Monday, January 9, 2012

Arachni Web scanner (CLI & WEB GUI)


Download the CDE package from:

https://github.com/Zapotek/arachni/downloads


Linux users enjoy the privilege of a CDE package which is a compressed archive and contains a full preconfigured Linux environment in the form of a sandbox.

Quick Basic Usage  of Arachni:

To see help type :


$ arachni -h

You can check the options here.



You can simply run Arachni like:

$ arachni http://test.com
 
which will load all modules, the plugins under
 
/plugins/defaults
and audit all forms, links and cookies.

In the following example all modules will be run against http://site.com, auditing links/forms/cookies and following subdomains —with verbose output enabled.

The results of the audit will be saved in the the file site.com.afr.

$ arachni -fv http://site.com --report=afr:outfile=site.com.afr
 
 You can do module loading by following commands using wildcard.:


To load all xss modules using a wildcard:

$ arachni http://example.net --mods=xss_*

To load all audit modules using a wildcard:
$ arachni http://example.net --mods=audit*

To exclude only the csrf module:
$ arachni http://example.net --mods=*,-csrf

Or you can mix and match; to run everything but the xss modules:
$ arachni http://example.net --mods=*,-xss_*
 

Performing a full scan quickly

The full profile adds header auditing to the defaults.

 You can use it like:
$ arachni --load-profile=profiles/full.afp http://site.net
 
You have lots of options/flags/modes to explore here 
based on ur usage. 


for example we have Debug mode :


When this flag is enabled the system will output a lot of messages detailing what’s happening internally.
If you don’t want to be flooded by annoying and obscure messages you can pipe debugging output to a separate file when running Arachni using:

$ arachni -pv --mods=xss http://localhost/~zapotek/tests/forms/xss.php --debug
 
The debug.log file will contain something like:
 

 

Arachni WEB UI

now unzip it ,goto the folder location you will find the arachni console and web UI

There are two ways to start WEB UI :

just type in shell prompt :
 
$ arachni_web_autostart


This will setup a local Dispatcher, the WebUI server and even open up your browser.

or


Start a Dispatcher like:
$ arachni_rpcd 
 
Then start the WebUI by running:
$ arachni_web
 
And finally open up a browser window and visit: http://localhost:4567/ 

The WebUI supports HTTP Basic auth which you can configure using the Username and Password 
 
The WebUI can serve many purposes ranging from just a simple way to use Arachni to a Grid construction and management interface.
You can use it to perform and monitor a single scan, hassle-free, via any web-browser enabled device or use it to setup a worldwide High Performance Grid of Arachni scanners ready to combine their resources in order to perform lightning fast audits.
 
The first page, so eloquently entitled ‘Start a scan’, allows you to do just that.

A single scan can be performed easily enough, you just select a Dispatcher, enter the URL of your target and hit ‘Launch Scan’.



A high performance scan utilizes more than one Arachni Instance to perform the audit.

The master instance will perform the crawl and then calculate and distribute the workload amongst its slaves.
This allows scan-time to be severely decreased.

Once you have set up a Grid (i.e. configured at least 2 Dispatchers to have each other as neighbours) the “Start a scan” screen will change to this:



Modules and Plug-ins

The Modules and Plug-ins pages are pretty self-explanatory, they simply allow you to select which components to load.

Settings

Nothing special, these options have the same effects as their CLI(Command Line Interface) counterparts.

Reports

This page contains a list of audit reports along with the option to convert them to a fair amount of different formats.


Log

Not much to add to this, the name says it all:


Shutdown

You can kill the WebUI by sending Ctrl+C to the console from which you started it.

:)...:)


How To Shutdown A Computer With A Cell Phone

First you need to create a batch file to perform shutdown etc .you can write them down yourself.

* Open your notepad and type the following

EX: c:\windows\system32\shutdown -s -f -t 00
or
 shutdown -s -t 10 -c “shutting down”
And save it as shutdown.bat (Executable file)
----
Now open up Microsoft Outlook. I am assuming that you have already configured it for your Email . Now we will need to make it so that Outlook checks your inbox about every minute.

You can do this by going to Tools->Options. Then click on Mail Setup tab, and then, the Send/Receive button.

----
Make sure that the Schedule an automatic send/receive every… box is checked, and set the number of minutes to 1 or anytime you may like. Now you may close all of these dialog boxes.



Now go to Tools-->Rules and Alerts. Click on E-mail Rules tab. In new window select Check messages when they arrive and click Next.


Now in next page, check on, on this machine only and with specific words in the subject.
After checking these two values, click on specific words underlined.


 Search Text window will open, in the input field type the command that shuts down the PC. You can use any commands. For prevention of accidental execution I kept %shutdown% as a command. Click on Add button after you are done and click on OK.


Now click on Next.
In the next window check mark on start application. In the lower screen, click on application link.


 Now you’ll be welcomed to your familiar file open window. Load all files. And select the batch file that you’ve created to shutdown your PC.

Click on Next, again click on next (don’t choose any things in this step). And finally click on Finish button.


You’ll have %shutdown% alert shown in the E-mail Rules tab.


Now, when you send a message from your phone to your e-mail address with the Subject  %shutdown% your computer will trigger shutdown.bat file and instantly executes the command in that batch file finally leading to shutdown the PC.


:)


Twitter Delicious Facebook Digg Stumbleupon Favorites More