Changes to the exported xml
Looking at the exported xml for a scan.
For the example for XSS. The xml will give us the <seed>, <affected_input_name>, <proof> <signature>.
I am looking at a way to turn these into a human friendly statement similar to <description> or <remedy_guidance> so that the end user can easily see how to recreate the vulnerability to confirm its existence.
Would the best way to go about this be the creation of a plugin?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 09 Mar, 2017 04:31 PM
Can you give me some information about your setup please? How have you deployed Arachni?
2 Posted by bgerardw on 09 Mar, 2017 04:56 PM
Sorry should have read
For the example of say, XSS. The xml will give us the
‘<seed>’, ‘<affected_input_name>’, ‘<proof>’and ‘ <signature>’.3 Posted by bgerardw on 09 Mar, 2017 05:02 PM
I have deployed it on my Ubuntu local machine and am running it against known vulnerable test sites.
I am using your nightly packages.
I have started looking through the xml and saw the useful elements that can be used to describe how detecting an error might be reproduced.
A few weeks back i did look at setting it up in a dev environment but it was getting a bit tricky as i prefer to use rubymine and pointing the IDE to the sdk in the prepackaged set up is causing issues.
Support Staff 4 Posted by Tasos Laskos on 09 Mar, 2017 05:09 PM
OK, I wanted to make sure that you're not in violation of the license because it sounded like you're integrating with it in some way.
About altering the report, why not just create a script to parse the XML or JSON report and return the info you want in whatever way you want to format it?
Altering the XML report or creating your own reporter would be the most difficult way to achieve what you want.
5 Posted by bgerardw on 10 Mar, 2017 02:09 PM
That is probably best.
I was think that for students it might be nice to have an output that illustrated what they could do to reproduce a vulnerability. It would be a cool way to learn about security.
I want to write a project for college on an introduction to web security and a comparison of tools.
I ran Arachni against this site http://crackme.cenzic.com/kelev/view/home.php and also ran Acunetixs against it. It seems Acunetixs caught more XXS than Arachni but Arachni caught more sqlinjection.
I am going to gather more data against other fake sites that are set up for testing.
Support Staff 6 Posted by Tasos Laskos on 10 Mar, 2017 02:13 PM
Sounds like fun, good luck with it.
Regarding the vulnerabilities, did Acunetix log multiple XSS variations for the same input vectors? Not sure how it works to be honest, but Arachni will log only one vuln type for each input vector.
7 Posted by bgerardw on 10 Mar, 2017 02:24 PM
On the site http://crackme.cenzic.com/kelev/view/home.php , login.php param missed was hLoginType
on updateloanrequest.php, param missed was txtAddress, this page had 20 fields I believe only this one was missed. The other fields were caught.
Support Staff 8 Posted by Tasos Laskos on 14 Mar, 2017 02:43 PM
There seems to be an issue with the parser Arachni uses, I've opened an issue and waiting for a fix.
Support Staff 9 Posted by Tasos Laskos on 20 Mar, 2017 02:34 PM
The fix is in the nighlties.
Tasos Laskos closed this discussion on 20 Mar, 2017 02:34 PM.