RPC client

Tasos Laskos edited this page Feb 2, 2016 · 8 revisions

The RPC client command line interface is similar to the Command line user interface.

The differences between the two are:

  • The --dispatcher-url option -- The URL of the RPC Dispatcher server to connect to in the form of host:port
  • Support for distribution options.
  • Support for SSL peer verification for Dispatch server.
Arachni - Web Application Security Scanner Framework v1.3.2
   Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>

           (With the support of the community and the Arachni Team.)

   Website:       http://arachni-scanner.com
   Documentation: http://arachni-scanner.com/wiki


Usage: ./bin/arachni [options] URL

Generic
  -h, --help                  Output this message.

      --version               Show version information.

      --authorized-by EMAIL_ADDRESS
                              E-mail address of the person who authorized the scan.
                                (It'll make it easier on the sys-admins during log reviews.)
                                (Will be used as a value for the 'From' HTTP request header.)


Output
      --output-verbose        Show verbose output.

      --output-debug [LEVEL 1-3]
                              Show debugging information.

      --output-only-positives Only output positive results.


Scope
      --scope-include-pattern PATTERN
                              Only include resources whose path/action matches PATTERN.
                                (Can be used multiple times.)

      --scope-include-subdomains
                              Follow links to subdomains.
                                (Default: false)

      --scope-exclude-pattern PATTERN
                              Exclude resources whose path/action matches PATTERN.
                                (Can be used multiple times.)

      --scope-exclude-content-pattern PATTERN
                              Exclude pages whose content matches PATTERN.
                                (Can be used multiple times.)

      --scope-exclude-binaries
                              Exclude non text-based pages.
                                (Binary content can confuse passive checks that perform pattern matching.)

      --scope-redundant-path-pattern PATTERN:LIMIT
                              Limit crawl on redundant pages like galleries or catalogs.
                                (URLs matching PATTERN will be crawled LIMIT amount of times.)
                                (Can be used multiple times.)

      --scope-auto-redundant [LIMIT]
                              Only follow URLs with identical query parameter names LIMIT amount of times.
                                (Default: 10)

      --scope-directory-depth-limit LIMIT
                              Directory depth limit.
                                (Default: inf)
                                (How deep Arachni should go into the site structure.)

      --scope-page-limit LIMIT
                              How many pages to crawl and audit.
                                (Default: inf)

      --scope-extend-paths FILE
                              Add the paths in FILE to the ones discovered by the crawler.
                                (Can be used multiple times.)

      --scope-restrict-paths FILE
                              Use the paths in FILE instead of crawling.
                                (Can be used multiple times.)

      --scope-url-rewrite PATTERN:SUBSTITUTION
                              Rewrite URLs based on the given PATTERN and SUBSTITUTION.
                                To convert:  http://example.com/articles/some-stuff/23 to http://example.com/articles.php?id=23
                                Use:         articles/[\w-]+/(\d+):articles.php?id=\1

      --scope-dom-depth-limit LIMIT
                              How deep to go into the DOM tree of each page, for pages with JavaScript code.
                                (Default: 5)
                                (Setting it to '0' will disable browser analysis.)

      --scope-https-only      Forces the system to only follow HTTPS URLs.
                                (Default: false)


Audit
      --audit-links           Audit links.

      --audit-forms           Audit forms.

      --audit-cookies         Audit cookies.

      --audit-cookies-extensively
                              Submit all links and forms of the page along with the cookie permutations.
                                (*WARNING*: This will severely increase the scan-time.)

      --audit-headers         Audit headers.

      --audit-link-template TEMPLATE
                              Regular expression with named captures to use to extract input information from generic paths.
                                To extract the 'input1' and 'input2' inputs from:
                                  http://example.com/input1/value1/input2/value2
                                Use:
                                  input1/(?<input1>\w+)/input2/(?<input2>\w+)
                                (Can be used multiple times.)

      --audit-jsons           Audit JSON request inputs.

      --audit-xmls            Audit XML request inputs.

      --audit-ui-inputs       Audit orphan Input elements with events.

      --audit-ui-forms        Audit UI Forms.
                                Input and button groups that do not belong to a parent <form> element.

      --audit-parameter-names Inject payloads into parameter names.

      --audit-with-extra-parameter
                              Inject payloads into extra element parameters.

      --audit-with-both-methods
                              Audit elements with both GET and POST requests.
                                (*WARNING*: This will severely increase the scan-time.)

      --audit-exclude-vector PATTERN
                              Exclude input vectorS whose name matches PATTERN.
                                (Can be used multiple times.)

      --audit-include-vector PATTERN
                              Include only input vectors whose name matches PATTERN.
                                (Can be used multiple times.)


Input
      --input-value PATTERN:VALUE
                              PATTERN to match against input names and VALUE to use for them.
                                (Can be used multiple times.)

      --input-values-file FILE
                              YAML file containing a Hash object with regular expressions, to match against input names, as keys and input values as values.

      --input-without-defaults
                              Do not use the system default input values.

      --input-force           Fill-in even non-empty inputs.


HTTP
      --http-user-agent USER_AGENT
                              Value for the 'User-Agent' HTTP request header.
                                (Default: Arachni/v1.3.2)

      --http-request-concurrency MAX_CONCURRENCY
                              Maximum HTTP request concurrency.
                                (Default: 20)
                                (Be careful not to kill your server.)
                                (*NOTE*: If your scan seems unresponsive try lowering the limit.)

      --http-request-timeout TIMEOUT
                              HTTP request timeout in milliseconds.
                                (Default: 10000)

      --http-request-redirect-limit LIMIT
                              Maximum amount of redirects to follow for each HTTP request.
                                (Default: 5)

      --http-request-queue-size QUEUE_SIZE
                              Maximum amount of requests to keep in the queue.
                                Bigger size means better scheduling and better performance,
                                smaller means less RAM consumption.
                                (Default: 100)

      --http-request-header NAME=VALUE
                              Specify custom headers to be included in the HTTP requests.
                                (Can be used multiple times.)

      --http-response-max-size LIMIT
                              Do not download response bodies larger than the specified LIMIT, in bytes.
                                (Default: 500000)

      --http-cookie-jar COOKIE_JAR_FILE
                              Netscape-styled HTTP cookiejar file.

      --http-cookie-string COOKIE
                              Cookie representation as an 'Cookie' HTTP request header.

      --http-authentication-username USERNAME
                              Username for HTTP authentication.

      --http-authentication-password PASSWORD
                              Password for HTTP authentication.

      --http-proxy ADDRESS:PORT
                              Proxy to use.

      --http-proxy-authentication USERNAME:PASSWORD
                              Proxy authentication credentials.

      --http-proxy-type http,http_1_0,socks4,socks5,socks4a
                              Proxy type.
                                (Default: auto)

      --http-ssl-verify-peer  Verify SSL peer.
                                (Default: false)

      --http-ssl-verify-host  Verify SSL host.
                                (Default: false)

      --http-ssl-certificate PATH
                              SSL certificate to use.

      --http-ssl-certificate-type pem,der
                              SSL certificate type.

      --http-ssl-key PATH     SSL private key to use.

      --http-ssl-key-type pem,der
                              SSL key type.

      --http-ssl-key-password PASSWORD
                              Password for the SSL private key.

      --http-ssl-ca PATH      File holding one or more certificates with which to verify the peer.

      --http-ssl-ca-directory PATH
                              Directory holding multiple certificate files with which to verify the peer.

      --http-ssl-version TLSv1,TLSv1_0,TLSv1_1,TLSv1_2,SSLv2,SSLv3
                              SSL version to use.


Checks
      --checks-list [PATTERN] List available checks based on the provided pattern.
                                (If no pattern is provided all checks will be listed.)

      --checks CHECK,CHECK2,...
                              Comma separated list of checks to load.
                                    Checks are referenced by their filename without the '.rb' extension, use '--checks-list' to list all.
                                    Use '*' as a check name to load all checks or as a wildcard, like so:
                                        xss*   to load all XSS checks
                                        sql_injection*  to load all SQL injection checks
                                        etc.

                                    You can exclude checks by prefixing their name with a minus sign:
                                        --checks=*,-backup_files,-xss
                                    The above will load all checks except for the 'backup_files' and 'xss' checks.

                                    Or mix and match:
                                        -xss*   to unload all XSS checks.


Plugins
      --plugins-list [PATTERN]
                              List available plugins based on the provided pattern.
                                (If no pattern is provided all plugins will be listed.)

      --plugin 'PLUGIN:OPTION=VALUE,OPTION2=VALUE2'
                              PLUGIN is the name of the plugin as displayed by '--plugins-list'.
                                (Plugins are referenced by their filename without the '.rb' extension, use '--plugins-list' to list all.)
                                (Can be used multiple times.)


Platforms
      --platforms-list        List available platforms.

      --platforms-no-fingerprinting
                              Disable platform fingerprinting.
                                (By default, the system will try to identify the deployed server-side platforms automatically
                                in order to avoid sending irrelevant payloads.)

      --platforms PLATFORM,PLATFORM2,...
                              Comma separated list of platforms (by shortname) to audit.
                                (The given platforms will be used *in addition* to fingerprinting. In order to restrict the audit to
                                these platforms enable the '--platforms-no-fingerprinting' option.)


Session
      --session-check-url URL URL to use to verify that the scanner is still logged in to the web application.
                                (Requires 'session-check-pattern'.)

      --session-check-pattern PATTERN
                              Pattern used against the body of the 'session-check-url' to verify that the scanner is still logged in to the web application.
                                (Requires 'session-check-url'.)


Profiles
      --profile-save-filepath FILEPATH
                              Save the current configuration profile/options to FILEPATH.

      --profile-load-filepath FILEPATH
                              Load a configuration profile from FILEPATH.


Browser cluster
      --browser-cluster-local-storage FILE
                              Sets the browsers' local storage using the JSON data in FILE.

      --browser-cluster-wait-for-element PATTERN:CSS
                              Wait for element matching CSS to appear when visiting a page whose URL matches the PATTERN.

      --browser-cluster-pool-size SIZE
                              Amount of browser workers to keep in the pool and put to work.
                                (Default: 6)

      --browser-cluster-job-timeout SECONDS
                              Maximum allowed time for each job.
                                (Default: 25)

      --browser-cluster-worker-time-to-live LIMIT
                              Re-spawn the browser of each worker every LIMIT jobs.
                                (Default: 100)

      --browser-cluster-ignore-images
                              Do not load images.

      --browser-cluster-screen-width
                              Browser screen width.
                                (Default: 1600)

      --browser-cluster-screen-height
                              Browser screen height.
                                (Default: 1200)


Report
      --report-save-path PATH Directory or file path where to store the scan report.
                                You can use the generated file to create reports in several formats with the 'arachni_reporter' executable.


Snapshot
      --snapshot-save-path PATH
                              Directory or file path where to store the snapshot of a suspended scan.
                                You can use the generated file to resume the scan with the 'arachni_restore' executable.


Timeout
      --timeout HOURS:MINUTES:SECONDS
                              Stop the scan after the given duration is exceeded.

      --timeout-suspend       Suspend after the timeout.
                                You can use the generated file to resume the scan with the 'arachni_restore' executable.

zapotek@zonster:~/workspace/arachni [bugfix/v1.3.2]$ ./bin/arachni_rpc -h
Arachni - Web Application Security Scanner Framework v1.3.2
   Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>

           (With the support of the community and the Arachni Team.)

   Website:       http://arachni-scanner.com
   Documentation: http://arachni-scanner.com/wiki


Usage: ./bin/arachni_rpc [options] --dispatcher-url HOST:PORT URL

Generic
  -h, --help                  Output this message.

      --version               Show version information.

      --authorized-by EMAIL_ADDRESS
                              E-mail address of the person who authorized the scan.
                                (It'll make it easier on the sys-admins during log reviews.)
                                (Will be used as a value for the 'From' HTTP request header.)


Scope
      --scope-include-pattern PATTERN
                              Only include resources whose path/action matches PATTERN.
                                (Can be used multiple times.)

      --scope-include-subdomains
                              Follow links to subdomains.
                                (Default: false)

      --scope-exclude-pattern PATTERN
                              Exclude resources whose path/action matches PATTERN.
                                (Can be used multiple times.)

      --scope-exclude-content-pattern PATTERN
                              Exclude pages whose content matches PATTERN.
                                (Can be used multiple times.)

      --scope-exclude-binaries
                              Exclude non text-based pages.
                                (Binary content can confuse passive checks that perform pattern matching.)

      --scope-redundant-path-pattern PATTERN:LIMIT
                              Limit crawl on redundant pages like galleries or catalogs.
                                (URLs matching PATTERN will be crawled LIMIT amount of times.)
                                (Can be used multiple times.)

      --scope-auto-redundant [LIMIT]
                              Only follow URLs with identical query parameter names LIMIT amount of times.
                                (Default: 10)

      --scope-directory-depth-limit LIMIT
                              Directory depth limit.
                                (Default: inf)
                                (How deep Arachni should go into the site structure.)

      --scope-page-limit LIMIT
                              How many pages to crawl and audit.
                                (Default: inf)

      --scope-extend-paths FILE
                              Add the paths in FILE to the ones discovered by the crawler.
                                (Can be used multiple times.)

      --scope-restrict-paths FILE
                              Use the paths in FILE instead of crawling.
                                (Can be used multiple times.)

      --scope-url-rewrite PATTERN:SUBSTITUTION
                              Rewrite URLs based on the given PATTERN and SUBSTITUTION.
                                To convert:  http://example.com/articles/some-stuff/23 to http://example.com/articles.php?id=23
                                Use:         articles/[\w-]+/(\d+):articles.php?id=\1

      --scope-dom-depth-limit LIMIT
                              How deep to go into the DOM tree of each page, for pages with JavaScript code.
                                (Default: 5)
                                (Setting it to '0' will disable browser analysis.)

      --scope-https-only      Forces the system to only follow HTTPS URLs.
                                (Default: false)


Audit
      --audit-links           Audit links.

      --audit-forms           Audit forms.

      --audit-cookies         Audit cookies.

      --audit-cookies-extensively
                              Submit all links and forms of the page along with the cookie permutations.
                                (*WARNING*: This will severely increase the scan-time.)

      --audit-headers         Audit headers.

      --audit-link-template TEMPLATE
                              Regular expression with named captures to use to extract input information from generic paths.
                                To extract the 'input1' and 'input2' inputs from:
                                  http://example.com/input1/value1/input2/value2
                                Use:
                                  input1/(?<input1>\w+)/input2/(?<input2>\w+)
                                (Can be used multiple times.)

      --audit-jsons           Audit JSON request inputs.

      --audit-xmls            Audit XML request inputs.

      --audit-ui-inputs       Audit orphan Input elements with events.

      --audit-ui-forms        Audit UI Forms.
                                Input and button groups that do not belong to a parent <form> element.

      --audit-parameter-names Inject payloads into parameter names.

      --audit-with-extra-parameter
                              Inject payloads into extra element parameters.

      --audit-with-both-methods
                              Audit elements with both GET and POST requests.
                                (*WARNING*: This will severely increase the scan-time.)

      --audit-exclude-vector PATTERN
                              Exclude input vectorS whose name matches PATTERN.
                                (Can be used multiple times.)

      --audit-include-vector PATTERN
                              Include only input vectors whose name matches PATTERN.
                                (Can be used multiple times.)


Input
      --input-value PATTERN:VALUE
                              PATTERN to match against input names and VALUE to use for them.
                                (Can be used multiple times.)

      --input-values-file FILE
                              YAML file containing a Hash object with regular expressions, to match against input names, as keys and input values as values.

      --input-without-defaults
                              Do not use the system default input values.

      --input-force           Fill-in even non-empty inputs.


HTTP
      --http-user-agent USER_AGENT
                              Value for the 'User-Agent' HTTP request header.
                                (Default: Arachni/v1.3.2)

      --http-request-concurrency MAX_CONCURRENCY
                              Maximum HTTP request concurrency.
                                (Default: 20)
                                (Be careful not to kill your server.)
                                (*NOTE*: If your scan seems unresponsive try lowering the limit.)

      --http-request-timeout TIMEOUT
                              HTTP request timeout in milliseconds.
                                (Default: 10000)

      --http-request-redirect-limit LIMIT
                              Maximum amount of redirects to follow for each HTTP request.
                                (Default: 5)

      --http-request-queue-size QUEUE_SIZE
                              Maximum amount of requests to keep in the queue.
                                Bigger size means better scheduling and better performance,
                                smaller means less RAM consumption.
                                (Default: 100)

      --http-request-header NAME=VALUE
                              Specify custom headers to be included in the HTTP requests.
                                (Can be used multiple times.)

      --http-response-max-size LIMIT
                              Do not download response bodies larger than the specified LIMIT, in bytes.
                                (Default: 500000)

      --http-cookie-jar COOKIE_JAR_FILE
                              Netscape-styled HTTP cookiejar file.

      --http-cookie-string COOKIE
                              Cookie representation as an 'Cookie' HTTP request header.

      --http-authentication-username USERNAME
                              Username for HTTP authentication.

      --http-authentication-password PASSWORD
                              Password for HTTP authentication.

      --http-proxy ADDRESS:PORT
                              Proxy to use.

      --http-proxy-authentication USERNAME:PASSWORD
                              Proxy authentication credentials.

      --http-proxy-type http,http_1_0,socks4,socks5,socks4a
                              Proxy type.
                                (Default: auto)

      --http-ssl-verify-peer  Verify SSL peer.
                                (Default: false)

      --http-ssl-verify-host  Verify SSL host.
                                (Default: false)

      --http-ssl-certificate PATH
                              SSL certificate to use.

      --http-ssl-certificate-type pem,der
                              SSL certificate type.

      --http-ssl-key PATH     SSL private key to use.

      --http-ssl-key-type pem,der
                              SSL key type.

      --http-ssl-key-password PASSWORD
                              Password for the SSL private key.

      --http-ssl-ca PATH      File holding one or more certificates with which to verify the peer.

      --http-ssl-ca-directory PATH
                              Directory holding multiple certificate files with which to verify the peer.

      --http-ssl-version TLSv1,TLSv1_0,TLSv1_1,TLSv1_2,SSLv2,SSLv3
                              SSL version to use.


Checks
      --checks-list [PATTERN] List available checks based on the provided pattern.
                                (If no pattern is provided all checks will be listed.)

      --checks CHECK,CHECK2,...
                              Comma separated list of checks to load.
                                    Checks are referenced by their filename without the '.rb' extension, use '--checks-list' to list all.
                                    Use '*' as a check name to load all checks or as a wildcard, like so:
                                        xss*   to load all XSS checks
                                        sql_injection*  to load all SQL injection checks
                                        etc.

                                    You can exclude checks by prefixing their name with a minus sign:
                                        --checks=*,-backup_files,-xss
                                    The above will load all checks except for the 'backup_files' and 'xss' checks.

                                    Or mix and match:
                                        -xss*   to unload all XSS checks.


Plugins
      --plugins-list [PATTERN]
                              List available plugins based on the provided pattern.
                                (If no pattern is provided all plugins will be listed.)

      --plugin 'PLUGIN:OPTION=VALUE,OPTION2=VALUE2'
                              PLUGIN is the name of the plugin as displayed by '--plugins-list'.
                                (Plugins are referenced by their filename without the '.rb' extension, use '--plugins-list' to list all.)
                                (Can be used multiple times.)


Platforms
      --platforms-list        List available platforms.

      --platforms-no-fingerprinting
                              Disable platform fingerprinting.
                                (By default, the system will try to identify the deployed server-side platforms automatically
                                in order to avoid sending irrelevant payloads.)

      --platforms PLATFORM,PLATFORM2,...
                              Comma separated list of platforms (by shortname) to audit.
                                (The given platforms will be used *in addition* to fingerprinting. In order to restrict the audit to
                                these platforms enable the '--platforms-no-fingerprinting' option.)


Session
      --session-check-url URL URL to use to verify that the scanner is still logged in to the web application.
                                (Requires 'session-check-pattern'.)

      --session-check-pattern PATTERN
                              Pattern used against the body of the 'session-check-url' to verify that the scanner is still logged in to the web application.
                                (Requires 'session-check-url'.)


Profiles
      --profile-save-filepath FILEPATH
                              Save the current configuration profile/options to FILEPATH.

      --profile-load-filepath FILEPATH
                              Load a configuration profile from FILEPATH.


Browser cluster
      --browser-cluster-local-storage FILE
                              Sets the browsers' local storage using the JSON data in FILE.

      --browser-cluster-wait-for-element PATTERN:CSS
                              Wait for element matching CSS to appear when visiting a page whose URL matches the PATTERN.

      --browser-cluster-pool-size SIZE
                              Amount of browser workers to keep in the pool and put to work.
                                (Default: 6)

      --browser-cluster-job-timeout SECONDS
                              Maximum allowed time for each job.
                                (Default: 25)

      --browser-cluster-worker-time-to-live LIMIT
                              Re-spawn the browser of each worker every LIMIT jobs.
                                (Default: 100)

      --browser-cluster-ignore-images
                              Do not load images.

      --browser-cluster-screen-width
                              Browser screen width.
                                (Default: 1600)

      --browser-cluster-screen-height
                              Browser screen height.
                                (Default: 1200)

Distribution
      --dispatcher-url HOST:PORT
                              Dispatcher server to use.

      --spawns SPAWNS         How many slaves to spawn for a high-performance mult-Instance scan.
                                (When no grid mode has been specified, all slaves will all be from the same Dispatcher machine.
                                When a grid-mode has been specified, this option will be treated as a possible maximum and
                                not a hard value.)

      --grid-mode balance,aggregate
                              Sets the Grid mode of operation for this scan.
                                Valid modes are:
                                  * balance -- Slaves will be provided by the least burdened Grid Dispatchers.
                                  * aggregate -- In addition to balancing, slaves will all be from Dispatchers
                                    with unique bandwidth Pipe-IDs to result in application-level line-aggregation.

      --grid                  Shorthand for '--grid-mode=balance'.


SSL
      --ssl-ca FILE           Location of the CA certificate (.pem).

      --ssl-private-key FILE  Location of the client SSL private key (.pem).

      --ssl-certificate FILE  Location of the client SSL certificate (.pem).


Report
      --report-save-path PATH Directory or file path where to store the scan report.
                                You can use the generated file to create reports in several formats with the 'arachni_reporter' executable.


Timeout
      --timeout HOURS:MINUTES:SECONDS
                              Stop the scan after the given duration is exceeded.