Small white diary 31:kali Penetration Testing Web penetration-scanning Tool-arachni

Source: Internet
Author: User
Tags php server

Scan Tool-arachni

Kali integrates the old Arachni in castrated version, so need to reinstall "In some respects has its uniqueness, but not very powerful, there are command line and web two ways to use" "Anonymous recommended"

Apt-get Update

http://www.arachni-scanner.com/download/#Linux

Tar xvf arachni.tar.gz

./arachni_console #进入命令行模式

./arachni_web #启用web服务, enter web operation mode "belongs to Web Application"

http://localhost:9292/

· [email protected]/administrator #web界面的登录账号密码

SCAN "Default integration of 3 profiles"

Advanced Options "Arachni's uniqueness: Support for distributed scanning"

Results analysis

1. Resetting the database "server configuration Aspects"

2. HTTP TRACE "may cause XSS"

3. Forms transmitted in clear text

4. Common Catalogue

5. Backup configuration file

Generally not directly accessible, in the PHP site, you can view the server side of the file content "normal PHP code will not be directly downloaded by the browser"

# # #常用方法: path +?-s can view most PHP server-side code "Get code, you can do code audit"

User "Use Users"

# #arachni的cookie信息会在一定时间内变化 "Identity authentication to protect against cookie information"

Dispatchers dispatching "remote and grid for advanced options"

You need to use commands to implement

Remote

./ARACHNI_RPCD--address=127.0.0.1--port=1111--nickname=test1 #指定IP Specify port nickname settings

Grid

./ARACHNI_RPCD--address=127.0.0.1--nickname=test2--neighbour=127.0.0.1:1111 #neighbour加入组, by specifying neighbour, forming groups " It is not recommended to point to a neighbour "

Profiles "Scan configuration file (customizable)"

Small white diary 31:kali Penetration Testing Web penetration-scanning Tool-arachni

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.