Profiles for efficiency
Most pen tester's early experience with Arachni usually involves running scans with the default settings, which run a comprehensive list of threat vectors past the target environment. This is a great way to see what Arachni can do, but the OSINT gathered in the recon phase or even through browsing, as we've just seen, gives us some great information that can help us narrow the search field. We can leverage this information to craft a custom profile, which, as far as Arachni is concerned, is where most of the bells and whistles are located.
Why should we do this? Eliminating vectors we know not to be of interest (unused database tests, operating system vectors, and so on) can both reduce the scan times and avoid crushing ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access