SQL, Code Injection, and Scanners                                           Chapter 5

            When you set BSBDIOJ loose on a URL it spins up multiple threads that start bombarding
            the target with the malicious snippets and exploratory requests all scanners use to flush out
            interesting behavior. If you're going too quickly though and get hit by a WAF throttling
            your traffic, you might find some or all of those threads hanging, sometimes indefinitely.
            The   UJNFPVU parameter allows you to pass as an argument to specify how long BSBDIOJ
            should wait before shutting down and compiling a report based on the collected data.

                --checks
            By default, when you target a URL, without passing any extra information, you'll be
            applying every check BSBDIOJ has in its system. But sometimes you might want to exclude
            some lower-priority warningsbBSBDIOJ, for example, will warn you when a company
            email is exposed publicly, but usually that's not an issue if the email is a corporate handle
            or meant to otherwise be customer-facing. Some forms of data leakage are important, but
            for most companies this is not one of them. You also might want to exclude noisy checks
            that would put too much of a load on the target server or network architecture.

            The DIFDLT option takes as its arguments the checks you should include and exclude, with
            the splat character   operating as its usual stand-in for all options and excluded checks
            indicated by the use of a minus sign ( ).

                --scope-include-subdomains
            This switch does just what it sounds likebit tells BSBDIOJ that, when it spiders a URL, it's
            free to follow any links it finds to that site's subdomains.

                --plugin 'PLUGIN:OPTION=VALUE,OPTION2=VALUE2'
            The QMVHJO option allows us to pass environment variables that an BSBDIOJ plugin might
            depend on (authentication tokens for SaaS variables, configuration settings, SMTP
            usernames and passwords, and so on).

                --http-request-concurrency MAX_CONCURRENCY

            Arachni's ability to keep its HTTP requests in check is critical to ensuring a target server
            isn't overwhelmed with traffic. Even if scans are allowed under the terms of engagement
            for a specific target range, they'll typically set a speed limit for the scanner to prevent the
            equivalent of a DoS attack. And regardless, turning your request concurrency down can
            ensure you don't get hit by a WAF. The default for the scanner's ."9@$0/$633&/$: is
            HTTP requests/second.








                                                    [ 83 ]