Learning Arachni source code

mazharbuet11's Avatar


31 May, 2016 02:40 AM

I am new to Arachni.I need to learn how the code works for sql injection,XSS attacks etc it's algo at code level.
Can u provide me a suggestion on where to start & how to go through :)

  1. Support Staff 1 Posted by Tasos Laskos on 31 May, 2016 06:16 AM

    Tasos Laskos's Avatar


    Try enabling the checks you want along with the --output-debug=4 flag to see the operation.
    This will tell you what's going on as well as point you to the code locations that perform the printed functionality.


  2. 2 Posted by mazharbuet11 on 16 Jun, 2016 05:38 AM

    mazharbuet11's Avatar

    Thanks for your response .
    I have another one.Can you please describe the algorithm how sq_injection is performed in arachni.I have been going over sql_injection.rb and trying to understand .

  3. Support Staff 3 Posted by Tasos Laskos on 16 Jun, 2016 06:39 AM

    Tasos Laskos's Avatar

    Here's the algorithm that's used by that check: https://github.com/Arachni/arachni/blob/experimental/lib/arachni/el...

    Give it a read and let me know if you need more help.

  4. 4 Posted by mazharbuet11 on 16 Jun, 2016 07:10 PM

    mazharbuet11's Avatar

    Sorry but i have gone through it but was unable to understand it.I have a crud idea of the overall process.But need to learn the details of sql injection , xss ,csrf etc.
    Can you please suggest how can I learn the process of automated detection of xss , sql injection csrf in Arachni .Thanks :)

  5. Support Staff 5 Posted by Tasos Laskos on 17 Jun, 2016 09:40 AM

    Tasos Laskos's Avatar

    I don't mean to sound dismissive but I don't have the time to go over how these things work, you could quite literally fill a few books detailing Arachni's operation.

    Did you try enabling the debugging output?

  6. 6 Posted by mazharbuet11 on 17 Jun, 2016 02:58 PM

    mazharbuet11's Avatar

    Yes i did. I don't need you to explain me the details.Just tell me how to proceed to understand the code & algo on a high level :)

  7. Support Staff 7 Posted by Tasos Laskos on 23 Jun, 2016 06:36 AM

    Tasos Laskos's Avatar

    You could grab the source and add your own debugging calls, then when you run it you'll be able to see how the algo operates. I think that's your best bet.
    The checks use many different algos and it would be very time consuming for me to go over everything.

  8. Tasos Laskos closed this discussion on 03 Aug, 2016 02:25 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac