切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
266 Arachni 2 命令[复制链接]
发表于 2012-9-12 00:26:28 | 显示全部楼层 |!read_mode!
查看帮助
  1. root@Dis9Team:/pen/web/arachni-v0.4.0.2-cde# ln -s /pen/web/arachni-v0.4.0.2-cde/arachni /usr/bin/arachni
  2. root@Dis9Team:/pen/web/arachni-v0.4.0.2-cde# arachni -h
  3. ......
复制代码
保存结果
  1. root@Dis9Team:~# arachni -fv http://5.5.5.8 --report=afr:outfile=/tmp/1.afr
复制代码

默认的 使用全部 模块

CTRL + C 查看当前测试进度信息

输出结果类型
  1. root@Dis9Team:/tmp# arachni --lsrep
  2. root@Dis9Team:/tmp# arachni --lsrep
  3. Arachni - Web Application Security Scanner Framework v0.4.0.2 [0.2.5]
  4.        Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
  5.                                       <zapotek@segfault.gr>
  6.                (With the support of the community and the Arachni Team.)

  7.        Website:       http://arachni.segfault.gr - http://github.com/Zapotek/arachni
  8.        Documentation: http://github.com/Zapotek/arachni/wiki


  9. [~] No modules were specified.
  10. [~]  -> Will run all mods.
  11. [~] No audit options were specified.
  12. [~]  -> Will audit links, forms and cookies.


  13. [~] Available reports:

  14. /usr/local/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': iconv will be deprecated in the future, use String#encode instead.
  15. [*] txt:
  16. --------------------
  17. Name:                Text report
  18. Description:        Exports a report as a plain text file.
  19. Options:       
  20. [~]         outfile - Where to save the report.
  21. [~]         Type:        string
  22. [~]         Default:     2012-09-03 00.09.45 -0700.txt
  23. [~]         Required?:   false

  24. Author:                Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
  25. Version:        0.2
  26. Path:        /home/zapotek/rubygems/gem/gems/arachni-0.4.0.2/reports/txt.rb

  27. [*] yaml:
  28. --------------------
  29. Name:                YAML Report
  30. Description:        Exports the audit results as a YAML file.
  31. Options:       
  32. [~]         outfile - Where to save the report.
  33. [~]         Type:        string
  34. [~]         Default:     2012-09-03 00.09.45 -0700.yaml
  35. [~]         Required?:   false

  36. Author:                Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
  37. Version:        0.1
  38. Path:        /home/zapotek/rubygems/gem/gems/arachni-0.4.0.2/reports/yaml.rb

  39. [*] xml:
  40. --------------------
  41. Name:                XML report
  42. Description:        Exports a report as an XML file.
  43. Options:       
  44. [~]         outfile - Where to save the report.
  45. [~]         Type:        string
  46. [~]         Default:     2012-09-03 00.09.45 -0700.xml
  47. [~]         Required?:   false

  48. Author:                Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
  49. Version:        0.2.1
  50. Path:        /home/zapotek/rubygems/gem/gems/arachni-0.4.0.2/reports/xml.rb

  51. [*] metareport:
  52. --------------------
  53. Name:                Metareport
  54. Description:        Creates a file to be used with the Arachni MSF plug-in.
  55. Options:       
  56. [~]         outfile - Where to save the report.
  57. [~]         Type:        string
  58. [~]         Default:     2012-09-03 00.09.45 -0700.msf
  59. [~]         Required?:   false

  60. Author:                Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
  61. Version:        0.1
  62. Path:        /home/zapotek/rubygems/gem/gems/arachni-0.4.0.2/reports/metareport.rb

  63. [*] html:
  64. --------------------
  65. Name:                HTML Report
  66. Description:        Exports a report as an HTML document.
  67. Options:       
  68. [~]         tpl - Template to use.
  69. [~]         Type:        path
  70. [~]         Default:     /home/zapotek/rubygems/gem/gems/arachni-0.4.0.2/reports/html/default.erb
  71. [~]         Required?:   false

  72. [~]         outfile - Where to save the report.
  73. [~]         Type:        string
  74. [~]         Default:     2012-09-03 00.09.46 -0700.html
  75. [~]         Required?:   false

  76. Author:                Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
  77. Version:        0.2
  78. Path:        /home/zapotek/rubygems/gem/gems/arachni-0.4.0.2/reports/html.rb

  79. [*] stdout:
  80. --------------------
  81. Name:                Stdout
  82. Description:        Prints the results to standard output.
  83. Author:                Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
  84. Version:        0.2.1
  85. Path:        /home/zapotek/rubygems/gem/gems/arachni-0.4.0.2/reports/stdout.rb

  86. [*] json:
  87. --------------------
  88. Name:                JSON Report
  89. Description:        Exports the audit results as a JSON file.
  90. Options:       
  91. [~]         outfile - Where to save the report.
  92. [~]         Type:        string
  93. [~]         Default:     2012-09-03 00.09.46 -0700.json
  94. [~]         Required?:   false

  95. Author:                Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
  96. Version:        0.1
  97. Path:        /home/zapotek/rubygems/gem/gems/arachni-0.4.0.2/reports/json.rb

  98. [*] afr:
  99. --------------------
  100. Name:                Arachni Framework Report
  101. Description:        Saves the file in the default Arachni Framework Report (.afr) format.
  102. Options:       
  103. [~]         outfile - Where to save the report.
  104. [~]         Type:        string
  105. [~]         Default:     2012-09-03 00.09.46 -0700.afr
  106. [~]         Required?:   false

  107. Author:                Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
  108. Version:        0.1
  109. Path:        /home/zapotek/rubygems/gem/gems/arachni-0.4.0.2/reports/afr.rb

  110. [*] marshal:
  111. --------------------
  112. Name:                Marshal Report
  113. Description:        Exports the audit results as a Marshal file.
  114. Options:       
  115. [~]         outfile - Where to save the report.
  116. [~]         Type:        string
  117. [~]         Default:     2012-09-03 00.09.46 -0700.marshal
  118. [~]         Required?:   false

  119. Author:                Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
  120. Version:        0.1
  121. Path:        /home/zapotek/rubygems/gem/gems/arachni-0.4.0.2/reports/marshal.rb

  122. [*] ap:
  123. --------------------
  124. Name:                AP
  125. Description:        Awesome prints an AuditStore hash.
  126. Author:                Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
  127. Version:        0.1
  128. Path:        /home/zapotek/rubygems/gem/gems/arachni-0.4.0.2/reports/ap.rb

  129. root@Dis9Team:/tmp#
复制代码

例子
HTML报告:–report=html:outfile=1.html
TXT报告 :root@Dis9Team:/tmp# arachni -fv http://5.5.5.8 –report=txt:outfile=/tmp/1.txt

指定使用模块

模块列表
Modules: backdoors, directory_listing, http_put, common_files, htaccess_limit, unencrypted_password_forms, allowed_methods, webdav, mixed_resource, xst, html_objects, private_ip, ssn, emails, credit_card, cvs_svn_users, captcha, common_directories, backup_files, interesting_responses, response_splitting, code_injection, xss_uri, ldapi, xss_script_tag, path_traversal, trainer, xss_event, rfi, unvalidated_redirect, xss, sqli, xpath, os_cmd_injection, xss_path, sqli_blind_timing, os_cmd_injection_timing, code_injection_timing, sqli_blind_rdiff, csrf, xss_tag


  1. root@Dis9Team:/tmp# arachni -fv http://5.5.5.8 --report=txt:outfile=/tmp/2.txt --mods=os_cmd_injection
复制代码
结果:

  1. root@Dis9Team:/tmp# cat 2.txt | more

  2. ================================================================================

  3. [+] Web Application Security Report - Arachni Framework

  4. [~] Report generated on: 2012-09-03 00:13:07 -0700
  5. [~] Report false positives: http://github.com/Zapotek/arachni/issues

  6. [+] System settings:
  7. [~] ---------------
  8. [~] Version:  0.4.0.2
  9. [~] Revision: 0.2.5
  10. [~] Audit started on:  Mon Sep  3 00:12:56 2012
  11. [~] Audit finished on: Mon Sep  3 00:13:05 2012
  12. [~] Runtime: 00:00:08

  13. [~] URL: http://5.5.5.8
  14. [~] User agent: Arachni/0.4.0.2

  15. [*] Audited elements:
  16. [~] * Links
  17. [~] * Forms
  18. [~] * Cookies

  19. [*] Modules: os_cmd_injection

  20. [*] Filters:
  21. [~]   Exclude:
  22. [~]   Include:
  23. [~]     (?-mix:.*)
  24. [~]   Redundant:

  25. [*] Cookies:

  26. [~] ===========================

  27. [+] 2 issues were detected.

  28. [+] [1] Operating system command injection
  29. [~] ~~~~~~~~~~~~~~~~~~~~
  30. [~] ID Hash:  882aacb2ad6409c96645eca142e4dea9
  31. [~] Severity: High
  32. [~] URL:      http://5.5.5.8/pen/share/index.php
  33. [~] Element:  link
  34. [~] Method:   GET
  35. [~] Tags:     os, command, code, injection, regexp
  36. [~] Variable: ls
  37. [~] Description:
  38. [~] The web application allows an attacker to
  39.                     execute arbitrary OS commands.

  40. [~] CWE: http://cwe.mitre.org/data/definitions/78.html

  41. [~] Requires manual verification?: false

  42. [~] References:
  43. [~]   OWASP - http://www.owasp.org/index.php/OS_Command_Injection

  44. [*] Variations
  45. [~] ----------
  46. [~] Variation 1:
  47. [~] URL: http://5.5.5.8/pen/share/index.php
  48. [~] ID:  root:x:0:0:root:/root:/bin/bash
  49. [~] Injected value:     && /bin/cat /etc/passwd
  50. [~] Regular expression: (?i-mx:root:x:0:0:.+:[0-9a-zA-Z\/]+)
  51. [~] Matched string:     root:x:0:0:root:/root:/bin/bash

  52. [~] Variation 2:
  53. [~] URL: http://5.5.5.8/pen/share/index.php
  54. [~] ID:  root:x:0:0:root:/root:/bin/bash
复制代码
或者

  1. root@Dis9Team:/tmp# arachni -fv http://5.5.5.8 --report=txt:outfile=/tmp/2.txt --mods=xss*
复制代码
排除某模块排除XSS开头的模块
  1. root@Dis9Team:/tmp# arachni -fv http://5.5.5.8 --report=txt:outfile=/tmp/2.txt --mods=*,-xss*
复制代码
Debug模式Debug模式就是现实全部测试信息 参数:–debug 1 或者 –debug 2只测试指定URL-p 不进行爬虫 只扫改URL
在加个-v现实信息
例如
  1. root@Dis9Team:/tmp# arachni -pv http://5.5.5.8/pen/news.php?id=1 --mods=xss
复制代码
并发连接数小心吧人家的站扫挂
  1. root@Dis9Team:/tmp# arachni -pv http://5.5.5.8/pen/news.php?id=1 --mods=sqli --http-req-limit=10
复制代码
关于cookie强制不使用COOKIES–cookie-jar使用自定义COOKIES–cookie-string=’cookies数据’爬虫子域名你懂的 参数 -f
  1. root@Dis9Team:/tmp# arachni -pv http://qq.com--mods=sqli --http-req-limit=100 -f
复制代码
扫描*.qq.com的SQL注入查看模块信息
  1. root@Dis9Team:/tmp# arachni --lsmod
复制代码
空格> +回车查看下一个查看插件arachni – lsplug




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-1 21:34

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部