SQL, Code Injection, and Scanners                                           Chapter 5

            After running the scan (which will take a while), BSBDIOJ will print out the results to the
            console and generate an "'3 file. The "'3extension stands for Arachni Framework Report
            and is what BSBDIOJ uses to store scan results. That "'3 file can then be converted to
            HTML, JSON, XML, or another document format:







































            We can immediately see there's a vulnerability to explore in greater detail here. This is a
            good opportunity to use the HTML version of the report, which takes advantage of the
            browser to visualize the entire scan results.

            When you want to analyze the results of your scan, you can generate a zipped HTML file
            using the BSBDIOJ@SFQPSUFS executable:
                arachni_reporter some_report.afr --reporter=html:outfile=my_report.html.zip

            It's important to specify the outfile as zipped HTML, because that's the format the
            BSBDIOJ@SFQPSUFS will use to create it. If you leave off the [JQ suffix and just try to open
            the resulting HTML file, your browser will show a long stream of unformatted,
            unintelligible special characters.

                                                    [ 86 ]