setup a profile scan a coldfusion or nodejs based website
Is there any specific setting that could be useful to scan a website running on coldfusion, or nodejs, or any unsupported language ? Should I uncheck all Programming languages and Frameworks, considering that these checks are very specific to the language/framework, or enable all of them just in case some check could be useful ?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 17 Dec, 2015 09:22 PM
In those cases it would be better to just not load any of the security checks that apply to language injections, like the
code_injection_*
ones.The platform options serve as optimizations for the loaded checks and if none are selected from a specific category Arachni will assume no prior knowledge and send all available payloads.
2 Posted by fft on 18 Dec, 2015 10:03 AM
OK, thank you for the precision, it helps a lot. I am trying to decrease the duration time of scans, and i hope it will help. Is arachni keeping track somewhere of time spent for each of the enabled checks / plugins ?
Support Staff 3 Posted by Tasos Laskos on 18 Dec, 2015 10:10 PM
No but check this out: http://support.arachni-scanner.com/kb/general-use/optimizing-for-fa...
Tasos Laskos closed this discussion on 25 Jan, 2016 10:52 PM.