Why the need for HTTP://

magnologan's Avatar

magnologan

12 Mar, 2013 06:26 PM

When scanning a web app arachni enforces that you use http://www.site.com as the URL of the app being scanned. Wouldn´t be better if the user didnt specify the protocol that arachni would imply it is http? So that we can use something like this:

arachni site.com

instead of

arachni http://www.site.com

Now it will throw an exception:

url=': Invalid URL argument. (Arachni::Exceptions::InvalidURL) from .rvm/gems/ruby-1.9.3-p194/gems/arachni-0.4.1dev/lib/arachni/options.rb:1076:inparse' from .rvm/gems/ruby-1.9.3-p194/gems/arachni-0.4.1dev/lib/arachni/options.rb:1304:in method_missing' from .rvm/gems/ruby-1.9.3-p194/gems/arachni-0.4.1dev/bin/arachni:20:in' from .rvm/gems/ruby-1.9.3-p194/bin/arachni:23:in load' from .rvm/gems/ruby-1.9.3-p194/bin/arachni:23:in'

by the way I'm running version v0.4.1dev, not sure if this has been already addressed on newer versions.

  1. Support Staff 1 Posted by Tasos Laskos on 12 Mar, 2013 06:32 PM

    Tasos Laskos's Avatar

    That URL serves as a reference point for every sort of path manipulation henceforth and I don't want users to think that Arachni will try to guess what protocol to use (HTTP/HTTPS) automatically (especially when using it in conjunction with the newer --https-only option).

    I feel more comfortable having the user explicitly specify the protocol he wants.

  2. Tasos Laskos closed this discussion on 12 Mar, 2013 06:32 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac