처음에는 헤드리스 브라우저인 phantomjs를 전 테스팅 구간에 사용(아니 왜... 크롤링만 그걸로 하고 일반 스캐너처럼 해도 나쁘지 않을텐데)하기 떄문에 그런줄만 알았는데요, 찾아보디 몇가지 내용이 있어 더 공유드립니다.
Solution1 - Down scan performance
Arachni는 자체적으로 서버에 대한 스트레스 테스트를 진행합니다. 만약 스캔에서 발생하는 요청으로 인해 대상 서버가 느려지는 경우(응답 시간으로 판별) 자체적으로 스캔 쓰레드를 조정하거나 요청을 멈춰버립니다.약한 서버에 돌렸을 때 스캔 시간이 아주 늘어지는 이유이기도 하죠.(또한 앞단에 보안 장비로 인해서 느려질수도 있겠네요)
대게 이런 경우는 단시간에 많은 요청이 발생하기 때문에 그렇습니다. 그래서 오히려 스캔 속도를 조정해주는게 총 스캔 시간에서 이득을 볼 수 있는 방법이라고 합니다.
스캔 시간에 직접 관여되는 것 중 가장 큰건 request-concurrency입니다. 동시에 얼마나 많은 양의 테스트를 할 수 있는지에 대한 항목인데, 오히려 갯수를 줄여서 스캔 퍼포먼스를 줄여서 서버의 스트레스를 낮춰 전체 스캔 시간에서 이득을 볼 수 있습니다. 물론 이 방법은 대상 서버가 스트레스를 받아서 Arachni의 자체적인 속도 타협으로 인해 스캔 시간이 늘어지는 걸 막을 때 사용합니다. (보통은 퍼포먼스가 더 줄겠죠)
Default: 20
command line
--http-request-concurrency=10
REST API
{
"http-request-concurrency":"10",
....
}
Solution2 - 스캔 항목 타협
Arachni는 기본 옵션으로 모든 스캔 항목에 대해 테스트를 진행합니다. 가장 좋은 결과를 얻을 순 있지만, 스캔 속도에 막대한 영향을 끼칩니다.조정이 가능하다면 적절히 타협봐서 사용하는게 속도를 늘리는 좋은 방법입니다.
Default: *
command line
-checks=*,-common_*,-backup_*,-backdoors
REST API
{
"checks":"*,-xss,csrf"
}
다만 아쉬운점이 있다면 보편적인 스캐너 입장에선 뺄만한게 없습니다.[ check list ]
[*] session_fixation: -------------------- Name: Session fixation Description: Checks whether or not the session cookie can be set to an arbitrary value. Severity: High Elements: form, link, link_template Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.2 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/session_fixation.rb [*] unvalidated_redirect: -------------------- Name: Unvalidated redirect Description: Injects URLs and checks the `Location` HTTP response header field and/or browser URL to determine whether the attack was successful. Severity: Medium Elements: link, form, cookie, header, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.5 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/unvalidated_redirect.rb [*] no_sql_injection: -------------------- Name: NoSQL Injection Description: NoSQL injection check, uses known DB errors to identify vulnerabilities. Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/no_sql_injection.rb [*] xss_path: -------------------- Name: XSS in path Description: Cross-Site Scripting check for path injection Severity: High Elements: path Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.11 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss_path.rb [*] xss_event: -------------------- Name: XSS in HTML element event attribute Description: Cross-Site Scripting in event tag of HTML element. Severity: High Elements: form, link, cookie, header Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.9 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss_event.rb [*] code_injection_timing: -------------------- Name: Code injection (timing) Description: Injects code snippets and assess whether or not the injection was successful using a time delay. Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.3.2 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/code_injection_timing.rb [*] xss_dom: -------------------- Name: DOM XSS Description: Injects an HTML element into page DOM inputs and then parses the HTML markup of tainted responses to look for proof of vulnerability. Severity: High Elements: link_dom, form_dom, cookie_dom, link_template_dom, ui_input_dom, ui_form_dom Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.4 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss_dom.rb [*] xss_tag: -------------------- Name: XSS in HTML tag Description: Cross-Site Scripting in HTML tag. Severity: High Elements: form, link, cookie, header Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.11 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss_tag.rb [*] csrf: -------------------- Name: CSRF Description: It uses differential analysis to determine which forms affect business logic and checks them for lack of anti-CSRF tokens. (Works best with a valid session.) Severity: High Elements: form Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.4 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/csrf.rb [*] sql_injection_timing: -------------------- Name: Blind SQL injection (timing attack) Description: Blind SQL Injection check using timing attacks. Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.3.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/sql_injection_timing.rb [*] source_code_disclosure: -------------------- Name: Source code disclosure Description: It tries to identify whether or not the web application can be forced to reveal source code. Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.4 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/source_code_disclosure.rb [*] xpath_injection: -------------------- Name: XPath Injection Description: XPath injection check Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.6 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xpath_injection.rb [*] xss_dom_script_context: -------------------- Name: DOM XSS in script context Description: Injects JS taint code and checks to see if it gets executed as proof of vulnerability. Severity: High Elements: link_dom, form_dom, cookie_dom, link_template_dom, ui_input_dom, ui_form_dom Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.2 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss_dom_script_context.rb [*] os_cmd_injection: -------------------- Name: OS command injection Description: Tries to find Operating System command injections. Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.6 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/os_cmd_injection.rb [*] os_cmd_injection_timing: -------------------- Name: OS command injection (timing) Description: Tries to find operating system command injections using timing attacks. Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.3.2 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/os_cmd_injection_timing.rb [*] rfi: -------------------- Name: Remote File Inclusion Description: Injects a remote URL in all available inputs and checks for relevant content in the HTTP response body. Severity: High Elements: link, form, cookie, header, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.3.2 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/rfi.rb [*] response_splitting: -------------------- Name: Response Splitting Description: Injects arbitrary and checks if any of them end up in the response header. Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/response_splitting.rb [*] xss_script_context: -------------------- Name: XSS in script context Description: Injects JS taint code and check to see if it gets executed as proof of vulnerability. Severity: High Elements: form, link, cookie, header, link_template Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.5 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss_script_context.rb [*] xss: -------------------- Name: XSS Description: Injects an HTML element into page inputs and then parses the HTML markup of tainted responses to look for proof of vulnerability. Severity: High Elements: form, link, cookie, header, link_template Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.4.9 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss.rb [*] xxe: -------------------- Name: XML External Entity Description: Injects a custom External Entity into XML documents prior to submitting them and determines the existence of a vulnerability by checking whether that entity was processed based on the resulting HTTP response. Severity: High Elements: xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.2 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xxe.rb [*] no_sql_injection_differential: -------------------- Name: Blind NoSQL Injection (differential analysis) Description: It uses differential analysis to determine how different inputs affect the behavior of the web application and checks if the displayed behavior is consistent with that of a vulnerable application. Severity: High Elements: link, form, cookie Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.2 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/no_sql_injection_differential.rb [*] file_inclusion: -------------------- Name: File Inclusion Description: Injects paths of common files (like `/etc/passwd` and `boot.ini`) and evaluates the existence of a file inclusion vulnerability based on the presence of relevant content or errors in the HTTP response body. Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.7 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/file_inclusion.rb [*] code_injection_php_input_wrapper: -------------------- Name: Code injection (php://input wrapper) Description: Injects PHP code into the HTTP request body and uses the `php://input` wrapper to try and load it. Severity: High Elements: form, link, cookie, header Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/code_injection_php_input_wrapper.rb [*] sql_injection_differential: -------------------- Name: Blind SQL Injection (differential analysis) Description: It uses differential analysis to determine how different inputs affect behavior of the web application and checks if the displayed behavior is consistent with that of a vulnerable application. Severity: High Elements: link, form, cookie Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.4.4 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/sql_injection_differential.rb [*] path_traversal: -------------------- Name: Path Traversal Description: It injects paths of common files ( like `/etc/passwd` and `boot.ini`) and evaluates the existence of a path traversal vulnerability based on the presence of relevant content in the HTML responses. Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.4.8 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/path_traversal.rb [*] unvalidated_redirect_dom: -------------------- Name: Unvalidated DOM redirect Description: Injects URLs and checks the browser URL to determine whether the attack was successful. Severity: High Elements: link_dom, form_dom, cookie_dom, ui_form_dom Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/unvalidated_redirect_dom.rb [*] sql_injection: -------------------- Name: SQL Injection Description: SQL injection check, uses known SQL DB errors to identify vulnerabilities. Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/sql_injection.rb [*] code_injection: -------------------- Name: Code injection Description: Injects code snippets and assess whether or not execution was successful. Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.5 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/code_injection.rb [*] ldap_injection: -------------------- Name: LDAPInjection Description: It tries to force the web application to return LDAP error messages, in order to discover failures in user input validation. Severity: High Elements: link, form, cookie, header, link_template, json, xml Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.4 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/ldap_injection.rb [*] trainer: -------------------- Name: Trainer Description: Pokes and probes all inputs of a given page in order to uncover new input vectors. It also forces Arachni to train itself by analyzing the server responses. Elements: form, link, cookie, header Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.5 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/trainer.rb [*] password_autocomplete: -------------------- Name: Password field with auto-complete Description: Greps pages for forms which have password fields without explicitly disabling auto-complete. Severity: Low Elements: form Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.3.1 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/password_autocomplete.rb [*] cookie_set_for_parent_domain: -------------------- Name: Cookie set for parent domain Description: Logs cookies that are accessible by all subdomains. Severity: Informational Elements: cookie Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.2 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/cookie_set_for_parent_domain.rb [*] mixed_resource: -------------------- Name: Mixed Resource Description: Looks for resources served over HTTP when the HTML code is server over HTTPS. Severity: Medium Elements: body Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.5 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/mixed_resource.rb [*] private_ip: -------------------- Name: Private IP address finder Description: Scans pages for private IP addresses. Severity: Low Elements: body, header Author: Tasos Laskos <tasos.laskos@arachni-scanner.com> Version: 0.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/private_ip.rb [*] insecure_cors_policy: -------------------- Name: Insecure CORS policy Description: Checks the host for a wildcard (`*`) `Access-Control-Allow-Origin` header. Severity: Low Elements: server Author: Tasos Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.1 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/insecure_cors_policy.rb [*] hsts: -------------------- Name: HTTP Strict Transport Security Description: Checks HTTPS pages for missing `Strict-Transport-Security` headers. Severity: Medium Elements: server Author: Tasos Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/hsts.rb [*] form_upload: -------------------- Name: Form-based File Upload Description: Logs upload forms which require manual testing. Severity: Informational Elements: form Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/form_upload.rb [*] http_only_cookies: -------------------- Name: HttpOnly cookies Description: Logs cookies that are accessible via JavaScript. Severity: Informational Elements: cookie Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.5 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/http_only_cookies.rb [*] insecure_cookies: -------------------- Name: Insecure cookies Description: Logs cookies that are served over an encrypted channel but without having the `secure` flag set. Severity: Informational Elements: cookie Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.5 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/insecure_cookies.rb [*] x_frame_options: -------------------- Name: Missing X-Frame-Options header Description: Checks the host for a missing `X-Frame-Options` header. Severity: Low Elements: server Author: Tasos Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.2 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/x_frame_options.rb [*] cvs_svn_users: -------------------- Name: CVS/SVN users Description: Scans every page for CVS/SVN users. Severity: Low Elements: body Author: Tasos Laskos <tasos.laskos@arachni-scanner.com> Version: 0.3.1 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/cvs_svn_users.rb [*] unencrypted_password_forms: -------------------- Name: Unencrypted password forms Description: Looks for password inputs that don't submit data over an encrypted channel (HTTPS). Severity: Medium Elements: form Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.2 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/unencrypted_password_forms.rb [*] html_objects: -------------------- Name: HTML objects Description: Logs the existence of HTML object tags. Since Arachni can't execute things like Java Applets and Flash this serves as a heads-up to the penetration tester to review the objects in question using a different method. Severity: Informational Elements: body Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.4 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/html_objects.rb [*] ssn: -------------------- Name: SSN Description: Greps pages for disclosed US Social Security Numbers. Severity: High Elements: body Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>, haliphax Version: 0.1.4 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/ssn.rb [*] emails: -------------------- Name: E-mail address Description: Greps pages for disclosed e-mail addresses. Severity: Informational Elements: body Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/emails.rb [*] credit_card: -------------------- Name: Credit card number disclosure Description: Scans pages for credit card numbers. Severity: Medium Elements: body Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.4 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/credit_card.rb [*] captcha: -------------------- Name: CAPTCHA Description: Greps pages for forms with CAPTCHAs. Severity: Informational Elements: form Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.2 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/captcha.rb [*] backdoors: -------------------- Name: Backdoors Description: Tries to find common backdoors on the server. Severity: High Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.6 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/backdoors.rb [*] allowed_methods: -------------------- Name: Allowed methods Description: Checks for supported HTTP methods. Severity: Informational Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/allowed_methods.rb [*] htaccess_limit: -------------------- Name: .htaccess LIMIT misconfiguration Description: Checks for misconfiguration in LIMIT directives that blocks GET requests but allows POST. Severity: High Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.7 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/htaccess_limit.rb [*] xst: -------------------- Name: XST Description: Sends an HTTP TRACE request and checks if it succeeded. Severity: Medium Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.8 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/xst.rb [*] directory_listing: -------------------- Name: Directory listing Description: Tries to force directory listings. Severity: Low Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.7 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/directory_listing.rb [*] http_put: -------------------- Name: HTTP PUT Description: Checks if uploading files is possible using the HTTP PUT method. Severity: High Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/http_put.rb [*] insecure_client_access_policy: -------------------- Name: Insecure client-access policy Description: Checks `clientaccesspolicy.xml` files for wildcard domain policies. Severity: Low Elements: server Author: Tasos Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/insecure_client_access_policy.rb [*] webdav: -------------------- Name: WebDAV Description: Checks for WebDAV enabled directories. Severity: Informational Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.5 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/webdav.rb [*] common_files: -------------------- Name: Common files Description: Tries to find common sensitive files on the server. Severity: Low Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.4 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/common_files.rb [*] insecure_cross_domain_policy_headers: -------------------- Name: Insecure cross-domain policy (allow-http-request-headers-from) Description: Checks `crossdomain.xml` files for wildcard `allow-http-request-headers-from` policies. Severity: Low Elements: server Author: Tasos Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/insecure_cross_domain_policy_headers.rb [*] localstart_asp: -------------------- Name: localstart.asp Description: Checks for localstart.asp. Severity: Low Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/localstart_asp.rb [*] interesting_responses: -------------------- Name: Interesting responses Description: Logs all non 200 (OK) server responses. Severity: Informational Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.1 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/interesting_responses.rb [*] backup_directories: -------------------- Name: Backup directories Description: Tries to find backed-up directories. Severity: Medium Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/backup_directories.rb [*] origin_spoof_access_restriction_bypass: -------------------- Name: Origin Spoof Access Restriction Bypass Description: Retries denied requests with a spoofed origin header to trick the web application into thinking that the request originated from localhost and checks whether the restrictions was bypassed. Severity: High Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/origin_spoof_access_restriction_bypass.rb [*] common_admin_interfaces: -------------------- Name: Common administration interfaces Description: Tries to find common admin interfaces on the server. Severity: Low Elements: server Author: Brendan Coles <bcoles@gmail.com>, Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1.1 References: [~] Apache.org http://httpd.apache.org/docs/2.0/mod/mod_access.html [~] WASC http://projects.webappsec.org/w/page/13246953/Predictable%20Resource%20Location Targets: [~] Generic Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/common_admin_interfaces.rb [*] common_directories: -------------------- Name: Common directories Description: Tries to find common directories on the server. Severity: Medium Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.2.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/common_directories.rb [*] backup_files: -------------------- Name: Backup files Description: Tries to identify backup files. Severity: Medium Elements: server Author: Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> Version: 0.3.3 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/backup_files.rb [*] insecure_cross_domain_policy_access: -------------------- Name: Insecure cross-domain policy (allow-access-from) Description: Checks `crossdomain.xml` files for `allow-access-from` wildcard policies. Severity: Low Elements: server Author: Tasos Laskos <tasos.laskos@arachni-scanner.com> Version: 0.1 Path: /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/insecure_cross_domain_policy_access.rb
Solution3 - phantomjs(Browser cluster), 자잘한 옵션 조정
위에서 가장 먼저 이야기드렸지만, 헤드리스 브라우저를 이용해서 Request/Response 테스트를 진행하기 때문에 다르 스캐너보다 느릴 수 밖에 없습니다.따지고 보면 가상의 브라우저가 각 웹 페이지를 랜더링 하면서 테스트한다고 생각하면 되니 당연한 결과겠지요.
가장 현실적인 대안인데요, 전체적인 스캔 퍼포먼스를 조절하는게 아닌 테스팅을 하는 각 모듈에 대한 항목을 조정하는 방법이 있습니다.
Browser cluster 관련 항목쪽은 헤드리스 브라우저에서 테스트하는 옵션을 조정할 수 있어 브라우저의 갯수를 늘리고 분석 Detph를 낮추면 속도면에서 많이 타협볼 수 있을 것 같습니다.
그리고.. 이외에도 redirection 갯수, timtout 시간 등을 조정해서 속도를 좀 더 빠르게 떙겨볼 수 있습니다.
Reference
http://support.arachni-scanner.com/kb/general-use/optimizing-for-faster-scans
 |
HAHWULSecurity engineer, Gopher and H4cker!
 |
추가로 생각난 방법 중 하난, timeout 줄이고 코드단에서 스트레스 테스트 부분 못돌게 처리하는 방법도 있을 것 같네요
ReplyDelete(뭐가 정답일지는 모르니 혹여나 Arachni 사용하신다면 잘 고민해보시는게 좋을듯합니다)