--scope-extend-paths - not sure if it is working?
Hi,
I am using Arachni CLI, I am using the following command:
"bin/arachni --scope-include-subdomains --scope-extend-paths ./ctm_security_scanner/spider_these_urls.txt --profile-load-filepath ./security_scanner/Security_Profile.afp --report-save-path=arachni_report.afr https://enquiry-submitter.test.io | tee arachni_log.txt"
The "--scope-extend-paths" I have added points to "spider_these_urls.txt" which contains:
http://app:8081/private/ping
http://app:8081/health
http://app:8081/swagger
http://spiderme.com/yeah
However, in the log output it shows all of the directories that it spiders through but not the above 4, where does it show that this is actually spidering into those urls?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 19 May, 2017 01:06 PM
Try setting
--profile-load-filepath
first because right now the profile is overriding the other options.2 Posted by Zukky on 19 May, 2017 02:06 PM
Ok, I moved "--profile-load-filepath" to the start, it now looks like such:
"bin/arachni --profile-load-filepath ./ctm_security_scanner/Security_Profile.afp --scope-include-subdomains --scope-extend-paths ./security_scanner/spider_these_urls.txt --report-save-path=arachni_report.afr https://enquiry-submitter.test.io/health | tee arachni_log.txt"
When I traverse through the arachni_log.txt I cannot find anywhere where it tells me that it has loaded in the urls from spider_these_urls.txt?
Support Staff 3 Posted by Tasos Laskos on 19 May, 2017 02:11 PM
It won't say that explicitly, it'll just include them in the scan, you should see them in the resulting sitemap at the end of the scan.
Support Staff 4 Posted by Tasos Laskos on 19 May, 2017 02:12 PM
By the way, I see that the target and the paths in the file are in different domains, if that's indeed the case then the file paths won't be followed. You can't cross domains, only subdomains.
5 Posted by Zukky on 19 May, 2017 02:26 PM
I was unaware of the domains, I removed the domains that changed and only included subdomains, I also ensured to use the same domain url. Changing the order has also helped. It is all working and I can see the traversed subdomains that were scanned (read from the spider_these_urls.txt) in the Arachni report at the end. Thank you Tasos, your help has been incredible over the past few days of questions i've been throwing across. Keep being you. Zukky
Support Staff 6 Posted by Tasos Laskos on 19 May, 2017 02:28 PM
Haha no worries.
Tasos Laskos closed this discussion on 19 May, 2017 02:28 PM.