Skip to content

Feature/rate limit #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MartinLang1 merged 3 commits into from
Nov 22, 2018
Merged

Feature/rate limit #60

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f381839
adjusted arachni-bodgeit-example fo rate limit documentation
Nov 19, 2018
bbaa44f
Removed .idea files and add them to gitignore
Nov 19, 2018
4e65375
split documentation of arachni-bodgeit-example into test and full config
Nov 19, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
**.iml
.DS_Store
.DS_Store
.idea
60 changes: 44 additions & 16 deletions docs/user-guide/usage-examples/arachni-bodgeit-example.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,7 @@ In this example we'll be using Arachni controlled by the secureCodeBox to scan f

## Testing the setup

This is a straight forward configuration.
This configuration could be improved by configuring a login method for the scanner.
This is a straight forward configuration by simply configuring the target.

### Start the scan via HTTP API

Expand All @@ -22,26 +21,55 @@ This configuration could be improved by configuring a login method for the scann

`run_scanner.sh --payload payloadFile.json arachni`

### Payload
### Test Payload

```json
[
{
"name": "Arachni BodgeIt Scan",
"location": "http://bodgeit:8080/bodgeit/",
"attributes": {
"ARACHNI_DOM_DEPTH_LIMIT": 15,
"ARACHNI_DIR_DEPTH_LIMIT": 5,
"ARACHNI_PAGE_LIMIT": 50,
"ARACHNI_EXCLUDE_PATTERNS": [
".*\\.png",
".*util\\.js",
".*style\\.css"
],
"ARACHNI_SCAN_METHODS": "*"
}
"location": "http://bodgeit:8080/bodgeit/",
"name": "Arachni BodgeIt Scan"
}
]
```
This scan should finish in about a minute and should return a couple of findings.

## Full Scan

The following example contains a fully configured Arachni Scan for the BodgeIt Store. This can be improved by
configuring login credentials and/or providing a login script.

### Start the scan via HTTP API

`PUT http://localhost:8080/box/processes/arachni_webapplicationscan`

### Start the scan via CLI

`run_scanner.sh --payload payloadFile.json arachni`

### Full Payload
```json
[
{
"location": "http://bodgeit:8080/bodgeit/",
"name": "Arachni BodgeIt Scan",
"attributes": {
"ARACHNI_DOM_DEPTH_LIMIT": 15,
"ARACHNI_DIR_DEPTH_LIMIT": 5,
"ARACHNI_PAGE_LIMIT": 50,
"ARACHNI_EXCLUDE_PATTERNS": [
".*\\.png",
".*util\\.js",
".*style\\.css"
],
"ARACHNI_SCAN_METHODS": "*",
"ARACHNI_REQUESTS_PER_SECOND": 20,
"ARACHNI_POOL_SIZE": 6,
"ARACHNI_REQUEST_CONCURRENCY": 20
}
Copy link
Copy Markdown
Contributor

@MartinLang1 MartinLang1 Nov 19, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should provide to different examples, one with a minimal configuration and one with a full configuration containing rate-limits, etc. Similar to the ZAP example documentation.

}
]
```
This scan should finish in about a minute and should return a couple of findings.