service scanning using REST api.
I am trying to perform service scanning using REST API using the below data in the body.
I am able to do it using the command line.
I need help to do this using the API. How and where should I specify the proxy address and port and use a browser to walk through the application before starting the scan?
{
"url" : "http://demo.testfire.net/",
"http" : {
"user_agent" : "Arachni/v2.0dev",
"request_timeout" : 10000,
"request_redirect_limit" : 5,
"request_concurrency" : 20,
"request_queue_size" : 100,
"request_headers" : {},
"response_max_size" : 500000,
"cookies" : {}
},
"audit" : {
"parameter_values" : true,
"exclude_vector_patterns" : [],
"include_vector_patterns" : [],
"link_templates" : []
},
"input" : {
"values" : {},
"default_values" : {
"(?i-mx:name)" : "arachni_name",
"(?i-mx:user)" : "arachni_user",
"(?i-mx:usr)" : "arachni_user",
"(?i-mx:pass)" : "5543!%arachni_secret",
"(?i-mx:txt)" : "arachni_text",
"(?i-mx:num)" : "132",
"(?i-mx:amount)" : "100",
"(?i-mx:mail)" : "[email blocked]",
"(?i-mx:account)" : "12",
"(?i-mx:id)" : "1"
},
"without_defaults" : false,
"force" : false
},
"browser_cluster" : {
"wait_for_elements" : {},
"pool_size" : 6,
"job_timeout" : 25,
"worker_time_to_live" : 100,
"ignore_images" : false,
"screen_width" : 1600,
"screen_height" : 1200
},
"scope" : {
"redundant_path_patterns" : {},
"dom_depth_limit" : 5,
"exclude_path_patterns" : [],
"exclude_content_patterns" : [],
"include_path_patterns" : [],
"restrict_paths" : [],
"extend_paths" : [],
"url_rewrites" : {}
},
"session" : {},
"checks" : ["*"],
"platforms" : [],
"plugins" : {},
"no_fingerprinting" : false,
"authorized_by" : null
}
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by kumar on 14 Dec, 2017 05:09 AM
I am trying something similar. Can someone help on this?
Support Staff 2 Posted by Tasos Laskos on 19 Dec, 2017 04:20 PM
Try:
Support Staff 3 Posted by Tasos Laskos on 19 Dec, 2017 04:21 PM
About using the browsers, you train Arachni using something external via that proxy, Arachni can't crawl services.
4 Posted by praveen.kumar on 21 Dec, 2017 07:01 AM
Thanks for the response.
I want to proxy some traffic through Arachni Rest API Client,
I used the following Config when I tried to initiate a scan(via. API), but it doesn't seem to be working:
POST: http://localhost:7331/scans
{ "url" : "http://taget-site.xyz/", "plugins": { "port": 9090, "address": "127.0.0.1" } }
Am I making a mistake somewhere?
I have attached a screeshot of the error.
Thanks.
Support Staff 5 Posted by Tasos Laskos on 21 Dec, 2017 07:31 AM
You missed the
proxyplugin, under which the options should be defined, you've set them for the entirepluginssection.6 Posted by praveen.kumar on 21 Dec, 2017 09:18 AM
I am able to proxy the traffic from the browser with this.
{ "url" : "http://demo.testfire.net/", "plugins" : { "proxy": { "port": 9090, "address": "127.0.0.1" } } }how can i stop the proxy and resume the scan through the API?
Support Staff 7 Posted by Tasos Laskos on 21 Dec, 2017 09:21 AM
You need to request http://arachni.proxy/shutdown via the proxy.
8 Posted by praveen.kumar on 21 Dec, 2017 09:31 AM
It works! Thanks a lot.
Tasos Laskos closed this discussion on 22 Dec, 2017 01:04 AM.