帮助
使用-h来查看arachni功能
arachni -h
当扫描进行时,可以使用回车键来暂停/恢复,中断,延缓执行,以及查看一个发现的问题的总结。
可以这样运行arachni:
arachni http://test.com
将会加载所有的checks,在/plugins/defaults下的插件,审计所有的表单,链接以及cookie。
下面的例子中,将会使用所有的的checks,审计链接/表单/cookie,跟随子域名,以及显示各种信息来扫描http://test.com。结果将会保存在test.com.afr文件中:
arachni --output-verbose --scope-include-subdomains http://test.com --report-save-path=test.com.afr
afr文件可以用于生成几种文件格式的报告,例如:
arachni_reporter test.com.afr --report=html:outfile=my_report.html
查看报告的组件:
arachni_reporter --reporters-list
使用*和-简化加载checks过程:
使用*来加载所有的xss checks:
arachni http://example.net --checks=xss*
使用*来加载所有的主动checks:
arachni http://example.net --checks=active/*
只排除csrf check:
arachni http://example.net --checks=*,-csrf
更多资源查看: http://support.arachni-scanner.com/kb/general-use和
http://support.arachni-scanner.com/kb/
命令手册:
通用
版本:(--version)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
输出arachni的banner和版本信息
授权来自 (--authorized-by)
Expects: string
Default: disabled
Multiple invocations?: no
传到这个参数的字符串将会被用于HTTP头中的From域的值。其值应该是授权扫描人的邮件
输出
额外信息 (--output-verbose)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
当允许冗余信息,arachni将会输出整个过程中的细节信息。
例如:
arachni --audit-forms --checks=xss http://testfire.net/ --scope-page-limit=1
将会加载xss checks以及审计所有的表单来扫描http://testfire.net/
冗余信息关闭
上述运行中没有--output-verbose标志位
arachni输出信息分为几类,每一类都有一个不同颜色的前缀:
[+] 成功信息
[v] 冗余信息
[!] 调试信息
[-] 错误信息
我们不讨论颜色问题
引用
Arachni - Web Application Security Scanner Framework v1.0
Author: Tasos "Zapotek" Laskos <[email protected]>
(With the support of the community and the Arachni Team.)
Website: http://arachni-scanner.com
Documentation: http://arachni-scanner.com/wiki
Initializing...
Waiting for plugins to settle...
BrowserCluster: Initializing 6 browsers...
BrowserCluster: Initialization completed with 6 browsers in the pool.
[HTTP: 200] http://testfire.net/ [~] Identified as: windows, iis, asp, aspx
[~] Analysis resulted in 0 usable paths.
[~] DOM depth: 0 (Limit: 10)
XSS: Auditing form input 'txtSearch' pointing to: 'http://testfire.net/search.aspx'
XSS: Submitting form with original values for txtSearch at 'http://testfire.net/search.aspx'.
XSS: Submitting form with sample values for txtSearch at 'http://testfire.net/search.aspx'.
XSS: Auditing form input 'txtSearch' pointing to: 'http://testfire.net/search.aspx'
XSS: Auditing form input 'txtSearch' pointing to: 'http://testfire.net/search.aspx'
Harvesting HTTP responses... [~] Depending on server responsiveness and network conditions this may take a while.
XSS: Analyzing response #2... [~] XSS: Response is tainted, looking for proof of vulnerability.
[+] XSS: In form input 'txtSearch' with action http://testfire.net/search.aspx
XSS: Analyzing response #3...
XSS: Analyzing response #4...
XSS: Analyzing response #5... [~] XSS: Response is tainted, looking for proof of vulnerability.
[+] XSS: In form input 'txtSearch' with action http://testfire.net/search.aspx
XSS: Analyzing response #6... [~] XSS: Response is tainted, looking for proof of vulnerability.
[+] XSS: In form input 'txtSearch' with action http://testfire.net/search.aspx
Author: Tasos "Zapotek" Laskos <[email protected]>
(With the support of the community and the Arachni Team.)
Website: http://arachni-scanner.com
Documentation: http://arachni-scanner.com/wiki
[~] Analysis resulted in 0 usable paths.
[~] DOM depth: 0 (Limit: 10)
[+] XSS: In form input 'txtSearch' with action http://testfire.net/search.aspx
[+] XSS: In form input 'txtSearch' with action http://testfire.net/search.aspx
[+] XSS: In form input 'txtSearch' with action http://testfire.net/search.aspx
冗余信息模式开启
观察这次运行中的额外信息:
[v]信息是额外信息
引用
$ arachni --audit-forms --checks=xss http://testfire.net/ --scope-page-limit=1
--output-verbose
Arachni - Web Application Security Scanner Framework v1.0
Author: Tasos "Zapotek" Laskos <[email protected]>
(With the support of the community and the Arachni Team.)
Website: http://arachni-scanner.com
Documentation: http://arachni-scanner.com/wiki
Initializing...
Waiting for plugins to settle...
BrowserCluster: Initializing 6 browsers...
BrowserCluster: Initialization completed with 6 browsers in the pool.
[HTTP: 200] http://testfire.net/ [~] Identified as: windows, iis, asp, aspx
[~] Analysis resulted in 0 usable paths.
[~] DOM depth: 0 (Limit: 10)
XSS: Auditing form input 'txtSearch' pointing to: 'http://testfire.net/search.aspx' [v] XSS: --> With: "<some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>" -> "arachni_text<some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>"
XSS: Submitting form with original values for txtSearch at 'http://testfire.net/search.aspx'. [v] XSS: --> With: nil -> ""
XSS: Submitting form with sample values for txtSearch at 'http://testfire.net/search.aspx'. [v] XSS: --> With: nil -> ""
XSS: Auditing form input 'txtSearch' pointing to: 'http://testfire.net/search.aspx' [v] XSS: --> With: "()\"&%1'-;<some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>'" -> "arachni_text()\"&%1'-;<some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>'"
XSS: Auditing form input 'txtSearch' pointing to: 'http://testfire.net/search.aspx' [v] XSS: --> With: "--><some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/><!--" -> "arachni_text--><some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/><!--"
Harvesting HTTP responses... [~] Depending on server responsiveness and network conditions this may take a while.
XSS: Analyzing response #2... [~] XSS: Response is tainted, looking for proof of vulnerability.
[+] XSS: In form input 'txtSearch' with action http://testfire.net/search.aspx
[v] XSS: Injected: "arachni_text<some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>"
[v] XSS: Proof: <some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>
[v] XSS: Request:
GET /search.aspx?txtSearch=arachni_text%3Csome_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714%2F%3E HTTP/1.1
Host: testfire.net
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: ASP.NET_SessionId=e4h4wy45jmb5vkrg0wl1rj45;amSessionId=15420499882
XSS: Analyzing response #3...
XSS: Analyzing response #4...
XSS: Analyzing response #6... [~] XSS: Response is tainted, looking for proof of vulnerability.
[+] XSS: In form input 'txtSearch' with action http://testfire.net/search.aspx
[v] XSS: Injected: "arachni_text--><some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/><!--"
[v] XSS: Proof: <some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>
[v] XSS: Request:
GET /search.aspx?txtSearch=arachni_text--%3E%3Csome_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714%2F%3E%3C%21-- HTTP/1.1
Host: testfire.net
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: ASP.NET_SessionId=e4h4wy45jmb5vkrg0wl1rj45;amSessionId=15420499882
XSS: Analyzing response #5... [~] XSS: Response is tainted, looking for proof of vulnerability.
[+] XSS: In form input 'txtSearch' with action http://testfire.net/search.aspx
[v] XSS: Injected: "arachni_text()\"&%1'-;<some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>'"
[v] XSS: Proof: <some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>
[v] XSS: Request:
GET /search.aspx?txtSearch=arachni_text%28%29%22%26%251%27-%3B%3Csome_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714%2F%3E%27 HTTP/1.1
Host: testfire.net
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: ASP.NET_SessionId=e4h4wy45jmb5vkrg0wl1rj45;amSessionId=15420499882
Arachni - Web Application Security Scanner Framework v1.0
Author: Tasos "Zapotek" Laskos <[email protected]>
(With the support of the community and the Arachni Team.)
Website: http://arachni-scanner.com
Documentation: http://arachni-scanner.com/wiki
[~] Analysis resulted in 0 usable paths.
[~] DOM depth: 0 (Limit: 10)
[+] XSS: In form input 'txtSearch' with action http://testfire.net/search.aspx
[v] XSS: Injected: "arachni_text<some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>"
[v] XSS: Proof: <some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>
[v] XSS: Request:
GET /search.aspx?txtSearch=arachni_text%3Csome_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714%2F%3E HTTP/1.1
Host: testfire.net
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: ASP.NET_SessionId=e4h4wy45jmb5vkrg0wl1rj45;amSessionId=15420499882
[+] XSS: In form input 'txtSearch' with action http://testfire.net/search.aspx
[v] XSS: Injected: "arachni_text--><some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/><!--"
[v] XSS: Proof: <some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>
[v] XSS: Request:
GET /search.aspx?txtSearch=arachni_text--%3E%3Csome_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714%2F%3E%3C%21-- HTTP/1.1
Host: testfire.net
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: ASP.NET_SessionId=e4h4wy45jmb5vkrg0wl1rj45;amSessionId=15420499882
[+] XSS: In form input 'txtSearch' with action http://testfire.net/search.aspx
[v] XSS: Injected: "arachni_text()\"&%1'-;<some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>'"
[v] XSS: Proof: <some_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714/>
[v] XSS: Request:
GET /search.aspx?txtSearch=arachni_text%28%29%22%26%251%27-%3B%3Csome_dangerous_input_b2816f222dd9fce0ce8f0cda12aaf714%2F%3E%27 HTTP/1.1
Host: testfire.net
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: ASP.NET_SessionId=e4h4wy45jmb5vkrg0wl1rj45;amSessionId=15420499882
调试 (--output-debug)
Expects: integer
Default: 1
Multiple invocations?: no
当设置该标志位时,系统将会输出许多细节信息。细节的级别为1~3。如果不想淹没在烦人和无聊的信息中,可以使用管道来把调试信息输出到一个独立的文件:
arachni http://example.com --output-debug 2> debug.log
明确的问题 (--output-only-positives)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
除了成功信息外压缩其他的信息--只显示发现的问题
范围
不使用"/"封装的ruby正则表达式
Include (--scope-include-pattern)
Expects: pattern
Default: disabled
Multiple invocations?: yes
把扫描的范围限制为匹配模式的url资源
子域名包含 (--scope-include-subdomains)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
扫描子域名
排除 (--scope-exclude-pattern)
Expects: pattern
Default: disabled
Multiple invocations?: yes
排除匹配正则表达式的url
通过内容排除页面 (--scope-exclude-content-pattern)
Expects: pattern
Default: disabled
Multiple invocations?: yes
排除匹配模式的web页面
Exclude binaries (--scope-exclude-binaries)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
排除包含二进制内容的页面
Note: 二进制内容可能对实施模式匹配的被动check造成困惑
冗余 (--scope-redundant-path-pattern)
Expects: pattern:integer
Default: disabled
Multiple invocations?: yes
该选项为一个正则表达式和一个数字,例如: --scope-redundant-path-pattern='calendar.php:3'
将会导致包含calendar.php的页面只爬虫三次
当扫描很多类似图库或动态生成日历的时候,该选项很有用
Auto-redundant (--scope-auto-redundant)
Expects: integer
Default: disabled (如果没指定,则默认为10)
Multiple invocations?: no
该选项限制扫描时相同参数的url资源的扫描次数。可以避免例如相册或目录造成的无限循环
例如当设置--scope-auto-redundant=2时,下列的url中:
引用
http://test.com/?stuff=1
http://test.com/?stuff=2
http://test.com/?stuff=other-stuff
http://test.com/?stuff=blah
http://test.com/?stuff=blah&stuff2=1
http://test.com/?stuff=blah&stuff2=2
http://test.com/?stuff=blah2&stuff2=bloo
http://test.com/path.php?stuff=blah&stuff2=1
http://test.com/?stuff=2
http://test.com/?stuff=other-stuff
http://test.com/?stuff=blah
http://test.com/?stuff=blah&stuff2=1
http://test.com/?stuff=blah&stuff2=2
http://test.com/?stuff=blah2&stuff2=bloo
http://test.com/path.php?stuff=blah&stuff2=1
检查时只包含:
引用
http://test.com/?stuff=1
http://test.com/?stuff=2
http://test.com/?stuff=blah&stuff2=1
http://test.com/?stuff=blah&stuff2=2
http://test.com/path.php?stuff=blah&stuff2=1
http://test.com/?stuff=2
http://test.com/?stuff=blah&stuff2=1
http://test.com/?stuff=blah&stuff2=2
http://test.com/path.php?stuff=blah&stuff2=1
目录深度限制 (--scope-directory-depth-limit)
Expects: integer
Default: infinite
Multiple invocations?: no
限制扫描器扫描的网站的深度
页面限制 (--scope-page-limit)
Expects: integer
Default: infinite
Multiple invocations?: no
限制扫描页面数目
扩展路径 (--scope-extend-paths)
Expects: filepath
Default: disabled
Multiple invocations?: yes
通过使用指定文件为种子来扩展扫描范围。
必须一行一个路径
限制扫描路径 (--scope-restrict-paths)
Expects: filepath
Default: disabled
Multiple invocations?: yes
Uses the paths contained within the given file instead of performing a crawl.
不使用爬虫,取而代之的是指定文件包含的扫描路径
必须一行一个路径
重写URL (--scope-url-rewrite)
Expects: pattern:substitution
Default: disabled
Multiple invocations?: yes
This option expects a pattern and a substitution, like so:
参数为一个正则表达式和一个替代,例如--scope-url-rewrite='/articles\/[\w-]+\/(\d+)/:articles.php?id=\1'
上述规则将会把urlhttp://test.com/articles/some-stuff/23重写为http://test.com/articles.php?id=23.
DOM深度限制 (--scope-dom-depth-limit)
Expects: integer
Default: infinite
Multiple invocations?: no
将会限制扫描每个页面的DOM结构深度。
HTTPS (--scope-https-only)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
迫使系统仅扫描https
目标url必须是https
审计
审计链接 (--audit-links)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
开启审计链接
审计表单 (--audit-forms)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
开启审计表单
审计cookies (--audit-cookies)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
开启审计cookie
广泛审计cookie (--audit-cookies-extensively)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
If enabled the system will submit all links and forms of the page along with the cookie permutations.
如果开启,系统将会使用cookie提交页面中所有的链接和表单。
将会严重增加扫描时间
审计头部信息 (--audit-headers)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
审计http请求头部信息
Note: 头部信息审计使用暴力破解. 即使web程序没有使用的合法的http头也会被审计
Warning: 开启该选项会增加请求个数
链接模板 (--audit-link-template)
Expects: pattern
Default: disabled
Multiple invocations?: yes
该选项允许提取/审计基于使用名称组(name groups)的ruby正则表达式过滤的路径中的输入
从http://test.com/input1/value1/input2/value2中提取input1和input2,使用:
/input1\/(?<input1>\w+)\/input2\/(?<input2>\w+)/
两种方法 (--audit-with-both-methods)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
如果开启,系统将会使用GET/POST提交所有元素。
Warning:会严重增加扫描时间
排除向量 (--audit-exclude-vector)
Expects: pattern
Default: disabled
Multiple invocations?: yes
不审计输入名字符合正则表达式的向量
包含向量 (--audit-include-vector)
Expects: pattern
Default: disabled
Multiple invocations?: yes
只审计输入名字符合正则表达式的向量
HTTP
User agent (--http-user-agent)
Expects: string
Default: "Arachni/<version>"
Multiple invocations?: no
指定HTTP请求中User-Agent部分
请求并发数 (--http-request-concurrency)
Expects: integer
Default: 20
Multiple invocations?: no
Sets the maximum amount of requests to be active at any given time; this usually directly translates to the amount of open connections.
设定某个时间请求最大个数;通常直接等于开放链接个数。
Note: 如果扫描没有相应,那么降低个数来缓解服务器压力
Warning: 加入有足够带宽和一个较高的并发数设置,扫描将会造成DOS。
请求超时 (--http-request-timeout)
Expects: integer (milliseconds)
Default: 50000
Multiple invocations?: no
设置客户端等待服务器应答的时间
请求重定向限制 (--http-request-redirect-limit)
Expects: integer
Default: 5
Multiple invocations?: no
限制每个请求重定向的次数
请求队列大小 (--http-request-queue-size)
Expects: integer
Default: 500
Multiple invocations?: no
客户端队列的最大请求个数
Note: 多意味着更好的调度和更好的性能, 少意味着较少的RAM消耗
请求头 (--http-request-header)
Expects: string
Default: disabled
Multiple invocations?: yes
运行以键值对的格式指定请求头
例如--http-request-header='field_name=field value'
响应最大大小 (--http-response-max-size)
Expects: integer
Default: infinite
Multiple invocations?: no
限制客户端接收响应体的大小。实质上,客户端不会下载Content-Length大于指定值的响应body。
Cookie jar (--http-cookie-jar)
Expects: filepath
Default: disabled
Multiple invocations?: no
arachni允许传递Netscape cookie-jar file格式的cookie。如果想审计网站登录后的部分,那么应该传递session cookie给arachni。
Note:如果觉得设置cookie-jar不适应,可以使用proxy或autologin插件来登录web应用程序
Cookie字符串 (--http-cookie-string)
Expects: string
Default: disabled
Multiple invocations?: no
Cookies作为字符串发送
例如--http-cookie-string='userid=19;sessionid=deadbeefbabe'
认证user名 (--http-authentication-username)
Expects: string
Default: disabled
Multiple invocations?: no
HTTP认证用的用户名
认证密码 (--http-authentication-password)
Expects: string
Default: disabled
Multiple invocations?: no
HTTP认证用的密码
Proxy (--http-proxy)
Expects: server:port
Default: disabled
Multiple invocations?: no
为客户端设置http代理
代理认证 (--http-proxy-auth)
Expects: username:password
Default: disabled
Multiple invocations?: no
为指定的代理服务器设置认证口令
代理类型 (--http-proxy-type)
Expects: http, http_1_0, socks4, socks5, socks4a
Default: auto
Multiple invocations?: no
设置指定的代理服务器的类型
Input
值 (--input-value)
Expects: pattern:value
Default: disabled
Multiple invocations?: yes
设置匹配模式的输入的值
值 (--input-values-from-file)
Expects: filepath
Default: disabled
Multiple invocations?: no
含有正则表达的hash object的YAML文件,来匹配输入名作为名字,值作为值
不使用默认 (--input-without-defaults)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
如果开启,不使用系统默认值
强制 (--input-force)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
强制系统填写甚至不为空的表单
Checks
列表 (--checks-list)
Expects: pattern
Default: disabled
Multiple invocations?: yes
罗列所有可用的checks。如果提供选项,那么将会作为正则表达式来过滤显示的checks
加载 (--checks)
Expects: string,string
Default: * (all)
Multiple invocations?: no
加载给定名字的checks。
可以使用不含逗号分隔的值,或者*来加载全部. 通过前缀-来组织check被加载.
Note: check参照他们的文件名,不含rb后缀,使用--checks-list查看所有checks
例如:
arachni --checks=xss,sqli,path_traversal http://example.com/ arachni http://example.com/ arachni --checks=*,-backup_files,-xss http://example.com/(加载所有checks除了xss和backup_files)
插件
列举 (--plugins-list)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
罗列所有可用的plugins.
加载 (--plugin)
Expects: string
Default: disabled
Multiple invocations?: yes
加载给定插件,配置参数
Note: 参照他们的文件名,不含rb后缀,使用--plugins-list查看所有
例如排除logout url以及使用autologin插件来登录程序:
arachni http://testfire.net --scope-page-limit=1 --checks=xss \
--plugin=autologin:url=http://testfire.net/bank/login.aspx,parameters='uid=jsmith&passw=Demo1234',check='Sign Off|MY ACCOUNT' \
--scope-exclude-pattern logout
平台
列举 (--platforms-list)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
罗列所有可用平台
Session
检查url (--session-check-url)
Expects: string
Default: disabled
Multiple invocations?: no
Requires: session-check-pattern
传递到这个选项的url将会被用于判断系统仍然登录到web应用程序
如果url的http响应体匹配session-check-pattern,那么表明系统是登录状态
Check模式 (--session-check-pattern)
Expects: string
Default: disabled
Multiple invocations?: no
Requires: session-check-url
一个正则表达式用于匹配session-check-url的body部分用于识别系统是否仍然是登录状态。匹配表明系统是登录状态
Profiles
保存 (--profile-save-filepath)
Expects: filepath
Default: disabled
Multiple invocations?: no
允许保存当前配置, 所有传递的参数保存到Arachni Framework Profile(.afp)文件
加载 (--profile-load-filepath)
Expects: filepath
Default: disabled
Multiple invocations?: no
允许加载和运行一个保存的profile文件.
Note: 该选项不影响设置更多的选项或重新保存profile文件
浏览器簇
Pool大小 (--browser-cluster-pool-size)
Expects: integer
Default: 6
Multiple invocations?: no
pool维护的浏览器进程的个数.
Job 超时 (--browser-cluster-job-timeout)
Expects: integer
Default: 120
Multiple invocations?: no
每个job的允许时间,单位秒
存活工作时间 (--browser-cluster-worker-time-to-live)
Expects: integer
Default: 100
Multiple invocations?: no
在进程重生之前每个进程应该处理的job数
Note: 主要用于防止一个浏览器进程占用太多RAM
忽略图片 (--browser-cluster-ignore-images)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
如果开启,浏览器不会加载图片
屏幕宽度 (--browser-cluster-screen-width)
Expects: integer
Default: 1600
Multiple invocations?: no
设置浏览器屏幕宽度
Note: 用于测试响应和web程序.
屏幕高度 (--browser-cluster-screen-height)
Expects: integer
Default: 1200
Multiple invocations?: no
设置浏览器屏幕高度
Note: 用于测试响应和web程序.
报告
保存路径 (--report-save-path)
Expects: string
Default: .
Multiple invocations?: no
设置存储报告的路径
Note: 可以使用arachni_reporter命令来使用生成的文件来生成不同格式的报告
快照
保存路径 (--snapshot-save-path)
Expects: string
Default: .
Multiple invocations?: no
设置暂停扫描的快照的保存路径
Note: 使用arachni_restore来指定快照开恢复扫描
超时
超时 (--timeout)
Expects: hours:minutes:seconds
Default: infinite
Multiple invocations?: no
运行扫描的最大时间
暂停 (--timeout-suspend)
Expects: <n/a>
Default: disabled
Multiple invocations?: no
如果开启,那么当到达--timeout指定的时间时,扫描将会暂停,而不是中断。