Using Arachni as a library

arhn7's Avatar

arhn7

05 Mar, 2013 04:17 AM

Long story short, I am very new to Ruby and I want to use arachni as a library, such that i can write scripts which can invoke the scanner with certain parameters and run the scan. So I need to basically 'require' the Arachni libraries for instance if i use the sample code on the home page, what would be the argument to require :

f = Framework.new

f.opts.url = 'http://testfire.net'

# only audit the first page
f.opts.link_count_limit = 1

f.opts.audit :forms
...

... ...

I have installed the Arachni gem (and all dependencies) but I cannot seem to find the right argument for the require method for my script to run. Might be a completely stupid question but it would be great if you could answer it. Thanks in advance.

  1. Support Staff 1 Posted by Tasos Laskos on 05 Mar, 2013 04:30 AM

    Tasos Laskos's Avatar

    I guess this is partly my fault for not having made the notice more visible (making mental note to fix this) but had you scrolled down a bit you'd have seen this:



    To make scripting easier you can run the above snippets using:

    arachni_script my_script.rb

    The "arachni_script" executable will run the given script under the Arachni namespace.


    There isn't anything magical to the arachni_script executable, it just pulls in the root Arachni namespace (along with some utility ones) so that you won't have to keep referring to objects like Arachni::Framework and Arachni::Page and stuff like that.

    So it requires Arachni and sets up the env to make things more convenient.

    But, If you want to use Arachni in your Ruby app you can:

    require 'arachni'
    
    f = Arachni::Framework.new
    
    f.opts.url = 'http://testfire.net'
    
    # only audit the first page
    f.opts.link_count_limit = 1
    
    f.opts.audit :forms
    

    Now if that doesn't work (like you mentioned in your tweet) you may want to look into your system's Ruby environment.

    Since you are new to Ruby I don't want to make any assumptions about how you went about setting things up so let's start with the basics like, how did you install Arachni?

    Cheers

  2. 2 Posted by arhn7 on 05 Mar, 2013 05:23 PM

    arhn7's Avatar

    Thank you for a quick response.

    I installed Arachni as ruby gem, here is a trace from the terminal:
    $ sudo gem install arachni Password:
    Fetching: mime-types-1.21.gem (100%)
    Fetching: typhoeus-0.3.3.gem (100%)
    Building native extensions. This could take a while...
    Fetching: polyglot-0.3.3.gem (100%)
    Fetching: treetop-1.4.12.gem (100%)
    Fetching: i18n-0.6.4.gem (100%)
    Fetching: mail-2.5.3.gem (100%)
    Fetching: pony-1.4.gem (100%)
    Fetching: awesome_print-1.1.0.gem (100%)
    Fetching: rb-readline-0.4.2.gem (100%)
    Fetching: sys-proctable-0.9.2-universal-darwin.gem (100%)
    Building native extensions. This could take a while...
    Fetching: terminal-table-1.4.5.gem (100%)
    Fetching: rack-1.5.2.gem (100%)
    Fetching: rack-protection-1.4.0.gem (100%)
    Fetching: tilt-1.3.4.gem (100%)
    Fetching: sinatra-1.3.5.gem (100%)
    Fetching: backports-3.0.3.gem (100%)
    Fetching: rack-test-0.6.2.gem (100%)
    Fetching: eventmachine-1.0.1.gem (100%)
    Building native extensions. This could take a while...
    Fetching: sinatra-contrib-1.3.2.gem (100%)
    Fetching: sinatra-flash-0.3.0.gem (100%)
    Fetching: async_sinatra-1.0.0.gem (100%)
    Fetching: daemons-1.1.9.gem (100%)
    Fetching: thin-1.5.0.gem (100%)
    Building native extensions. This could take a while...
    Fetching: addressable-2.2.8.gem (100%)
    Fetching: dm-core-1.2.0.gem (100%)
    Fetching: dm-aggregates-1.2.0.gem (100%)
    Fetching: dm-constraints-1.2.0.gem (100%)
    Fetching: dm-migrations-1.2.0.gem (100%)
    Fetching: dm-transactions-1.2.0.gem (100%)
    Fetching: fastercsv-1.5.5.gem (100%)
    Fetching: multi_json-1.6.1.gem (100%)
    Fetching: json_pure-1.7.7.gem (100%)
    Fetching: dm-serializer-1.2.2.gem (100%)
    Fetching: dm-timestamps-1.2.0.gem (100%)
    Fetching: dm-validations-1.2.0.gem (100%)
    Fetching: bcrypt-ruby-3.0.1.gem (100%)
    Building native extensions. This could take a while...
    Fetching: stringex-1.5.1.gem (100%)
    Fetching: uuidtools-2.1.3.gem (100%)
    Fetching: dm-types-1.2.2.gem (100%)
    Fetching: datamapper-1.2.0.gem (100%)
    Fetching: data_objects-0.10.12.gem (100%)
    Fetching: do_sqlite3-0.10.12.gem (100%)
    Building native extensions. This could take a while...
    Fetching: dm-do-adapter-1.2.0.gem (100%)
    Fetching: dm-sqlite-adapter-1.2.0.gem (100%)
    Fetching: net-ssh-2.6.6.gem (100%)
    Fetching: net-scp-1.1.0.gem (100%)
    Fetching: em-synchrony-1.0.3.gem (100%)
    Fetching: arachni-rpc-0.1.2.gem (100%)
    Fetching: arachni-rpc-em-0.1.2.gem (100%)
    Fetching: arachni-0.4.1.3.gem (100%)

    Thank you for installing Arachni, here are some resources which should
    help you make the best of it:

    Homepage - http://arachni-scanner.com
    Blog - http://arachni-scanner.com/blog
    Documentation - http://arachni-scanner.com/wiki
    Support - http://support.arachni-scanner.com
    GitHub page - http://github.com/Arachni/arachni
    Code Documentation - http://rubydoc.info/github/Arachni/arachni
    Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
    Twitter - http://twitter.com/ArachniScanner
    Copyright - 2010-2012 Tasos Laskos
    License - Apache License v2

    Please do not hesitate to ask for assistance (via the support portal)
    or report a bug (via GitHub Issues) if you come across any problem.

    Successfully installed mime-types-1.21
    Successfully installed typhoeus-0.3.3
    Successfully installed polyglot-0.3.3
    Successfully installed treetop-1.4.12
    Successfully installed i18n-0.6.4
    Successfully installed mail-2.5.3
    Successfully installed pony-1.4
    Successfully installed awesome_print-1.1.0
    Successfully installed rb-readline-0.4.2
    Successfully installed sys-proctable-0.9.2-universal-darwin
    Successfully installed terminal-table-1.4.5
    Successfully installed rack-1.5.2
    Successfully installed rack-protection-1.4.0
    Successfully installed tilt-1.3.4
    Successfully installed sinatra-1.3.5
    Successfully installed backports-3.0.3
    Successfully installed rack-test-0.6.2
    Successfully installed eventmachine-1.0.1
    Successfully installed sinatra-contrib-1.3.2
    Successfully installed sinatra-flash-0.3.0
    Successfully installed async_sinatra-1.0.0
    Successfully installed daemons-1.1.9
    Successfully installed thin-1.5.0
    Successfully installed addressable-2.2.8
    Successfully installed dm-core-1.2.0
    Successfully installed dm-aggregates-1.2.0
    Successfully installed dm-constraints-1.2.0
    Successfully installed dm-migrations-1.2.0
    Successfully installed dm-transactions-1.2.0
    Successfully installed fastercsv-1.5.5
    Successfully installed multi_json-1.6.1
    Successfully installed json_pure-1.7.7
    Successfully installed dm-serializer-1.2.2
    Successfully installed dm-timestamps-1.2.0
    Successfully installed dm-validations-1.2.0
    Successfully installed bcrypt-ruby-3.0.1
    Successfully installed stringex-1.5.1
    Successfully installed uuidtools-2.1.3
    Successfully installed dm-types-1.2.2
    Successfully installed datamapper-1.2.0
    Successfully installed data_objects-0.10.12
    Successfully installed do_sqlite3-0.10.12
    Successfully installed dm-do-adapter-1.2.0
    Successfully installed dm-sqlite-adapter-1.2.0
    Successfully installed net-ssh-2.6.6
    Successfully installed net-scp-1.1.0
    Successfully installed em-synchrony-1.0.3
    Successfully installed arachni-rpc-0.1.2
    Successfully installed arachni-rpc-em-0.1.2
    Successfully installed arachni-0.4.1.3
    50 gems installed

    Here is my ruby version:
    $ ruby -v ruby 1.9.3p374 (2013-01-15) [x86_64-darwin11.4.0]

    then I went ahead and checked my gems folder to see if the gem was installed:
    $ cd /Users/blah/.rvm/gems/ruby-1.9.3-p374/gems $ pwd /Users/blah/.rvm/gems/ruby-1.9.3-p374/gems $ls -l . . drwxr-xr-x 29 root staff 986 Mar 4 19:36 arachni-0.4.1.3
    drwxr-xr-x 7 root staff 238 Mar 4 19:32 arachni-rpc-0.1.2
    drwxr-xr-x 9 root staff 306 Mar 4 19:32 arachni-rpc-em-0.1.2
    . . .

    So i see the gem being installed but I can't essentially require 'arachni'. Do you see anything problematic here ? Thanks much for your help.

  3. Support Staff 3 Posted by Tasos Laskos on 05 Mar, 2013 05:25 PM

    Tasos Laskos's Avatar

    Since you installed as root, have you tried to run your script as root?

  4. 4 Posted by arhn7 on 05 Mar, 2013 05:28 PM

    arhn7's Avatar

    :facepalm:

    Damnit !! That was it, i just did sudo to my script and it works. Sorry about wasting your time. Thanks a lot !

  5. Support Staff 5 Posted by Tasos Laskos on 05 Mar, 2013 05:32 PM

    Tasos Laskos's Avatar

    No worries. I'll update the instructions in the download page with a notice.

    Let me know if you need more help.

  6. Tasos Laskos closed this discussion on 05 Mar, 2013 05:32 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac