Backup_Repos/pentoo-overlay
1
0
Fork 0
mirror of https://github.com/pentoo/pentoo-overlay synced 2026-05-08 20:43:38 +02:00
Code Issues Projects Releases Wiki Activity

arachni-bin: remove this crappy project. It was never good and it came to the end finally

Browse source
This commit is contained in:
blshkv 2020-03-21 16:41:01 +08:00
parent 03e0d1f84f
commit 5be45d06de
No known key found for this signature in database
GPG key ID: 273E3E90D1A6294F
13 changed files with 0 additions and 2033 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
net-analyzer/arachni-bin/Manifest
View file

@ -1 +0,0 @@
DIST arachni-1.5.1-0.5.12-linux-x86_64.tar.gz 150869608 BLAKE2B 0cdaa03b97a4b3bbac6d9980de066bcb2f9ad07a160bd3e902e0c34567a7a6ed7543e8ebed02fe4164760fcb1e8aead124b9b0d534eefade5a26ac735b311987 SHA512 bd300ee9c04a970dd3f724e083c1848962cbf7e9511322117352f7a06ae3e8d81bf9e0e3587cc7e109fb82e43343d29855f3f6a9f806e99a37053aaa122e3bd9

77
net-analyzer/arachni-bin/arachni-bin-1.5.1.ebuild
View file

@ -1,77 +0,0 @@
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
# this package has been included a some version of the WebUI
# check before bump it
WEBUI_PV="0.5.12"
MY_PN="${PN%-bin}"
MY_P="${MY_PN}-${PV}-${WEBUI_PV}"
inherit user
DESCRIPTION="Web Application Security Scanner Framework"
HOMEPAGE="https://www.arachni-scanner.com https://github.com/Arachni/arachni"
SRC_URI="https://github.com/Arachni/arachni/releases/download/v${PV}/${MY_P}-linux-x86_64.tar.gz"
LICENSE="APSL-1"
SLOT="0"
KEYWORDS="-* ~amd64"
IUSE=""
QA_PREBUILT="*"
# you need the only dev-lang/ruby for launch it
DEPEND=""
RDEPEND="${DEPEND}
dev-lang/ruby:="
S="${WORKDIR}"/${MY_P}
pkg_setup() {
enewgroup ${MY_PN}
enewuser ${MY_PN} -1 -1 /dev/null ${MY_PN}
}
src_prepare() {
# cleanup
rm -r "system/usr/share" "system/usr/etc/fonts/" \
"system/gems/gems/ffi-1.9.18/ext/ffi_c/libffi-x86_64-linux/include/ffitarget.h" \
|| die "Failed to install!"
default
}
src_install() {
dodir "/opt/${PN}"
cp -R . "${D}/opt/${PN}" || die "Failed to install!"
fowners -R ${MY_PN}:${MY_PN} "/opt/${PN}/system"
fperms -R g=u "/opt/${PN}/system"
for l in $(ls "bin/"); do
dosym "../../opt/${PN}/bin"/${l} "/usr/bin"/${l}
done
dosym "../../../../usr/share" "/opt/${PN}/system/usr/share"
newinitd "${FILESDIR}"/arachni-webui-daemon.initd arachni-webui-daemon
newconfd "${FILESDIR}"/arachni-webui-daemon.confd arachni-webui-daemon
doman "${FILESDIR}"/man/*
dodoc README TROUBLESHOOTING
}
pkg_postinst() {
elog "\nJust run 'gpasswd -a <USER> ${MY_PN}', then have <USER> re-login."
elog "\nIf you want to use the Web User Interface, run this command:"
elog " ~# rc-service arachni-webui-daemon start"
elog "and open in browser http://127.0.0.1:9292\n"
elog "Defaults for the administrator account:"
elog " Login: admin@admin.admin"
elog " Passwd: administrator\n"
elog "See documentation:"
elog " https://github.com/Arachni/arachni/wiki"
elog " https://github.com/Arachni/arachni-ui-web/wiki\n"
}

10
net-analyzer/arachni-bin/files/arachni-webui-daemon.confd
View file

@ -1,10 +0,0 @@
# /etc/conf.d/arachni-webui-daemon: config file for /etc/init.d/arachni-webui-daemon
# Address and port service will listen on
# Default: localhost
#WEBUI_HOST="127.0.0.1"
# Default: 9292
#WEBUI_PORT="9292"
# See manpage: man 1 arachni_web
#WEBUI_OPTS=""

34
net-analyzer/arachni-bin/files/arachni-webui-daemon.initd
View file

@ -1,34 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
PID_DIR=${PID_DIR:-/run/${RC_SVCNAME}}
PID_FILE=${PID_DIR}/${RC_SVCNAME}.pid
USER="arachni"
GROUP="arachni"
description="Arachni's web user interface"
command="/usr/bin/arachni_web"
command_user="${USER}:${GROUP}"
command_args="-D -P ${PID_FILE} -o ${WEBUI_HOST:-127.0.0.1} -p ${WEBUI_PORT:-9292} ${WEBUI_OPTS}"
pidfile="${PID_FILE}"
retry="${WEBUI_TERMTIMEOUT:-"TERM/25/KILL/5"}"
extra_commands="checkconfig"
depend() {
after net
}
checkconfig() {
if ! [ -d "${PID_DIR}" ]; then
checkpath -q -d -o ${USER}:${GROUP} -m 0755 "${PID_DIR}" || return 1
fi
}
start_pre() {
checkconfig || return 1
}
# vim: set ft=gentoo-init-d ts=4 :

471
net-analyzer/arachni-bin/files/man/arachni.1
View file

@ -1,471 +0,0 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
.TH ARACHNI "1" "May 2019" "Arachni - Web Application Security Scanner Framework v1.5.1" "User Commands"
.SH NAME
Arachni \- manual page for Arachni - Web Application Security Scanner Framework v1.5.1
.SH SYNOPSIS
.B arachni
[\fI\,options\/\fR] \fI\,URL\/\fR
.SH DESCRIPTION
Arachni \- Web Application Security Scanner Framework v1.5.1
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
Generic
.TP
\fB\-h\fR, \fB\-\-help\fR
Output this message.
.TP
\fB\-\-version\fR
Show version information.
.TP
\fB\-\-daemon\-friendly\fR
Enable this option when running the process in the background.
.TP
\fB\-\-authorized\-by\fR EMAIL_ADDRESS
E\-mail address of the person who authorized the scan.
.TP
(It'll make it easier on the sys\-admins during log reviews.)
(Will be used as a value for the 'From' HTTP request header.)
.PP
Output
.TP
\fB\-\-output\-verbose\fR
Show verbose output.
.TP
\fB\-\-output\-debug\fR [LEVEL 1\-4]
Show debugging information.
.HP
\fB\-\-output\-only\-positives\fR Only output positive results.
.PP
Scope
.TP
\fB\-\-scope\-include\-pattern\fR PATTERN
Only include resources whose path/action matches PATTERN.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-include\-subdomains\fR
Follow links to subdomains.
.IP
(Default: false)
.TP
\fB\-\-scope\-exclude\-pattern\fR PATTERN
Exclude resources whose path/action matches PATTERN.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-exclude\-file\-extensions\fR EXTENSION,EXTENSION2,..
Exclude resources with the specified extensions.
.TP
\fB\-\-scope\-exclude\-content\-pattern\fR PATTERN
Exclude pages whose content matches PATTERN.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-exclude\-binaries\fR
Exclude non text\-based pages.
.IP
(Binary content can confuse passive checks that perform pattern matching.)
.TP
\fB\-\-scope\-redundant\-path\-pattern\fR PATTERN:LIMIT
Limit crawl on redundant pages like galleries or catalogs.
.TP
(URLs matching PATTERN will be crawled LIMIT amount of times.)
(Can be used multiple times.)
.TP
\fB\-\-scope\-auto\-redundant\fR [LIMIT]
Only follow URLs with identical query parameter names LIMIT amount of times.
.IP
(Default: 10)
.TP
\fB\-\-scope\-directory\-depth\-limit\fR LIMIT
Directory depth limit.
.TP
(Default: inf)
(How deep Arachni should go into the site structure.)
.TP
\fB\-\-scope\-page\-limit\fR LIMIT
How many pages to crawl and audit.
.IP
(Default: inf)
.TP
\fB\-\-scope\-extend\-paths\fR FILE
Add the paths in FILE to the ones discovered by the crawler.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-restrict\-paths\fR FILE
Use the paths in FILE instead of crawling.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-url\-rewrite\fR PATTERN:SUBSTITUTION
Rewrite URLs based on the given PATTERN and SUBSTITUTION.
.TP
To convert:
http://example.com/articles/some\-stuff/23 to http://example.com/articles.php?id=23
.TP
Use:
articles/[\ew\-]+/(\ed+):articles.php?id=\e1
.TP
\fB\-\-scope\-dom\-depth\-limit\fR LIMIT
How deep to go into the DOM tree of each page, for pages with JavaScript code.
.TP
(Default: 5)
(Setting it to '0' will disable browser analysis.)
.TP
\fB\-\-scope\-dom\-event\-limit\fR LIMIT
How many DOM events to trigger for each DOM depth, for pages with JavaScript code.
.IP
(Default: inf)
.TP
\fB\-\-scope\-https\-only\fR
Forces the system to only follow HTTPS URLs.
(Default: false)
.PP
Audit
.TP
\fB\-\-audit\-links\fR
Audit links.
.TP
\fB\-\-audit\-forms\fR
Audit forms.
.TP
\fB\-\-audit\-cookies\fR
Audit cookies.
.TP
\fB\-\-audit\-cookies\-extensively\fR
Submit all links and forms of the page along with the cookie permutations.
.IP
(*WARNING*: This will severely increase the scan\-time.)
.TP
\fB\-\-audit\-headers\fR
Audit headers.
.TP
\fB\-\-audit\-link\-template\fR TEMPLATE
Regular expression with named captures to use to extract input information from generic paths.
.TP
To extract the 'input1' and 'input2' inputs from:
http://example.com/input1/value1/input2/value2
.TP
Use:
input1/(?<input1>\ew+)/input2/(?<input2>\ew+)
.IP
(Can be used multiple times.)
.TP
\fB\-\-audit\-jsons\fR
Audit JSON request inputs.
.TP
\fB\-\-audit\-xmls\fR
Audit XML request inputs.
.TP
\fB\-\-audit\-ui\-inputs\fR
Audit orphan <input> elements with events.
.TP
\fB\-\-audit\-ui\-forms\fR
Audit UI Forms.
Input and button groups that do not belong to a parent <form> element.
.HP
\fB\-\-audit\-parameter\-names\fR Inject payloads into parameter names.
.TP
\fB\-\-audit\-with\-raw\-payloads\fR
Inject payloads with and without HTTP encoding.
.TP
\fB\-\-audit\-with\-extra\-parameter\fR
Inject payloads into extra element parameters.
.TP
\fB\-\-audit\-with\-both\-methods\fR
Audit elements with both GET and POST requests.
.IP
(*WARNING*: This will severely increase the scan\-time.)
.TP
\fB\-\-audit\-exclude\-vector\fR PATTERN
Exclude input vectors whose name matches PATTERN.
.IP
(Can be used multiple times.)
.TP
\fB\-\-audit\-include\-vector\fR PATTERN
Include only input vectors whose name matches PATTERN.
.IP
(Can be used multiple times.)
.PP
Input
.TP
\fB\-\-input\-value\fR PATTERN:VALUE
PATTERN to match against input names and VALUE to use for them.
.IP
(Can be used multiple times.)
.TP
\fB\-\-input\-values\-file\fR FILE
YAML file containing a Hash object with regular expressions, to match against input names, as keys and input values as values.
.TP
\fB\-\-input\-without\-defaults\fR
Do not use the system default input values.
.TP
\fB\-\-input\-force\fR
Fill\-in even non\-empty inputs.
.PP
HTTP
.TP
\fB\-\-http\-user\-agent\fR USER_AGENT
Value for the 'User\-Agent' HTTP request header.
.IP
(Default: Arachni/v1.5.1)
.TP
\fB\-\-http\-request\-concurrency\fR MAX_CONCURRENCY
Maximum HTTP request concurrency.
.TP
(Default: 20)
(Be careful not to kill your server.)
(*NOTE*: If your scan seems unresponsive try lowering the limit.)
.TP
\fB\-\-http\-request\-timeout\fR TIMEOUT
HTTP request timeout in milliseconds.
.IP
(Default: 10000)
.TP
\fB\-\-http\-request\-redirect\-limit\fR LIMIT
Maximum amount of redirects to follow for each HTTP request.
.IP
(Default: 5)
.TP
\fB\-\-http\-request\-queue\-size\fR QUEUE_SIZE
Maximum amount of requests to keep in the queue.
.TP
Bigger size means better scheduling and better performance,
smaller means less RAM consumption.
(Default: 100)
.TP
\fB\-\-http\-request\-header\fR NAME=VALUE
Specify custom headers to be included in the HTTP requests.
.IP
(Can be used multiple times.)
.TP
\fB\-\-http\-response\-max\-size\fR LIMIT
Do not download response bodies larger than the specified LIMIT, in bytes.
.IP
(Default: 500000)
.TP
\fB\-\-http\-cookie\-jar\fR COOKIE_JAR_FILE
Netscape\-styled HTTP cookiejar file.
.TP
\fB\-\-http\-cookie\-string\fR COOKIE
Cookie representation as a 'Set\-Cookie' HTTP response header.
.IP
Example: my_cookie=my_value; Path=/, other_cookie=other_value; Path=/test
.TP
\fB\-\-http\-authentication\-username\fR USERNAME
Username for HTTP authentication.
.TP
\fB\-\-http\-authentication\-password\fR PASSWORD
Password for HTTP authentication.
.TP
\fB\-\-http\-authentication\-type\fR auto,basic,digest,digest_ie,negotiate,ntlm
HTTP authentication type.
.IP
(Default: auto)
.TP
\fB\-\-http\-proxy\fR ADDRESS:PORT
Proxy to use.
.TP
\fB\-\-http\-proxy\-authentication\fR USERNAME:PASSWORD
Proxy authentication credentials.
.TP
\fB\-\-http\-proxy\-type\fR http,http_1_0,socks4,socks4a,socks5,socks5h
Proxy type.
.IP
(Default: auto)
.TP
\fB\-\-http\-ssl\-verify\-peer\fR
Verify SSL peer.
(Default: false)
.TP
\fB\-\-http\-ssl\-verify\-host\fR
Verify SSL host.
(Default: false)
.TP
\fB\-\-http\-ssl\-certificate\fR PATH
SSL certificate to use.
.TP
\fB\-\-http\-ssl\-certificate\-type\fR pem,der
SSL certificate type.
.TP
\fB\-\-http\-ssl\-key\fR PATH
SSL private key to use.
.TP
\fB\-\-http\-ssl\-key\-type\fR pem,der
SSL key type.
.TP
\fB\-\-http\-ssl\-key\-password\fR PASSWORD
Password for the SSL private key.
.TP
\fB\-\-http\-ssl\-ca\fR PATH
File holding one or more certificates with which to verify the peer.
.TP
\fB\-\-http\-ssl\-ca\-directory\fR PATH
Directory holding multiple certificate files with which to verify the peer.
.TP
\fB\-\-http\-ssl\-version\fR TLSv1,TLSv1_0,TLSv1_1,TLSv1_2,SSLv2,SSLv3
SSL version to use.
.PP
Checks
.TP
\fB\-\-checks\-list\fR [GLOB]
List available checks based on the provided glob.
(If no glob is provided all checks will be listed.)
.TP
\fB\-\-checks\fR CHECK,CHECK2,...
Comma separated list of checks to load.
.TP
Checks are referenced by their filename without the '.rb' extension, use '\-\-checks\-list' to list all.
Use '*' as a check name to load all checks or as a wildcard, like so:
.TP
xss*
to load all XSS checks
.TP
sql_injection*
to load all SQL injection checks
.IP
etc.
.TP
You can exclude checks by prefixing their name with a minus sign:
\fB\-\-checks=\fR*,\-backup_files,\-xss
.IP
The above will load all checks except for the 'backup_files' and 'xss' checks.
.TP
Or mix and match:
\fB\-xss\fR* to unload all XSS checks.
.PP
Plugins
.TP
\fB\-\-plugins\-list\fR [GLOB]
List available plugins based on the provided glob.
(If no glob is provided all plugins will be listed.)
.TP
\fB\-\-plugin\fR 'PLUGIN:OPTION=VALUE,OPTION2=VALUE2'
PLUGIN is the name of the plugin as displayed by '\-\-plugins\-list'.
.TP
(Plugins are referenced by their filename without the '.rb' extension, use '\-\-plugins\-list' to list all.)
(Can be used multiple times.)
.PP
Platforms
.TP
\fB\-\-platforms\-list\fR
List available platforms.
.TP
\fB\-\-platforms\-no\-fingerprinting\fR
Disable platform fingerprinting.
.TP
(By default, the system will try to identify the deployed server\-side platforms automatically
in order to avoid sending irrelevant payloads.)
.TP
\fB\-\-platforms\fR PLATFORM,PLATFORM2,...
Comma separated list of platforms (by shortname) to audit.
.TP
(The given platforms will be used *in addition* to fingerprinting. In order to restrict the audit to
these platforms enable the '\-\-platforms\-no\-fingerprinting' option.)
.PP
Session
.TP
\fB\-\-session\-check\-url\fR URL URL to use to verify that the scanner is still logged in to the web application.
(Requires 'session\-check\-pattern'.)
.TP
\fB\-\-session\-check\-pattern\fR PATTERN
Pattern used against the body of the 'session\-check\-url' to verify that the scanner is still logged in to the web application.
.IP
(Requires 'session\-check\-url'.)
.PP
Profiles
.TP
\fB\-\-profile\-save\-filepath\fR FILEPATH
Save the current configuration profile/options to FILEPATH.
.TP
\fB\-\-profile\-load\-filepath\fR FILEPATH
Load a configuration profile from FILEPATH.
.PP
Browser cluster
.TP
\fB\-\-browser\-cluster\-local\-storage\fR FILE
Sets the browsers' local storage using the JSON data in FILE.
.TP
\fB\-\-browser\-cluster\-wait\-for\-element\fR PATTERN:CSS
Wait for element matching CSS to appear when visiting a page whose URL matches the PATTERN.
.TP
\fB\-\-browser\-cluster\-pool\-size\fR SIZE
Amount of browser workers to keep in the pool and put to work.
.IP
(Default: 6)
.TP
\fB\-\-browser\-cluster\-job\-timeout\fR SECONDS
Maximum allowed time for each job.
.IP
(Default: 10)
.TP
\fB\-\-browser\-cluster\-worker\-time\-to\-live\fR LIMIT
Re\-spawn the browser of each worker every LIMIT jobs.
.IP
(Default: 100)
.TP
\fB\-\-browser\-cluster\-ignore\-images\fR
Do not load images.
.TP
\fB\-\-browser\-cluster\-screen\-width\fR
Browser screen width.
.IP
(Default: 1600)
.TP
\fB\-\-browser\-cluster\-screen\-height\fR
Browser screen height.
.IP
(Default: 1200)
.PP
Report
.TP
\fB\-\-report\-save\-path\fR PATH Directory or file path where to store the scan report.
You can use the generated file to create reports in several formats with the 'arachni_reporter' executable.
.PP
Snapshot
.TP
\fB\-\-snapshot\-save\-path\fR PATH
Directory or file path where to store the snapshot of a suspended scan.
.IP
You can use the generated file to resume the scan with the 'arachni_restore' executable.
.PP
Timeout
.TP
\fB\-\-timeout\fR HOURS:MINUTES:SECONDS
Stop the scan after the given duration is exceeded.
.TP
\fB\-\-timeout\-suspend\fR
Suspend after the timeout.
You can use the generated file to resume the scan with the 'arachni_restore' executable.
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
Arachni 1.5.1 (ruby 2.2.3p173) [x86_64\-linux]
.SH "SEE ALSO"
The full documentation for
.B Arachni
is maintained as a Texinfo manual. If the
.B info
and
.B Arachni
programs are properly installed at your site, the command
.IP
.B info Arachni
.PP
should give you access to the complete manual.

135
net-analyzer/arachni-bin/files/man/arachni_console.1
View file

@ -1,135 +0,0 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
.TH ARACHNI "1" "May 2019" "Arachni - Web Application Security Scanner Framework v1.5.1" "User Commands"
.SH NAME
Arachni \- manual page for Arachni - Web Application Security Scanner Framework v1.5.1
.SH SYNOPSIS
.B irb.rb
[\fI\,options\/\fR] [\fI\,programfile\/\fR] [\fI\,arguments\/\fR]
.SH DESCRIPTION
Arachni \- Web Application Security Scanner Framework v1.5.1
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
(Call the 'mute' method to mute framework output.)
.TP
\fB\-f\fR
Suppress read of ~/.irbrc
.TP
\fB\-m\fR
Bc mode (load mathn, fraction or matrix are available)
.TP
\fB\-d\fR
Set $DEBUG to true (same as `ruby \fB\-d\fR')
.TP
\fB\-r\fR load\-module
Same as `ruby \fB\-r\fR'
.TP
\fB\-I\fR path
Specify $LOAD_PATH directory
.TP
\fB\-U\fR
Same as `ruby \fB\-U\fR`
.TP
\fB\-E\fR enc
Same as `ruby \fB\-E\fR`
.TP
\fB\-w\fR
Same as `ruby \fB\-w\fR`
.TP
\fB\-W[level\fR=\fI\,2]\/\fR
Same as `ruby \fB\-W\fR`
.TP
\fB\-\-context\-mode\fR n
Set n[0\-3] to method to create Binding Object,
when new workspace was created
.TP
\fB\-\-echo\fR
Show result(default)
.TP
\fB\-\-noecho\fR
Don't show result
.TP
\fB\-\-inspect\fR
Use `inspect' for output (default except for bc mode)
.TP
\fB\-\-noinspect\fR
Don't use inspect for output
.TP
\fB\-\-readline\fR
Use Readline extension module
.TP
\fB\-\-noreadline\fR
Don't use Readline extension module
.TP
\fB\-\-prompt\fR prompt\-mode/\-\-prompt\-mode prompt\-mode
Switch prompt mode. Pre\-defined prompt modes are
`default', `simple', `xmp' and `inf\-ruby'
.TP
\fB\-\-inf\-ruby\-mode\fR
Use prompt appropriate for inf\-ruby\-mode on emacs.
Suppresses \fB\-\-readline\fR.
.TP
\fB\-\-sample\-book\-mode\fR/\-\-simple\-prompt
Simple prompt mode
.TP
\fB\-\-noprompt\fR
No prompt mode
.TP
\fB\-\-single\-irb\fR
Share self with sub\-irb.
.TP
\fB\-\-tracer\fR
Display trace for each execution of commands.
.TP
\fB\-\-back\-trace\-limit\fR n
Display backtrace top n and tail n. The default
value is 16.
.TP
\fB\-\-irb_debug\fR n
Set internal debug level to n (not for popular use)
.TP
\fB\-\-verbose\fR
Show details
.TP
\fB\-\-noverbose\fR
Don't show details
.TP
\fB\-v\fR, \fB\-\-version\fR
Print the version of irb
.TP
\fB\-h\fR, \fB\-\-help\fR
Print help
.TP
\fB\-\-\fR
Separate options of irb from the list of command\-line args
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
(Call the 'mute' method to mute framework output.)
irb 0.9.6(09/06/30)
.SH "SEE ALSO"
The full documentation for
.B Arachni
is maintained as a Texinfo manual. If the
.B info
and
.B Arachni
programs are properly installed at your site, the command
.IP
.B info Arachni
.PP
should give you access to the complete manual.

452
net-analyzer/arachni-bin/files/man/arachni_multi.1
View file

@ -1,452 +0,0 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
.TH ARACHNI "1" "May 2019" "Arachni - Web Application Security Scanner Framework v1.5.1" "User Commands"
.SH NAME
Arachni \- manual page for Arachni - Web Application Security Scanner Framework v1.5.1
.SH SYNOPSIS
.B arachni_multi
[\fI\,options\/\fR] \fI\,URL\/\fR
.SH DESCRIPTION
Arachni \- Web Application Security Scanner Framework v1.5.1
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
Generic
.TP
\fB\-h\fR, \fB\-\-help\fR
Output this message.
.TP
\fB\-\-version\fR
Show version information.
.TP
\fB\-\-authorized\-by\fR EMAIL_ADDRESS
E\-mail address of the person who authorized the scan.
.TP
(It'll make it easier on the sys\-admins during log reviews.)
(Will be used as a value for the 'From' HTTP request header.)
.PP
Scope
.TP
\fB\-\-scope\-include\-pattern\fR PATTERN
Only include resources whose path/action matches PATTERN.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-include\-subdomains\fR
Follow links to subdomains.
.IP
(Default: false)
.TP
\fB\-\-scope\-exclude\-pattern\fR PATTERN
Exclude resources whose path/action matches PATTERN.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-exclude\-file\-extensions\fR EXTENSION,EXTENSION2,..
Exclude resources with the specified extensions.
.TP
\fB\-\-scope\-exclude\-content\-pattern\fR PATTERN
Exclude pages whose content matches PATTERN.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-exclude\-binaries\fR
Exclude non text\-based pages.
.IP
(Binary content can confuse passive checks that perform pattern matching.)
.TP
\fB\-\-scope\-redundant\-path\-pattern\fR PATTERN:LIMIT
Limit crawl on redundant pages like galleries or catalogs.
.TP
(URLs matching PATTERN will be crawled LIMIT amount of times.)
(Can be used multiple times.)
.TP
\fB\-\-scope\-auto\-redundant\fR [LIMIT]
Only follow URLs with identical query parameter names LIMIT amount of times.
.IP
(Default: 10)
.TP
\fB\-\-scope\-directory\-depth\-limit\fR LIMIT
Directory depth limit.
.TP
(Default: inf)
(How deep Arachni should go into the site structure.)
.TP
\fB\-\-scope\-page\-limit\fR LIMIT
How many pages to crawl and audit.
.IP
(Default: inf)
.TP
\fB\-\-scope\-extend\-paths\fR FILE
Add the paths in FILE to the ones discovered by the crawler.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-restrict\-paths\fR FILE
Use the paths in FILE instead of crawling.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-url\-rewrite\fR PATTERN:SUBSTITUTION
Rewrite URLs based on the given PATTERN and SUBSTITUTION.
.TP
To convert:
http://example.com/articles/some\-stuff/23 to http://example.com/articles.php?id=23
.TP
Use:
articles/[\ew\-]+/(\ed+):articles.php?id=\e1
.TP
\fB\-\-scope\-dom\-depth\-limit\fR LIMIT
How deep to go into the DOM tree of each page, for pages with JavaScript code.
.TP
(Default: 5)
(Setting it to '0' will disable browser analysis.)
.TP
\fB\-\-scope\-dom\-event\-limit\fR LIMIT
How many DOM events to trigger for each DOM depth, for pages with JavaScript code.
.IP
(Default: inf)
.TP
\fB\-\-scope\-https\-only\fR
Forces the system to only follow HTTPS URLs.
(Default: false)
.PP
Audit
.TP
\fB\-\-audit\-links\fR
Audit links.
.TP
\fB\-\-audit\-forms\fR
Audit forms.
.TP
\fB\-\-audit\-cookies\fR
Audit cookies.
.TP
\fB\-\-audit\-cookies\-extensively\fR
Submit all links and forms of the page along with the cookie permutations.
.IP
(*WARNING*: This will severely increase the scan\-time.)
.TP
\fB\-\-audit\-headers\fR
Audit headers.
.TP
\fB\-\-audit\-link\-template\fR TEMPLATE
Regular expression with named captures to use to extract input information from generic paths.
.TP
To extract the 'input1' and 'input2' inputs from:
http://example.com/input1/value1/input2/value2
.TP
Use:
input1/(?<input1>\ew+)/input2/(?<input2>\ew+)
.IP
(Can be used multiple times.)
.TP
\fB\-\-audit\-jsons\fR
Audit JSON request inputs.
.TP
\fB\-\-audit\-xmls\fR
Audit XML request inputs.
.TP
\fB\-\-audit\-ui\-inputs\fR
Audit orphan <input> elements with events.
.TP
\fB\-\-audit\-ui\-forms\fR
Audit UI Forms.
Input and button groups that do not belong to a parent <form> element.
.HP
\fB\-\-audit\-parameter\-names\fR Inject payloads into parameter names.
.TP
\fB\-\-audit\-with\-raw\-payloads\fR
Inject payloads with and without HTTP encoding.
.TP
\fB\-\-audit\-with\-extra\-parameter\fR
Inject payloads into extra element parameters.
.TP
\fB\-\-audit\-with\-both\-methods\fR
Audit elements with both GET and POST requests.
.IP
(*WARNING*: This will severely increase the scan\-time.)
.TP
\fB\-\-audit\-exclude\-vector\fR PATTERN
Exclude input vectors whose name matches PATTERN.
.IP
(Can be used multiple times.)
.TP
\fB\-\-audit\-include\-vector\fR PATTERN
Include only input vectors whose name matches PATTERN.
.IP
(Can be used multiple times.)
.PP
Input
.TP
\fB\-\-input\-value\fR PATTERN:VALUE
PATTERN to match against input names and VALUE to use for them.
.IP
(Can be used multiple times.)
.TP
\fB\-\-input\-values\-file\fR FILE
YAML file containing a Hash object with regular expressions, to match against input names, as keys and input values as values.
.TP
\fB\-\-input\-without\-defaults\fR
Do not use the system default input values.
.TP
\fB\-\-input\-force\fR
Fill\-in even non\-empty inputs.
.PP
HTTP
.TP
\fB\-\-http\-user\-agent\fR USER_AGENT
Value for the 'User\-Agent' HTTP request header.
.IP
(Default: Arachni/v1.5.1)
.TP
\fB\-\-http\-request\-concurrency\fR MAX_CONCURRENCY
Maximum HTTP request concurrency.
.TP
(Default: 20)
(Be careful not to kill your server.)
(*NOTE*: If your scan seems unresponsive try lowering the limit.)
.TP
\fB\-\-http\-request\-timeout\fR TIMEOUT
HTTP request timeout in milliseconds.
.IP
(Default: 10000)
.TP
\fB\-\-http\-request\-redirect\-limit\fR LIMIT
Maximum amount of redirects to follow for each HTTP request.
.IP
(Default: 5)
.TP
\fB\-\-http\-request\-queue\-size\fR QUEUE_SIZE
Maximum amount of requests to keep in the queue.
.TP
Bigger size means better scheduling and better performance,
smaller means less RAM consumption.
(Default: 100)
.TP
\fB\-\-http\-request\-header\fR NAME=VALUE
Specify custom headers to be included in the HTTP requests.
.IP
(Can be used multiple times.)
.TP
\fB\-\-http\-response\-max\-size\fR LIMIT
Do not download response bodies larger than the specified LIMIT, in bytes.
.IP
(Default: 500000)
.TP
\fB\-\-http\-cookie\-jar\fR COOKIE_JAR_FILE
Netscape\-styled HTTP cookiejar file.
.TP
\fB\-\-http\-cookie\-string\fR COOKIE
Cookie representation as a 'Set\-Cookie' HTTP response header.
.IP
Example: my_cookie=my_value; Path=/, other_cookie=other_value; Path=/test
.TP
\fB\-\-http\-authentication\-username\fR USERNAME
Username for HTTP authentication.
.TP
\fB\-\-http\-authentication\-password\fR PASSWORD
Password for HTTP authentication.
.TP
\fB\-\-http\-authentication\-type\fR auto,basic,digest,digest_ie,negotiate,ntlm
HTTP authentication type.
.IP
(Default: auto)
.TP
\fB\-\-http\-proxy\fR ADDRESS:PORT
Proxy to use.
.TP
\fB\-\-http\-proxy\-authentication\fR USERNAME:PASSWORD
Proxy authentication credentials.
.TP
\fB\-\-http\-proxy\-type\fR http,http_1_0,socks4,socks4a,socks5,socks5h
Proxy type.
.IP
(Default: auto)
.TP
\fB\-\-http\-ssl\-verify\-peer\fR
Verify SSL peer.
(Default: false)
.TP
\fB\-\-http\-ssl\-verify\-host\fR
Verify SSL host.
(Default: false)
.TP
\fB\-\-http\-ssl\-certificate\fR PATH
SSL certificate to use.
.TP
\fB\-\-http\-ssl\-certificate\-type\fR pem,der
SSL certificate type.
.TP
\fB\-\-http\-ssl\-key\fR PATH
SSL private key to use.
.TP
\fB\-\-http\-ssl\-key\-type\fR pem,der
SSL key type.
.TP
\fB\-\-http\-ssl\-key\-password\fR PASSWORD
Password for the SSL private key.
.TP
\fB\-\-http\-ssl\-ca\fR PATH
File holding one or more certificates with which to verify the peer.
.TP
\fB\-\-http\-ssl\-ca\-directory\fR PATH
Directory holding multiple certificate files with which to verify the peer.
.TP
\fB\-\-http\-ssl\-version\fR TLSv1,TLSv1_0,TLSv1_1,TLSv1_2,SSLv2,SSLv3
SSL version to use.
.PP
Checks
.TP
\fB\-\-checks\-list\fR [GLOB]
List available checks based on the provided glob.
(If no glob is provided all checks will be listed.)
.TP
\fB\-\-checks\fR CHECK,CHECK2,...
Comma separated list of checks to load.
.TP
Checks are referenced by their filename without the '.rb' extension, use '\-\-checks\-list' to list all.
Use '*' as a check name to load all checks or as a wildcard, like so:
.TP
xss*
to load all XSS checks
.TP
sql_injection*
to load all SQL injection checks
.IP
etc.
.TP
You can exclude checks by prefixing their name with a minus sign:
\fB\-\-checks=\fR*,\-backup_files,\-xss
.IP
The above will load all checks except for the 'backup_files' and 'xss' checks.
.TP
Or mix and match:
\fB\-xss\fR* to unload all XSS checks.
.PP
Plugins
.TP
\fB\-\-plugins\-list\fR [GLOB]
List available plugins based on the provided glob.
(If no glob is provided all plugins will be listed.)
.TP
\fB\-\-plugin\fR 'PLUGIN:OPTION=VALUE,OPTION2=VALUE2'
PLUGIN is the name of the plugin as displayed by '\-\-plugins\-list'.
.TP
(Plugins are referenced by their filename without the '.rb' extension, use '\-\-plugins\-list' to list all.)
(Can be used multiple times.)
.PP
Platforms
.TP
\fB\-\-platforms\-list\fR
List available platforms.
.TP
\fB\-\-platforms\-no\-fingerprinting\fR
Disable platform fingerprinting.
.TP
(By default, the system will try to identify the deployed server\-side platforms automatically
in order to avoid sending irrelevant payloads.)
.TP
\fB\-\-platforms\fR PLATFORM,PLATFORM2,...
Comma separated list of platforms (by shortname) to audit.
.TP
(The given platforms will be used *in addition* to fingerprinting. In order to restrict the audit to
these platforms enable the '\-\-platforms\-no\-fingerprinting' option.)
.PP
Session
.TP
\fB\-\-session\-check\-url\fR URL URL to use to verify that the scanner is still logged in to the web application.
(Requires 'session\-check\-pattern'.)
.TP
\fB\-\-session\-check\-pattern\fR PATTERN
Pattern used against the body of the 'session\-check\-url' to verify that the scanner is still logged in to the web application.
.IP
(Requires 'session\-check\-url'.)
.PP
Profiles
.TP
\fB\-\-profile\-save\-filepath\fR FILEPATH
Save the current configuration profile/options to FILEPATH.
.TP
\fB\-\-profile\-load\-filepath\fR FILEPATH
Load a configuration profile from FILEPATH.
.PP
Browser cluster
.TP
\fB\-\-browser\-cluster\-local\-storage\fR FILE
Sets the browsers' local storage using the JSON data in FILE.
.TP
\fB\-\-browser\-cluster\-wait\-for\-element\fR PATTERN:CSS
Wait for element matching CSS to appear when visiting a page whose URL matches the PATTERN.
.TP
\fB\-\-browser\-cluster\-pool\-size\fR SIZE
Amount of browser workers to keep in the pool and put to work.
.IP
(Default: 6)
.TP
\fB\-\-browser\-cluster\-job\-timeout\fR SECONDS
Maximum allowed time for each job.
.IP
(Default: 10)
.TP
\fB\-\-browser\-cluster\-worker\-time\-to\-live\fR LIMIT
Re\-spawn the browser of each worker every LIMIT jobs.
.IP
(Default: 100)
.TP
\fB\-\-browser\-cluster\-ignore\-images\fR
Do not load images.
.TP
\fB\-\-browser\-cluster\-screen\-width\fR
Browser screen width.
.IP
(Default: 1600)
.TP
\fB\-\-browser\-cluster\-screen\-height\fR
Browser screen height.
.IP
(Default: 1200)
.PP
Distribution
.TP
\fB\-\-instance\-spawns\fR SPAWNS
How many slaves to spawn for a high\-performance mult\-Instance scan.
.PP
Report
.TP
\fB\-\-report\-save\-path\fR PATH Directory or file path where to store the scan report.
You can use the generated file to create reports in several formats with the 'arachni_reporter' executable.
.PP
Timeout
.TP
\fB\-\-timeout\fR HOURS:MINUTES:SECONDS
Stop the scan after the given duration is exceeded.
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
Arachni 1.5.1 (ruby 2.2.3p173) [x86_64\-linux]
.SH "SEE ALSO"
The full documentation for
.B Arachni
is maintained as a Texinfo manual. If the
.B info
and
.B Arachni
programs are properly installed at your site, the command
.IP
.B info Arachni
.PP
should give you access to the complete manual.

96
net-analyzer/arachni-bin/files/man/arachni_rest_server.1
View file

@ -1,96 +0,0 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
.TH ARACHNI "1" "May 2019" "Arachni - Web Application Security Scanner Framework v1.5.1" "User Commands"
.SH NAME
Arachni \- manual page for Arachni - Web Application Security Scanner Framework v1.5.1
.SH SYNOPSIS
.B arachni_rest_server
[\fI\,options\/\fR]
.SH DESCRIPTION
Arachni \- Web Application Security Scanner Framework v1.5.1
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
Generic
.TP
\fB\-h\fR, \fB\-\-help\fR
Output this message.
.TP
\fB\-\-version\fR
Show version information.
.PP
Server
.TP
\fB\-\-address\fR ADDRESS
Hostname or IP address to bind to.
(Default: 127.0.0.1)
.TP
\fB\-\-port\fR NUMBER
Port to listen to.
(Default: 7331)
.PP
Output
.TP
\fB\-\-reroute\-to\-logfile\fR
Reroute scan output to log\-files under: /opt/arachni\-bin/bin/../system/logs/framework/
.TP
\fB\-\-verbose\fR
Show verbose output.
(Only applicable when '\-\-reroute\-to\-logfile' is enabled.)
.TP
\fB\-\-debug\fR [LEVEL 1\-3]
Show debugging information.
(Only applicable when '\-\-reroute\-to\-logfile' is enabled.)
.TP
\fB\-\-only\-positives\fR
Only output positive results.
(Only applicable when '\-\-reroute\-to\-logfile' is enabled.)
.PP
Authentication
.TP
\fB\-\-authentication\-username\fR USERNAME
Username to use for HTTP authentication.
.TP
\fB\-\-authentication\-password\fR PASSWORD
Password to use for HTTP authentication.
.PP
SSL
.TP
\fB\-\-ssl\-ca\fR FILE
Location of the CA certificate (.pem).
If provided, peer verification will be enabled, otherwise no verification will take place.
.TP
\fB\-\-ssl\-private\-key\fR FILE
Location of the SSL private key (.pem).
.TP
\fB\-\-ssl\-certificate\fR FILE
Location of the SSL certificate (.pem).
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
Arachni 1.5.1 (ruby 2.2.3p173) [x86_64\-linux]
.SH "SEE ALSO"
The full documentation for
.B Arachni
is maintained as a Texinfo manual. If the
.B info
and
.B Arachni
programs are properly installed at your site, the command
.IP
.B info Arachni
.PP
should give you access to the complete manual.

481
net-analyzer/arachni-bin/files/man/arachni_rpc.1
View file

@ -1,481 +0,0 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
.TH ARACHNI "1" "May 2019" "Arachni - Web Application Security Scanner Framework v1.5.1" "User Commands"
.SH NAME
Arachni \- manual page for Arachni - Web Application Security Scanner Framework v1.5.1
.SH SYNOPSIS
.B arachni_rpc
[\fI\,options\/\fR] \fI\,--dispatcher-url HOST:PORT URL\/\fR
.SH DESCRIPTION
Arachni \- Web Application Security Scanner Framework v1.5.1
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
Generic
.TP
\fB\-h\fR, \fB\-\-help\fR
Output this message.
.TP
\fB\-\-version\fR
Show version information.
.TP
\fB\-\-authorized\-by\fR EMAIL_ADDRESS
E\-mail address of the person who authorized the scan.
.TP
(It'll make it easier on the sys\-admins during log reviews.)
(Will be used as a value for the 'From' HTTP request header.)
.PP
Scope
.TP
\fB\-\-scope\-include\-pattern\fR PATTERN
Only include resources whose path/action matches PATTERN.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-include\-subdomains\fR
Follow links to subdomains.
.IP
(Default: false)
.TP
\fB\-\-scope\-exclude\-pattern\fR PATTERN
Exclude resources whose path/action matches PATTERN.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-exclude\-file\-extensions\fR EXTENSION,EXTENSION2,..
Exclude resources with the specified extensions.
.TP
\fB\-\-scope\-exclude\-content\-pattern\fR PATTERN
Exclude pages whose content matches PATTERN.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-exclude\-binaries\fR
Exclude non text\-based pages.
.IP
(Binary content can confuse passive checks that perform pattern matching.)
.TP
\fB\-\-scope\-redundant\-path\-pattern\fR PATTERN:LIMIT
Limit crawl on redundant pages like galleries or catalogs.
.TP
(URLs matching PATTERN will be crawled LIMIT amount of times.)
(Can be used multiple times.)
.TP
\fB\-\-scope\-auto\-redundant\fR [LIMIT]
Only follow URLs with identical query parameter names LIMIT amount of times.
.IP
(Default: 10)
.TP
\fB\-\-scope\-directory\-depth\-limit\fR LIMIT
Directory depth limit.
.TP
(Default: inf)
(How deep Arachni should go into the site structure.)
.TP
\fB\-\-scope\-page\-limit\fR LIMIT
How many pages to crawl and audit.
.IP
(Default: inf)
.TP
\fB\-\-scope\-extend\-paths\fR FILE
Add the paths in FILE to the ones discovered by the crawler.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-restrict\-paths\fR FILE
Use the paths in FILE instead of crawling.
.IP
(Can be used multiple times.)
.TP
\fB\-\-scope\-url\-rewrite\fR PATTERN:SUBSTITUTION
Rewrite URLs based on the given PATTERN and SUBSTITUTION.
.TP
To convert:
http://example.com/articles/some\-stuff/23 to http://example.com/articles.php?id=23
.TP
Use:
articles/[\ew\-]+/(\ed+):articles.php?id=\e1
.TP
\fB\-\-scope\-dom\-depth\-limit\fR LIMIT
How deep to go into the DOM tree of each page, for pages with JavaScript code.
.TP
(Default: 5)
(Setting it to '0' will disable browser analysis.)
.TP
\fB\-\-scope\-dom\-event\-limit\fR LIMIT
How many DOM events to trigger for each DOM depth, for pages with JavaScript code.
.IP
(Default: inf)
.TP
\fB\-\-scope\-https\-only\fR
Forces the system to only follow HTTPS URLs.
(Default: false)
.PP
Audit
.TP
\fB\-\-audit\-links\fR
Audit links.
.TP
\fB\-\-audit\-forms\fR
Audit forms.
.TP
\fB\-\-audit\-cookies\fR
Audit cookies.
.TP
\fB\-\-audit\-cookies\-extensively\fR
Submit all links and forms of the page along with the cookie permutations.
.IP
(*WARNING*: This will severely increase the scan\-time.)
.TP
\fB\-\-audit\-headers\fR
Audit headers.
.TP
\fB\-\-audit\-link\-template\fR TEMPLATE
Regular expression with named captures to use to extract input information from generic paths.
.TP
To extract the 'input1' and 'input2' inputs from:
http://example.com/input1/value1/input2/value2
.TP
Use:
input1/(?<input1>\ew+)/input2/(?<input2>\ew+)
.IP
(Can be used multiple times.)
.TP
\fB\-\-audit\-jsons\fR
Audit JSON request inputs.
.TP
\fB\-\-audit\-xmls\fR
Audit XML request inputs.
.TP
\fB\-\-audit\-ui\-inputs\fR
Audit orphan <input> elements with events.
.TP
\fB\-\-audit\-ui\-forms\fR
Audit UI Forms.
Input and button groups that do not belong to a parent <form> element.
.HP
\fB\-\-audit\-parameter\-names\fR Inject payloads into parameter names.
.TP
\fB\-\-audit\-with\-raw\-payloads\fR
Inject payloads with and without HTTP encoding.
.TP
\fB\-\-audit\-with\-extra\-parameter\fR
Inject payloads into extra element parameters.
.TP
\fB\-\-audit\-with\-both\-methods\fR
Audit elements with both GET and POST requests.
.IP
(*WARNING*: This will severely increase the scan\-time.)
.TP
\fB\-\-audit\-exclude\-vector\fR PATTERN
Exclude input vectors whose name matches PATTERN.
.IP
(Can be used multiple times.)
.TP
\fB\-\-audit\-include\-vector\fR PATTERN
Include only input vectors whose name matches PATTERN.
.IP
(Can be used multiple times.)
.PP
Input
.TP
\fB\-\-input\-value\fR PATTERN:VALUE
PATTERN to match against input names and VALUE to use for them.
.IP
(Can be used multiple times.)
.TP
\fB\-\-input\-values\-file\fR FILE
YAML file containing a Hash object with regular expressions, to match against input names, as keys and input values as values.
.TP
\fB\-\-input\-without\-defaults\fR
Do not use the system default input values.
.TP
\fB\-\-input\-force\fR
Fill\-in even non\-empty inputs.
.PP
HTTP
.TP
\fB\-\-http\-user\-agent\fR USER_AGENT
Value for the 'User\-Agent' HTTP request header.
.IP
(Default: Arachni/v1.5.1)
.TP
\fB\-\-http\-request\-concurrency\fR MAX_CONCURRENCY
Maximum HTTP request concurrency.
.TP
(Default: 20)
(Be careful not to kill your server.)
(*NOTE*: If your scan seems unresponsive try lowering the limit.)
.TP
\fB\-\-http\-request\-timeout\fR TIMEOUT
HTTP request timeout in milliseconds.
.IP
(Default: 10000)
.TP
\fB\-\-http\-request\-redirect\-limit\fR LIMIT
Maximum amount of redirects to follow for each HTTP request.
.IP
(Default: 5)
.TP
\fB\-\-http\-request\-queue\-size\fR QUEUE_SIZE
Maximum amount of requests to keep in the queue.
.TP
Bigger size means better scheduling and better performance,
smaller means less RAM consumption.
(Default: 100)
.TP
\fB\-\-http\-request\-header\fR NAME=VALUE
Specify custom headers to be included in the HTTP requests.
.IP
(Can be used multiple times.)
.TP
\fB\-\-http\-response\-max\-size\fR LIMIT
Do not download response bodies larger than the specified LIMIT, in bytes.
.IP
(Default: 500000)
.TP
\fB\-\-http\-cookie\-jar\fR COOKIE_JAR_FILE
Netscape\-styled HTTP cookiejar file.
.TP
\fB\-\-http\-cookie\-string\fR COOKIE
Cookie representation as a 'Set\-Cookie' HTTP response header.
.IP
Example: my_cookie=my_value; Path=/, other_cookie=other_value; Path=/test
.TP
\fB\-\-http\-authentication\-username\fR USERNAME
Username for HTTP authentication.
.TP
\fB\-\-http\-authentication\-password\fR PASSWORD
Password for HTTP authentication.
.TP
\fB\-\-http\-authentication\-type\fR auto,basic,digest,digest_ie,negotiate,ntlm
HTTP authentication type.
.IP
(Default: auto)
.TP
\fB\-\-http\-proxy\fR ADDRESS:PORT
Proxy to use.
.TP
\fB\-\-http\-proxy\-authentication\fR USERNAME:PASSWORD
Proxy authentication credentials.
.TP
\fB\-\-http\-proxy\-type\fR http,http_1_0,socks4,socks4a,socks5,socks5h
Proxy type.
.IP
(Default: auto)
.TP
\fB\-\-http\-ssl\-verify\-peer\fR
Verify SSL peer.
(Default: false)
.TP
\fB\-\-http\-ssl\-verify\-host\fR
Verify SSL host.
(Default: false)
.TP
\fB\-\-http\-ssl\-certificate\fR PATH
SSL certificate to use.
.TP
\fB\-\-http\-ssl\-certificate\-type\fR pem,der
SSL certificate type.
.TP
\fB\-\-http\-ssl\-key\fR PATH
SSL private key to use.
.TP
\fB\-\-http\-ssl\-key\-type\fR pem,der
SSL key type.
.TP
\fB\-\-http\-ssl\-key\-password\fR PASSWORD
Password for the SSL private key.
.TP
\fB\-\-http\-ssl\-ca\fR PATH
File holding one or more certificates with which to verify the peer.
.TP
\fB\-\-http\-ssl\-ca\-directory\fR PATH
Directory holding multiple certificate files with which to verify the peer.
.TP
\fB\-\-http\-ssl\-version\fR TLSv1,TLSv1_0,TLSv1_1,TLSv1_2,SSLv2,SSLv3
SSL version to use.
.PP
Checks
.TP
\fB\-\-checks\-list\fR [GLOB]
List available checks based on the provided glob.
(If no glob is provided all checks will be listed.)
.TP
\fB\-\-checks\fR CHECK,CHECK2,...
Comma separated list of checks to load.
.TP
Checks are referenced by their filename without the '.rb' extension, use '\-\-checks\-list' to list all.
Use '*' as a check name to load all checks or as a wildcard, like so:
.TP
xss*
to load all XSS checks
.TP
sql_injection*
to load all SQL injection checks
.IP
etc.
.TP
You can exclude checks by prefixing their name with a minus sign:
\fB\-\-checks=\fR*,\-backup_files,\-xss
.IP
The above will load all checks except for the 'backup_files' and 'xss' checks.
.TP
Or mix and match:
\fB\-xss\fR* to unload all XSS checks.
.PP
Plugins
.TP
\fB\-\-plugins\-list\fR [GLOB]
List available plugins based on the provided glob.
(If no glob is provided all plugins will be listed.)
.TP
\fB\-\-plugin\fR 'PLUGIN:OPTION=VALUE,OPTION2=VALUE2'
PLUGIN is the name of the plugin as displayed by '\-\-plugins\-list'.
.TP
(Plugins are referenced by their filename without the '.rb' extension, use '\-\-plugins\-list' to list all.)
(Can be used multiple times.)
.PP
Platforms
.TP
\fB\-\-platforms\-list\fR
List available platforms.
.TP
\fB\-\-platforms\-no\-fingerprinting\fR
Disable platform fingerprinting.
.TP
(By default, the system will try to identify the deployed server\-side platforms automatically
in order to avoid sending irrelevant payloads.)
.TP
\fB\-\-platforms\fR PLATFORM,PLATFORM2,...
Comma separated list of platforms (by shortname) to audit.
.TP
(The given platforms will be used *in addition* to fingerprinting. In order to restrict the audit to
these platforms enable the '\-\-platforms\-no\-fingerprinting' option.)
.PP
Session
.TP
\fB\-\-session\-check\-url\fR URL URL to use to verify that the scanner is still logged in to the web application.
(Requires 'session\-check\-pattern'.)
.TP
\fB\-\-session\-check\-pattern\fR PATTERN
Pattern used against the body of the 'session\-check\-url' to verify that the scanner is still logged in to the web application.
.IP
(Requires 'session\-check\-url'.)
.PP
Profiles
.TP
\fB\-\-profile\-save\-filepath\fR FILEPATH
Save the current configuration profile/options to FILEPATH.
.TP
\fB\-\-profile\-load\-filepath\fR FILEPATH
Load a configuration profile from FILEPATH.
.PP
Browser cluster
.TP
\fB\-\-browser\-cluster\-local\-storage\fR FILE
Sets the browsers' local storage using the JSON data in FILE.
.TP
\fB\-\-browser\-cluster\-wait\-for\-element\fR PATTERN:CSS
Wait for element matching CSS to appear when visiting a page whose URL matches the PATTERN.
.TP
\fB\-\-browser\-cluster\-pool\-size\fR SIZE
Amount of browser workers to keep in the pool and put to work.
.IP
(Default: 6)
.TP
\fB\-\-browser\-cluster\-job\-timeout\fR SECONDS
Maximum allowed time for each job.
.IP
(Default: 10)
.TP
\fB\-\-browser\-cluster\-worker\-time\-to\-live\fR LIMIT
Re\-spawn the browser of each worker every LIMIT jobs.
.IP
(Default: 100)
.TP
\fB\-\-browser\-cluster\-ignore\-images\fR
Do not load images.
.TP
\fB\-\-browser\-cluster\-screen\-width\fR
Browser screen width.
.IP
(Default: 1600)
.TP
\fB\-\-browser\-cluster\-screen\-height\fR
Browser screen height.
.IP
(Default: 1200)
.PP
Distribution
.TP
\fB\-\-dispatcher\-url\fR HOST:PORT
Dispatcher server to use.
.TP
\fB\-\-spawns\fR SPAWNS
How many slaves to spawn for a high\-performance mult\-Instance scan.
(When no grid mode has been specified, all slaves will all be from the same Dispatcher machine.
When a grid\-mode has been specified, this option will be treated as a possible maximum and
not a hard value.)
.TP
\fB\-\-grid\-mode\fR balance,aggregate
Sets the Grid mode of operation for this scan.
.TP
Valid modes are:
* balance \fB\-\-\fR Slaves will be provided by the least burdened Grid Dispatchers.
* aggregate \fB\-\-\fR In addition to balancing, slaves will all be from Dispatchers
.IP
with unique bandwidth Pipe\-IDs to result in application\-level line\-aggregation.
.TP
\fB\-\-grid\fR
Shorthand for '\-\-grid\-mode=balance'.
.PP
SSL
.TP
\fB\-\-ssl\-ca\fR FILE
Location of the CA certificate (.pem).
.TP
\fB\-\-ssl\-private\-key\fR FILE
Location of the client SSL private key (.pem).
.TP
\fB\-\-ssl\-certificate\fR FILE
Location of the client SSL certificate (.pem).
.PP
Report
.TP
\fB\-\-report\-save\-path\fR PATH Directory or file path where to store the scan report.
You can use the generated file to create reports in several formats with the 'arachni_reporter' executable.
.PP
Timeout
.TP
\fB\-\-timeout\fR HOURS:MINUTES:SECONDS
Stop the scan after the given duration is exceeded.
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
Arachni 1.5.1 (ruby 2.2.3p173) [x86_64\-linux]
.SH "SEE ALSO"
The full documentation for
.B Arachni
is maintained as a Texinfo manual. If the
.B info
and
.B Arachni
programs are properly installed at your site, the command
.IP
.B info Arachni
.PP
should give you access to the complete manual.

126
net-analyzer/arachni-bin/files/man/arachni_rpcd.1
View file

@ -1,126 +0,0 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
.TH ARACHNI "1" "May 2019" "Arachni - Web Application Security Scanner Framework v1.5.1" "User Commands"
.SH NAME
Arachni \- manual page for Arachni - Web Application Security Scanner Framework v1.5.1
.SH SYNOPSIS
.B arachni_rpcd
[\fI\,options\/\fR]
.SH DESCRIPTION
Arachni \- Web Application Security Scanner Framework v1.5.1
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
Generic
.TP
\fB\-h\fR, \fB\-\-help\fR
Output this message.
.TP
\fB\-\-version\fR
Show version information.
.PP
Server
.TP
\fB\-\-address\fR ADDRESS
Hostname or IP address to bind to.
(Default: 127.0.0.1)
.TP
\fB\-\-external\-address\fR ADDRESS
Hostname or IP address to advertise.
.IP
(Default: 127.0.0.1)
.TP
\fB\-\-port\fR NUMBER
Port to listen to.
(Default: 7331)
.TP
\fB\-\-port\-range\fR BEGINNING\-END
Specify port range for the spawned RPC instances.
.IP
(Default: 1025\-65535)
.TP
\fB\-\-pool\-size\fR SIZE
How many Instances to have available at any given time.
(Default: 5)
.PP
Output
.TP
\fB\-\-reroute\-to\-logfile\fR
Reroute all output to log\-files under: /opt/arachni\-bin/bin/../system/logs/framework/
.TP
\fB\-\-verbose\fR
Show verbose output.
(Only applicable when '\-\-reroute\-to\-logfile' is enabled.)
.TP
\fB\-\-debug\fR [LEVEL 1\-3]
Show debugging information.
(Only applicable when '\-\-reroute\-to\-logfile' is enabled.)
.TP
\fB\-\-only\-positives\fR
Only output positive results.
(Only applicable when '\-\-reroute\-to\-logfile' is enabled.)
.PP
Grid
.TP
\fB\-\-neighbour\fR URL
URL of a neighbouring Dispatcher.
.TP
\fB\-\-weight\fR FLOAT
Weight of this node.
.TP
\fB\-\-pipe\-id\fR ID
Identifier for the attached bandwidth pipe.
.TP
\fB\-\-nickname\fR NAME
Nickname for this Dispatcher.
.PP
SSL
.TP
\fB\-\-ssl\-ca\fR FILE
Location of the CA certificate (.pem).
.TP
\fB\-\-server\-ssl\-private\-key\fR FILE
Location of the server SSL private key (.pem).
.TP
\fB\-\-server\-ssl\-certificate\fR FILE
Location of the server SSL certificate (.pem).
.TP
\fB\-\-client\-ssl\-private\-key\fR FILE
Location of the client SSL private key (.pem).
.TP
\fB\-\-client\-ssl\-certificate\fR FILE
Location of the client SSL certificate (.pem).
.PP
Snapshot
.TP
\fB\-\-snapshot\-save\-path\fR DIRECTORY
Directory under which to store snapshots of suspended scans.
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
Arachni 1.5.1 (ruby 2.2.3p173) [x86_64\-linux]
.SH "SEE ALSO"
The full documentation for
.B Arachni
is maintained as a Texinfo manual. If the
.B info
and
.B Arachni
programs are properly installed at your site, the command
.IP
.B info Arachni
.PP
should give you access to the complete manual.

60
net-analyzer/arachni-bin/files/man/arachni_rpcd_monitor.1
View file

@ -1,60 +0,0 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
.TH ARACHNI "1" "May 2019" "Arachni - Web Application Security Scanner Framework v1.5.1" "User Commands"
.SH NAME
Arachni \- manual page for Arachni - Web Application Security Scanner Framework v1.5.1
.SH SYNOPSIS
.B arachni_rpcd_monitor
[\fI\,options\/\fR] \fI\,DISPATCHER_URL\/\fR
.SH DESCRIPTION
Arachni \- Web Application Security Scanner Framework v1.5.1
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
Generic
.TP
\fB\-h\fR, \fB\-\-help\fR
Output this message.
.TP
\fB\-\-version\fR
Show version information.
.PP
SSL
.TP
\fB\-\-ssl\-ca\fR FILE
Location of the CA certificate (.pem).
.TP
\fB\-\-ssl\-private\-key\fR FILE
Location of the client SSL private key (.pem).
.TP
\fB\-\-ssl\-certificate\fR FILE
Location of the client SSL certificate (.pem).
.IP
Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni\-scanner.com>
.IP
(With the support of the community and the Arachni Team.)
.TP
Website:
http://arachni\-scanner.com
.IP
Documentation: http://arachni\-scanner.com/wiki
.PP
Arachni 1.5.1 (ruby 2.2.3p173) [x86_64\-linux]
.SH "SEE ALSO"
The full documentation for
.B Arachni
is maintained as a Texinfo manual. If the
.B info
and
.B Arachni
programs are properly installed at your site, the command
.IP
.B info Arachni
.PP
should give you access to the complete manual.

82
net-analyzer/arachni-bin/files/man/arachni_web.1
View file

@ -1,82 +0,0 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
.TH RACK "1" "May 2019" "Rack 1.3 (Release: 1.6.4)" "User Commands"
.SH NAME
Rack \- manual page for Rack 1.3 (Release: 1.6.4)
.SH SYNOPSIS
.B rackup
[\fI\,ruby options\/\fR] [\fI\,rack options\/\fR] [\fI\,rackup config\/\fR]
.SH DESCRIPTION
.SS "Ruby options:"
.TP
\fB\-e\fR, \fB\-\-eval\fR LINE
evaluate a LINE of code
.TP
\fB\-b\fR BUILDER_LINE,
evaluate a BUILDER_LINE of code as a builder script
.HP
\fB\-\-builder\fR
.TP
\fB\-d\fR, \fB\-\-debug\fR
set debugging flags (set $DEBUG to true)
.TP
\fB\-w\fR, \fB\-\-warn\fR
turn warnings on for your script
.TP
\fB\-q\fR, \fB\-\-quiet\fR
turn off logging
.TP
\fB\-I\fR, \fB\-\-include\fR PATH
specify $LOAD_PATH (may be used more than once)
.TP
\fB\-r\fR, \fB\-\-require\fR LIBRARY
require the library, before executing your script
.SS "Rack options:"
.TP
\fB\-s\fR, \fB\-\-server\fR SERVER
serve using SERVER (thin/puma/webrick/mongrel)
.TP
\fB\-o\fR, \fB\-\-host\fR HOST
listen on HOST (default: localhost)
.TP
\fB\-p\fR, \fB\-\-port\fR PORT
use PORT (default: 9292)
.TP
\fB\-O\fR NAME[=VALUE],
pass VALUE to the server as option NAME. If no VALUE, sets it to true. Run '/opt/arachni\-bin/bin/../system/gems/bin/rackup \fB\-s\fR SERVER \fB\-h\fR' to get a list of options for SERVER
.HP
\fB\-\-option\fR
.TP
\fB\-E\fR, \fB\-\-env\fR ENVIRONMENT
use ENVIRONMENT for defaults (default: development)
.TP
\fB\-D\fR, \fB\-\-daemonize\fR
run daemonized in the background
.TP
\fB\-P\fR, \fB\-\-pid\fR FILE
file to store PID
.SS "Common options:"
.TP
\fB\-h\fR, \-?, \fB\-\-help\fR
Show this message
.TP
\fB\-\-version\fR
Show version
.SS "Server-specific options for Rack::Handler::Puma:"
.TP
\fB\-O\fR Threads=MIN:MAX
min:max threads to use (default 0:16)
.TP
\fB\-O\fR Quiet
Don't report each request
.SH "SEE ALSO"
The full documentation for
.B Rack
is maintained as a Texinfo manual. If the
.B info
and
.B Rack
programs are properly installed at your site, the command
.IP
.B info Rack
.PP
should give you access to the complete manual.

8
net-analyzer/arachni-bin/metadata.xml
View file

@ -1,8 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>email@linxon.ru</email>
<name>Yury Martynov</name>
</maintainer>
</pkgmetadata>