# SoK: State of the Krawlers– Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements

# Background and motivation
- Lack of studies on Web Crawlers in terms of effefficiency and security
- Much room for optimization, many using inefficient algorithms
- 

# Evaluation methods
Algorithms implemented into Arachnarium framework, then runned against popular webapps and in-the-wild web sites to measure 3 key metrics:
- M1: Code coverage: Obtains code coverage of web apps via XDebug interface.
- M2: JavaScript source coverage: extract all script tags, calculates SHA-512 hash to determine uniqueness. 
- M3: Link coverage: extract anchor tags and compares with exact string matching of href attributes.

## Why care about these metrics?
- Higher coverage equates to higher attack surfaces
- More js source coverage leads to better XSS attack detections
- Better link coverage helps obtain full view of webapp which may help prevent Insecure Direct Object Reference (IDOR) attacks.

# What is each thing? (note slide) 
- Link coverage is coverage of all possible url nav paths
- code coverage means server-side exe
- js coverage = client side execution

# Datasets used
- DS1: Standalone webapps
- DS2: Popular websites from the Chrome User Experience Report (CrUX)
![image.png](attachment:dc452acd-8df4-4ed6-a64a-41a111c1bb56.png)



# Arachnarium Architecture
- Accepts config input file specifying the tests to execute
- Scheduler deploys web app container -> executes the crawler -> runs until maximum execution time.
![image.png](attachment:39a93bd2-237a-469f-8e19-63de853641af.png)

# Lessons to take away
- Commonly used algos don't perform the best! (eg. Randomized BFS performs better than standard BFS) 
- Randomized algorithms (such as random BFS) consistently among best-performing configurations in terms of total coverage (code, link, and JS)
- Web crawlers should be chosen based on targeted metrics
- 

# Measure performance differences between the standard BFS and the randomized BFS approaches

In [20]:
import random
import time
from collections import deque

class WebCrawler:
    def __init__(self, start_url, strategy="bfs", max_pages=1000):
        self.start_url = start_url
        self.strategy = strategy
        self.max_pages = max_pages
        self.visited = set()
        self.pages_crawled = 0

    def fetch_links(self, url):
        """Simulates fetching links from a webpage."""
        return [f"{url}/page{i}" for i in range(1, 4)]

    def crawl_bfs(self):
        queue = deque([self.start_url])
        while queue and self.pages_crawled < self.max_pages:
            url = queue.popleft()
            if url in self.visited:
                continue
            self.visited.add(url)
            self.pages_crawled += 1
            queue.extend([link for link in self.fetch_links(url) if link not in self.visited])

    def crawl_randomized_bfs(self):
        queue = [self.start_url]
        while queue and self.pages_crawled < self.max_pages:
            random.shuffle(queue)
            url = queue.pop(0)
            if url in self.visited:
                continue
            self.visited.add(url)
            self.pages_crawled += 1
            queue.extend([link for link in self.fetch_links(url) if link not in self.visited])

    def start_crawl(self):
        start_time = time.time()
        if self.strategy == "bfs":
            self.crawl_bfs()
        elif self.strategy == "random_bfs":
            self.crawl_randomized_bfs()
        else:
            raise ValueError("Unknown crawling strategy")
        end_time = time.time()
        return end_time - start_time, self.pages_crawled

# Running the experiment
start_url = "http://example.com"

bfs_crawler = WebCrawler(start_url, strategy="bfs", max_pages=100)
bfs_time, bfs_pages = bfs_crawler.start_crawl()
print(f"BFS: Time Taken = {bfs_time:.4f} sec, Pages Crawled = {bfs_pages}")

random_bfs_crawler = WebCrawler(start_url, strategy="random_bfs", max_pages=100)
random_bfs_time, random_bfs_pages = random_bfs_crawler.start_crawl()
print(f"Randomized BFS: Time Taken = {random_bfs_time:.4f} sec, Pages Crawled = {random_bfs_pages}")


BFS: Time Taken = 0.0007 sec, Pages Crawled = 100
Randomized BFS: Time Taken = 0.0081 sec, Pages Crawled = 100


 # Arachnarium Setup