Help Understanding Arachni
Hello,
I am trying to come up to speed with web app security testing and more specifically finding a good scanner tool. Currently, I am trying to successfully test my local metasploitable3 GlassFish app. I am not really understanding why I am not able to expand my site map with all available sub urls. Currently I am using:
./arachni https://192.168.1.223:4848 --plugin=autologin:url=https://192.168.1.223:4848/common/index.jsf,parameters="j_username=admin&j_password=sploit&loginButton=Login&loginButton.DisabledHiddenField=true",check="Logout" --scope-exclude-pattern=logout
This command indicates to me a 200 response code and it sends out almost a 1,000 requests within 45 minutes but when I go to site map it only shows 2 pages scanned so maybe I am not properly logging in. At this point it seems like I am missing something easy. Perhaps someone can provide me some advise.
R
Joe
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 04 May, 2018 08:42 AM
Have you looked at this article?
http://support.arachni-scanner.com/kb/general-use/optimizing-for-fa...