Incomplete security audit when using scope-restrict-paths
Hi,
We are using scope-restrict-paths to restrict the scan to a file containing a list of pre-selected URLs. This is necessary because the sites are very large and an exhaustive scan is infeasible.
However, when using this approach, many security issues are not found. I gather from a similar forum posting in 2016 that Arachni does not use a browser to process the pages when crawler is disabled. This could be the reason and seems like a significant issue but there does not seem to be a solution available in the documentation.
Can you suggest a way to make Arachni use the browser and thus perform a complete scan in this situation?
Thanks
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 04 May, 2018 08:40 AM
Do the URLs have fragments that are used for client-side routing?