setup a profile scan a coldfusion or nodejs based website

fft's Avatar

fft

17 Dec, 2015 10:26 AM

Is there any specific setting that could be useful to scan a website running on coldfusion, or nodejs, or any unsupported language ? Should I uncheck all Programming languages and Frameworks, considering that these checks are very specific to the language/framework, or enable all of them just in case some check could be useful ?

  1. Support Staff 1 Posted by Tasos Laskos on 17 Dec, 2015 09:22 PM

    Tasos Laskos's Avatar

    In those cases it would be better to just not load any of the security checks that apply to language injections, like the code_injection_* ones.

    The platform options serve as optimizations for the loaded checks and if none are selected from a specific category Arachni will assume no prior knowledge and send all available payloads.

  2. 2 Posted by fft on 18 Dec, 2015 10:03 AM

    fft's Avatar

    OK, thank you for the precision, it helps a lot. I am trying to decrease the duration time of scans, and i hope it will help. Is arachni keeping track somewhere of time spent for each of the enabled checks / plugins ?

  3. Support Staff 3 Posted by Tasos Laskos on 18 Dec, 2015 10:10 PM

    Tasos Laskos's Avatar
  4. Tasos Laskos closed this discussion on 25 Jan, 2016 10:52 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac