How to avoid external links to be scanned ?
Hello Tasos !
I'm a new user of Arachni and it's a really great tool. I want to
scan my web application which have external links.
I run it with the options --scope-include-pattern and
--scope-exclude-pattern but it's still trying to reach and scan
those external websites.
Do you have any idea on how I can run the scan to avoid that ?
Thanks a lot !
(I'm sorry for my english)
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 15 Jul, 2015 04:00 PM
Hey man,
Arachni does not scan external resources, the browsers may load external assets file but they won't be audited.
Are you seeing something different?
Cheers
2 Posted by lae90m on 16 Jul, 2015 07:46 AM
Hello,
Actually my website is behind a proxy. I didn't give the credentials to Arachni on purpose but I can see many connections attempts made by the tool to external links. It may be the browsers, as you said, but how can I be sure it will have no impact on other website ? Is there an option to solve that ?
Thanks a lot.
Support Staff 3 Posted by Tasos Laskos on 16 Jul, 2015 03:56 PM
That option is hardcoded into the system, it will actively ignore all external resources from the scan and cherry pick domains that serve assets in order to allow these to be loaded by the browsers.
Cheers
Tasos Laskos closed this discussion on 16 Jul, 2015 03:56 PM.