Aug 052011
 

Here is a simple installer script for arachni for backtrack 5.  It clones the git directory and builds from source.

#!/bin/bash
 
# Ed Wiget <security at rhpstudios dot com>
# Install arachni
# 20110801 - Initial script
 
sudo apt-get install libxml2-dev libxslt1-dev libcurl4-openssl-dev libsqlite3-dev
cd /pentest/enumeration
sudo git clone git://github.com/Zapotek/arachni.git arachni
cd arachni
sudo rake install

And this is a script I use to audit multiple domains from a list, 1 domain per line

#!/bin/bash
 
# By Ed Wiget < ewiget at  >
# This reads a list of domains, 1 per line, and performs a full arachni audit
# 20110804 - Initial script
 
# enable next line for debugging
#set -x
 
#####################################################################
############# USER  CONFIG VARIABLES BELOW LOGGING START ############
#####################################################################
#
#####################################################################
## set basedir and ctime because both required by logging
## set the current time and is used for consistency
#####################################################################                                                                                                                                      
emails=you@yourdomain.com
ctime=`date +%Y%m%%H%M%S`                          
basedir=~/                                     
logdir=${basedir}installs
diags=${basedir}diags                                                                                                                                                                             
scriptname=eds_audit                                                                                                                                                                                       
mkdir -p ${logdir}                                                                                                                                                                                         
mkdir -p ${diags}                                                                                                                                                                                          
 
#####################################################################                                                                                                                                      
## Set up logging the correct way
#####################################################################
BUILD_LOG=${logdir}/`hostname | awk -F. '{print$1}'`-${ctime}.${scriptname}.log
BUILD_PIPE=${logdir}/${scriptname}.pipe
if [ ! -e ${BUILD_PIPE} ]; then
    mkfifo ${BUILD_PIPE}
fi
if [ -e ${BUILD_LOG} ]; then
    rm ${BUILD_LOG}
fi
exec 3>&1 4>&2
tee ${BUILD_LOG} < ${BUILD_PIPE} >&3 &
tpid=$!
exec > ${BUILD_PIPE} 2>&1
#####################################################################
#####################################################################
 
echo -e "What is the server being audited? This determines path used in logs\n\tEx. web01\n\t would be /pentest/client-audits/web01/"
read SVR_TO_AUDIT
 
CLIENT_PATH=/pentest/client-audits
 
if [ ! -d ${CLIENT_PATH} ];
  then
    mkdir -p ${CLIENT_PATH}
fi
 
if [ ! -d ${CLIENT_PATH}/${SVR_TO_AUDIT} ];
  then
    mkdir -p ${CLIENT_PATH}/${SVR_TO_AUDIT}
fi
 
# domain list
echo -e "Enter the full path to the list of domains 1 per line\n\tEx. /pentest/client-audits/web01/web01-to-audit-20110707.txt"
read DOMS_TO_AUDIT
 
# this makes sure arachni is update to date
echo "updating arachni....this may take a while"
cd /pentest/enumeration
sudo git clone git://github.com/Zapotek/arachni.git arachni
cd /pentest/enumeration/arachni
sudo rake install
echo "arachni is now up to date"
 
for dom in `cat ${DOMS_TO_AUDIT}`
do
echo ${dom}
# this does the audit with verbose to arachni report file
arachni -fv http://${dom} --report=afr:outfile=${CLIENT_PATH}/${SVR_TO_AUDIT}/${dom}-`date +%Y%m%d`.com.afr
# this converts the verbose file to the report
arachni --repload=${CLIENT_PATH}/${SVR_TO_AUDIT}/${dom}-`date +%Y%m%d`.com.afr --report=html:outfile=${CLIENT_PATH}/${SVR_TO_AUDIT}/${dom}-`date +%Y%m%d`.arachni_report.html
done
 
###########################################################################
## LOGGING CLEANUP
###########################################################################
 
# 1>&3 and 2>&4 restore the original file descriptors for stdout and 
# stderr from file descriptors 3 and 4.
 
# 3>&~ 4>&~: now that they are not needed, close file descriptors 3 and 4
 
exec 1>&3 3>&- 2>&4 4>&-
 
# waits on the tee pid to die before continuing
 
wait ${tpid}
 
# remove the named pipe which is no longer needed
sleep 5
rm ${BUILD_PIPE}
 
##############################################################################
## MAIL REPORT
##############################################################################
echo -e "using mutt to send log to ${emails}"
# gentoo and arch require the -- before $emails while redhat / centos do not
mutt -s "audit log for ${SVR_TO_AUDIT}" -a ${BUILD_LOG}  -- ${emails} < /dev/null

This site uses Akismet to reduce spam. Learn how your comment data is processed.