for this . so that going forward i keep a check on that.

  19. Support Staff 15 Posted by Tasos Laskos on 05 May, 2016 06:18 AM

    Tasos Laskos's Avatar

    Unfortunately there's no way to recover the report.

    Sounds like the kernel killed the process, does your machine satisfy the recommended system requirements listed in the bottom of the download page?

    About the scan taking so long, was the server responding unusually slowly or was something in the middle (like a firewall) throttling the connections?

  20. 16 Posted by naveesharma on 05 May, 2016 06:28 AM

    naveesharma's Avatar

    i have 2 GB RAM with 40 GB HDD and having 20 GB approx. free space.

  21. 17 Posted by naveesharma on 05 May, 2016 06:35 AM

    naveesharma's Avatar

    on arachni_web following error is coming.

    "Cannot be executed while running as an RPC server."

    should i continue with the scan. also on this web interface i do not see report generation option ?

  22. Support Staff 18 Posted by Tasos Laskos on 05 May, 2016 06:42 AM

    Tasos Laskos's Avatar

    The system needs at least 2GB of available RAM, if you have 2GB total then your OS and other processes will probably use most of that and not leave a lot for Arachni.

    About the error, it must be some plugin that you enabled that's not supported over RPC.
    About the reports, you'll see them listed on the left sidebar of the scan monitoring page once it finishes.

  23. 19 Posted by naveesharma on 05 May, 2016 08:09 AM

    naveesharma's Avatar

    one more query..if i abort the scan from web interface. will it generate the report. because once i did it and it keep on waiting to finish some task and ultimately after half an hour i quite the browser .

  24. Support Staff 20 Posted by Tasos Laskos on 05 May, 2016 09:22 AM

    Tasos Laskos's Avatar

    This sounds like a bug which has been resolved in the nightlies, give them a try and let me know how it goes.

  25. Tasos Laskos closed this discussion on 03 Aug, 2016 02:30 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac