Can't stop Arachni from accessing certain pages during scan

amanda.barbosa's Avatar

amanda.barbosa

07 May, 2020 04:42 PM

I'm trying to perform a logged scan on a website, but in order to keep logged in, the root page of the website can't be accessed (the site was configured so that, once logged in, if you access the root page you get logged out).

So, the page that is accessed right after the login is: https://example.com.br/menu.php. If, after the login is successful, I access https://example.com.br, the session expires and the session cookie is invalidated.

I know that the only URLs that interest me are the ones that have "menu.php" and "gestao_municipal.php" in it, so I'm trying to configure Arachni to only access the URLs that have those strings in them, and not access https://example.com.br in any moment during the scan process, but I'm not succeding. The script I'm using is:

arachni https://example.com.br/menu.php --http-cookie-jar="/root/Downloads/cookies.txt" --scope-exclude-pattern="logout" --scope-include-pattern="menu.php|gestao_municipal.php" --scope-directory-depth-limit=6 --scope-page-limit=1000 --scope-dom-depth-limit=2 --scope-auto-redundant=2 --browser-cluster-ignore-images --http-request-timeout=5000 --report-save-path=/root/pentest-web/output/arachni.afr

I also have tried this expression:
--scope-exclude-pattern="example.com.br\z" to try making Arachni NOT include the links in which example.com.br has no characters after ".br"

However, in all those cases, right after the scan starts, I see the following line in Arachni:

[*] XSS in path: Checking for: https://example.com.br/

And the session is immediately invalidated at the browser where I got the session cookie.

Can you help me?

P.S.: I have also tried the expressions:

--scope-include-pattern="gestao_municipal.php" to try making Arachni ONLY include links that have "gestao_municipal.php/" in it;

--scope-include-pattern="gestao_municipal.php/.* " and --scope-include-pattern="menu.php/.* " to try making Arachni ONLY include links that have "gestao_municipal.php/" or "menu.php/" followed by at least one character in it;

--scope-include-pattern="example.com.br/menu.php/.* | example.com.br/gestao_municipal.php/.*" to try making Arachni ONLY include links that have "menu.php/" or "gestao_municipal.php/" followed by at least one character.

These cases gave me 0 scanned pages.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

24 Nov, 2021 09:31 PM
22 Nov, 2021 03:30 AM
16 Oct, 2021 02:37 PM
28 Jul, 2021 01:18 PM
26 May, 2021 01:13 PM