Executables

Tasos Laskos edited this page Jan 31, 2017 · 23 revisions

Some of those executables are only available via the self-contained packages.

arachni

Provides a command-line interface to the Arachni scanner. See the relevant reference for more details.

arachni_reporter

Generates reports in various formats from AFR (Arachni Framework Report -- .afr) files. (AFR files are generated by all interfaces that can perform scans.)

arachni_restore

Restores a suspended scan from an AFS (Arachni Framework Snapshot -- .afs) file. (AFS files are generated by the arachni executable upon succesful suspension on a scan.)

arachni_reproduce

arachni_reproduce let's you reproduce all issues in a report and then creates a new report containing only the issues that still exist.

For example, if you've got an Arachni report and are working to fix all the identified issues, you can pass that report to arachni_reproduce and get immediate feedback as to how you're doing instead of having to rerun a full scan.

For each run, arachni_reproduce will generate a new report that only includes unfixed issues, so, again, you won't have to spend time testing issues that you've already fixed.

In addition to that, you can specify individual issues to be reproduced, based on their digest, if you only care about particular issues rather than the entire report.

Lastly, during the reproduction of each issue, extra HTTP request headers are set that contain information about which issue is being reproduced, thus allowing you to set server-side debugging or instrumentation in order to make fixing it even easier:

  1. X-Arachni-Issue-Replay-Id: Unique token for requests pertaining to individual issues.
    • Differs for each run and can be used to group requests for each issue together.
  2. X-Arachni-Issue-Seed: Seed payload used to identify the original issue.
    • Initial payload used to identify the vulnerability in the given report.
  3. X-Arachni-Issue-Digest: Digest uniquely identifying each issue across scans and reports.

arachni_rest_server

Starts a REST server.

arachni_rpc

Provides a command-line RPC client for a Dispatcher. Allows you to run a scan remotely.
See the relevant reference for more details.

arachni_rpcd

Starts a Dispatcher.

arachni_rpcd_monitor

Connects to a Dispatcher and shows a few statistics like running scans and their resource usage.

arachni_web (Package only)

Starts the Web User Interface.

arachni_web_script (Package only)

Runs Ruby code in the context of the WebUI Rails environment, essentially delegates to rails runner.

arachni_web_import (Package only)

Imports the database and configuration of an older package to a new one in order to ease the transitioning between different versions/packages.

arachni_web_scan_import (Package only)

Imports AFR (Arachni Framework Report -- .afr) files as scans.

arachni_web_create_user (Package only)

Allows you to create a new user for the Web interface from the command line.

arachni_web_change_password (Package only)

Allows you to reset a Web interface user's password from the command line.

arachni_console

Fires up an IRB console after configuring it to operate under the namespace of the Arachni libraries.

It provides tab completion for class/module names and methods and command history.

arachni_script

Used to run scripts under the namespace of the Arachni libraries -- provided for just for convenience.

arachni_shell (Package only)

Starts a bash shell under the environment of the package.