Using Arachni as a library
Long story short, I am very new to Ruby and I want to use arachni as a library, such that i can write scripts which can invoke the scanner with certain parameters and run the scan. So I need to basically 'require' the Arachni libraries for instance if i use the sample code on the home page, what would be the argument to require :
f = Framework.new
f.opts.url = 'http://testfire.net'
# only audit the first page
f.opts.link_count_limit = 1
f.opts.audit :forms
...
... ...
I have installed the Arachni gem (and all dependencies) but I cannot seem to find the right argument for the require method for my script to run. Might be a completely stupid question but it would be great if you could answer it. Thanks in advance.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 05 Mar, 2013 04:30 AM
I guess this is partly my fault for not having made the notice more visible (making mental note to fix this) but had you scrolled down a bit you'd have seen this:
To make scripting easier you can run the above snippets using:
arachni_script my_script.rb
The "arachni_script" executable will run the given script under the Arachni namespace.
There isn't anything magical to the
arachni_script
executable, it just pulls in the root Arachni namespace (along with some utility ones) so that you won't have to keep referring to objects likeArachni::Framework
andArachni::Page
and stuff like that.So it requires Arachni and sets up the env to make things more convenient.
But, If you want to use Arachni in your Ruby app you can:
Now if that doesn't work (like you mentioned in your tweet) you may want to look into your system's Ruby environment.
Since you are new to Ruby I don't want to make any assumptions about how you went about setting things up so let's start with the basics like, how did you install Arachni?
Cheers
2 Posted by arhn7 on 05 Mar, 2013 05:23 PM
Thank you for a quick response.
I installed Arachni as ruby gem, here is a trace from the terminal:
$ sudo gem install arachni Password:
Fetching: mime-types-1.21.gem (100%)
Fetching: typhoeus-0.3.3.gem (100%)
Building native extensions. This could take a while...
Fetching: polyglot-0.3.3.gem (100%)
Fetching: treetop-1.4.12.gem (100%)
Fetching: i18n-0.6.4.gem (100%)
Fetching: mail-2.5.3.gem (100%)
Fetching: pony-1.4.gem (100%)
Fetching: awesome_print-1.1.0.gem (100%)
Fetching: rb-readline-0.4.2.gem (100%)
Fetching: sys-proctable-0.9.2-universal-darwin.gem (100%)
Building native extensions. This could take a while...
Fetching: terminal-table-1.4.5.gem (100%)
Fetching: rack-1.5.2.gem (100%)
Fetching: rack-protection-1.4.0.gem (100%)
Fetching: tilt-1.3.4.gem (100%)
Fetching: sinatra-1.3.5.gem (100%)
Fetching: backports-3.0.3.gem (100%)
Fetching: rack-test-0.6.2.gem (100%)
Fetching: eventmachine-1.0.1.gem (100%)
Building native extensions. This could take a while...
Fetching: sinatra-contrib-1.3.2.gem (100%)
Fetching: sinatra-flash-0.3.0.gem (100%)
Fetching: async_sinatra-1.0.0.gem (100%)
Fetching: daemons-1.1.9.gem (100%)
Fetching: thin-1.5.0.gem (100%)
Building native extensions. This could take a while...
Fetching: addressable-2.2.8.gem (100%)
Fetching: dm-core-1.2.0.gem (100%)
Fetching: dm-aggregates-1.2.0.gem (100%)
Fetching: dm-constraints-1.2.0.gem (100%)
Fetching: dm-migrations-1.2.0.gem (100%)
Fetching: dm-transactions-1.2.0.gem (100%)
Fetching: fastercsv-1.5.5.gem (100%)
Fetching: multi_json-1.6.1.gem (100%)
Fetching: json_pure-1.7.7.gem (100%)
Fetching: dm-serializer-1.2.2.gem (100%)
Fetching: dm-timestamps-1.2.0.gem (100%)
Fetching: dm-validations-1.2.0.gem (100%)
Fetching: bcrypt-ruby-3.0.1.gem (100%)
Building native extensions. This could take a while...
Fetching: stringex-1.5.1.gem (100%)
Fetching: uuidtools-2.1.3.gem (100%)
Fetching: dm-types-1.2.2.gem (100%)
Fetching: datamapper-1.2.0.gem (100%)
Fetching: data_objects-0.10.12.gem (100%)
Fetching: do_sqlite3-0.10.12.gem (100%)
Building native extensions. This could take a while...
Fetching: dm-do-adapter-1.2.0.gem (100%)
Fetching: dm-sqlite-adapter-1.2.0.gem (100%)
Fetching: net-ssh-2.6.6.gem (100%)
Fetching: net-scp-1.1.0.gem (100%)
Fetching: em-synchrony-1.0.3.gem (100%)
Fetching: arachni-rpc-0.1.2.gem (100%)
Fetching: arachni-rpc-em-0.1.2.gem (100%)
Fetching: arachni-0.4.1.3.gem (100%)
Thank you for installing Arachni, here are some resources which should
help you make the best of it:
Homepage - http://arachni-scanner.com
Blog - http://arachni-scanner.com/blog
Documentation - http://arachni-scanner.com/wiki
Support - http://support.arachni-scanner.com
GitHub page - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter - http://twitter.com/ArachniScanner
Copyright - 2010-2012 Tasos Laskos
License - Apache License v2
Please do not hesitate to ask for assistance (via the support portal)
or report a bug (via GitHub Issues) if you come across any problem.
Successfully installed mime-types-1.21
Successfully installed typhoeus-0.3.3
Successfully installed polyglot-0.3.3
Successfully installed treetop-1.4.12
Successfully installed i18n-0.6.4
Successfully installed mail-2.5.3
Successfully installed pony-1.4
Successfully installed awesome_print-1.1.0
Successfully installed rb-readline-0.4.2
Successfully installed sys-proctable-0.9.2-universal-darwin
Successfully installed terminal-table-1.4.5
Successfully installed rack-1.5.2
Successfully installed rack-protection-1.4.0
Successfully installed tilt-1.3.4
Successfully installed sinatra-1.3.5
Successfully installed backports-3.0.3
Successfully installed rack-test-0.6.2
Successfully installed eventmachine-1.0.1
Successfully installed sinatra-contrib-1.3.2
Successfully installed sinatra-flash-0.3.0
Successfully installed async_sinatra-1.0.0
Successfully installed daemons-1.1.9
Successfully installed thin-1.5.0
Successfully installed addressable-2.2.8
Successfully installed dm-core-1.2.0
Successfully installed dm-aggregates-1.2.0
Successfully installed dm-constraints-1.2.0
Successfully installed dm-migrations-1.2.0
Successfully installed dm-transactions-1.2.0
Successfully installed fastercsv-1.5.5
Successfully installed multi_json-1.6.1
Successfully installed json_pure-1.7.7
Successfully installed dm-serializer-1.2.2
Successfully installed dm-timestamps-1.2.0
Successfully installed dm-validations-1.2.0
Successfully installed bcrypt-ruby-3.0.1
Successfully installed stringex-1.5.1
Successfully installed uuidtools-2.1.3
Successfully installed dm-types-1.2.2
Successfully installed datamapper-1.2.0
Successfully installed data_objects-0.10.12
Successfully installed do_sqlite3-0.10.12
Successfully installed dm-do-adapter-1.2.0
Successfully installed dm-sqlite-adapter-1.2.0
Successfully installed net-ssh-2.6.6
Successfully installed net-scp-1.1.0
Successfully installed em-synchrony-1.0.3
Successfully installed arachni-rpc-0.1.2
Successfully installed arachni-rpc-em-0.1.2
Successfully installed arachni-0.4.1.3
50 gems installed
Here is my ruby version:
$ ruby -v ruby 1.9.3p374 (2013-01-15) [x86_64-darwin11.4.0]
then I went ahead and checked my gems folder to see if the gem was installed:
$ cd /Users/blah/.rvm/gems/ruby-1.9.3-p374/gems $ pwd /Users/blah/.rvm/gems/ruby-1.9.3-p374/gems $ls -l . . drwxr-xr-x 29 root staff 986 Mar 4 19:36 arachni-0.4.1.3
drwxr-xr-x 7 root staff 238 Mar 4 19:32 arachni-rpc-0.1.2
drwxr-xr-x 9 root staff 306 Mar 4 19:32 arachni-rpc-em-0.1.2
. . .
So i see the gem being installed but I can't essentially require 'arachni'. Do you see anything problematic here ? Thanks much for your help.
Support Staff 3 Posted by Tasos Laskos on 05 Mar, 2013 05:25 PM
Since you installed as root, have you tried to run your script as root?
4 Posted by arhn7 on 05 Mar, 2013 05:28 PM
:facepalm:
Damnit !! That was it, i just did sudo to my script and it works. Sorry about wasting your time. Thanks a lot !
Support Staff 5 Posted by Tasos Laskos on 05 Mar, 2013 05:32 PM
No worries. I'll update the instructions in the download page with a notice.
Let me know if you need more help.
Tasos Laskos closed this discussion on 05 Mar, 2013 05:32 PM.