ÈÐ Wïgê† Ðð† ñåmê

ïñ£ð§ê¢, ïñ£ðrmå†ïðñ §ê¢µr, Ðïgï†ål £ðrêñ§ï¢§, hå¢kïñg, §¥§†êm åÐmïñ阮rå†ïðñ, lïñµx ßlðg

ßå¢k†rå¢k: ߆5 årå¢hñï ïñ§†ållêr åñÐ åµÐï† §¢rïþ†§

, , , ,

Here is a simple installer script for arachni for backtrack 5.  It clones the git directory and builds from source.

[codesyntax lang=”bash”]

#!/bin/bash

# Ed Wiget <security at rhpstudios dot com>
# Install arachni
# 20110801 - Initial script

sudo apt-get install libxml2-dev libxslt1-dev libcurl4-openssl-dev libsqlite3-dev
cd /pentest/enumeration
sudo git clone git://github.com/Zapotek/arachni.git arachni
cd arachni
sudo rake install

[/codesyntax]

And this is a script I use to audit multiple domains from a list, 1 domain per line

[codesyntax lang=”bash”]

#!/bin/bash

# By Ed Wiget < ewiget at  >
# This reads a list of domains, 1 per line, and performs a full arachni audit
# 20110804 - Initial script

# enable next line for debugging
#set -x

#####################################################################
############# USER  CONFIG VARIABLES BELOW LOGGING START ############
#####################################################################
#
#####################################################################
## set basedir and ctime because both required by logging
## set the current time and is used for consistency
#####################################################################                                                                                                                                      
[email protected]
ctime=`date +%Y%m%%H%M%S`                          
basedir=~/                                     
logdir=${basedir}installs
diags=${basedir}diags                                                                                                                                                                             
scriptname=eds_audit                                                                                                                                                                                       
mkdir -p ${logdir}                                                                                                                                                                                         
mkdir -p ${diags}                                                                                                                                                                                          

#####################################################################                                                                                                                                      
## Set up logging the correct way
#####################################################################
BUILD_LOG=${logdir}/`hostname | awk -F. '{print$1}'`-${ctime}.${scriptname}.log
BUILD_PIPE=${logdir}/${scriptname}.pipe
if [ ! -e ${BUILD_PIPE} ]; then
    mkfifo ${BUILD_PIPE}
fi
if [ -e ${BUILD_LOG} ]; then
    rm ${BUILD_LOG}
fi
exec 3>&1 4>&2
tee ${BUILD_LOG} < ${BUILD_PIPE} >&3 &
tpid=$!
exec > ${BUILD_PIPE} 2>&1
#####################################################################
#####################################################################

echo -e "What is the server being audited? This determines path used in logs\n\tEx. web01\n\t would be /pentest/client-audits/web01/"
read SVR_TO_AUDIT

CLIENT_PATH=/pentest/client-audits

if [ ! -d ${CLIENT_PATH} ];
  then
    mkdir -p ${CLIENT_PATH}
fi

if [ ! -d ${CLIENT_PATH}/${SVR_TO_AUDIT} ];
  then
    mkdir -p ${CLIENT_PATH}/${SVR_TO_AUDIT}
fi

# domain list
echo -e "Enter the full path to the list of domains 1 per line\n\tEx. /pentest/client-audits/web01/web01-to-audit-20110707.txt"
read DOMS_TO_AUDIT

# this makes sure arachni is update to date
echo "updating arachni....this may take a while"
cd /pentest/enumeration
sudo git clone git://github.com/Zapotek/arachni.git arachni
cd /pentest/enumeration/arachni
sudo rake install
echo "arachni is now up to date"

for dom in `cat ${DOMS_TO_AUDIT}`
do
echo ${dom}
# this does the audit with verbose to arachni report file
arachni -fv http://${dom} --report=afr:outfile=${CLIENT_PATH}/${SVR_TO_AUDIT}/${dom}-`date +%Y%m%d`.com.afr
# this converts the verbose file to the report
arachni --repload=${CLIENT_PATH}/${SVR_TO_AUDIT}/${dom}-`date +%Y%m%d`.com.afr --report=html:outfile=${CLIENT_PATH}/${SVR_TO_AUDIT}/${dom}-`date +%Y%m%d`.arachni_report.html
done

###########################################################################
## LOGGING CLEANUP
###########################################################################

# 1>&3 and 2>&4 restore the original file descriptors for stdout and 
# stderr from file descriptors 3 and 4.

# 3>&~ 4>&~: now that they are not needed, close file descriptors 3 and 4

exec 1>&3 3>&- 2>&4 4>&-

# waits on the tee pid to die before continuing

wait ${tpid}

# remove the named pipe which is no longer needed
sleep 5
rm ${BUILD_PIPE}

##############################################################################
## MAIL REPORT
##############################################################################
echo -e "using mutt to send log to ${emails}"
# gentoo and arch require the -- before $emails while redhat / centos do not
mutt -s "audit log for ${SVR_TO_AUDIT}" -a ${BUILD_LOG}  -- ${emails} < /dev/null

[/codesyntax]


Leave a Reply