Reports from command line much larger than web interface

John Rodger's Avatar

John Rodger

28 Nov, 2017 05:42 PM

Hi, apologies if this has been discussed already but I could not find it in the discussion groups. I am having an issue with an excessively large index.html file produced from running a scan from the command line.
When I run a report from the web interface, I created a custom profile to use and the output is a very reasonable size (about 16MB) and very clean; it's actually very impressive. However, when I run the same scan from the command line, using the same profile, with the command:
./arachni --profile-load-filepath=/opt/data/profiles/arachni-TestOne.afp https://URL/ the index.html produced in the report is over 400MB in size; this is the index.html alone, not the folder size; the subsequent folders appear to have the same data from either web or command line.
Is there something I am doing wrong with the command line scan? I could not find an option that points in this direction. I am hoping to integrate this with our development environment so the command line option is critical.
Any help is greatly appreciated.

  1. Support Staff 1 Posted by Tasos Laskos on 19 Dec, 2017 04:31 PM

    Tasos Laskos's Avatar


    Do both scans (CLI, WebUI) have in the same results?


    PS. Sorry for the excessively late reply, I've been working on something.

  2. 2 Posted by John Rodger on 19 Dec, 2017 05:57 PM

    John Rodger's Avatar

    Hi Tasos, thanks for getting back to me.

    I believe I was doing something wrong, that was not evident from the app logs. I have since streamlined my profile, and that particular issue has not arisen again so I think this was a false alarm and can be ignored, or laughed at, depending on which you prefer. I am currently working on getting the login scripts working, but that is proceeding well.

    I would like to mention, I am currently testing several pentesting applications, among them w3af and owasp zap, and your software is far ahead in terms of accuracy and usability.

    Please continue to do what you do; arachni is excellent.

  3. Support Staff 3 Posted by Tasos Laskos on 19 Dec, 2017 08:14 PM

    Tasos Laskos's Avatar

    Glad you sorted it out and thank you very much for the kind words.

    Cheers man

  4. Tasos Laskos closed this discussion on 19 Dec, 2017 08:14 PM.

  5. John Rodger re-opened this discussion on 21 Dec, 2017 06:03 PM

  6. 4 Posted by John Rodger on 21 Dec, 2017 06:03 PM

    John Rodger's Avatar

    Not trying to reopen this ticket, just an FYI...
    I believe I figured out what the issue was, and it was related to the login function. The site I am using to test arachni on is bWAPP, so it has plenty of built-in vulnerabilities. Apparently arachni was working a little too well; while probing the website, it also reset the user password, and I did not have the exclude string for 'Logout' present. So, halfway thru it was logging out and attempting to log back in, many times, generating a lot of unnecessary data.
    After fixing this issue, I ran the report again with the 'exclude=Logout' option, dumped the mysql password database before running the script and reimporting afterwards, and the generated index.html comes in at 20MB, instead of 250MB.
    So yes the problem was of my own making. All is working now and looks to be ready for prime time.
    Thanks Tasos!

  7. Support Staff 5 Posted by Tasos Laskos on 21 Dec, 2017 07:06 PM

    Tasos Laskos's Avatar

    Excellent, let me know if you need anything else.


  8. Tasos Laskos closed this discussion on 21 Dec, 2017 07:06 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac