Arachni optimizing for fast scanning (Arachni 스캔 속도 향상 시키기)

Arachni를 가지고 재미있는 것들을 하고있는데, 요즘 참 스캔 속도에 대해 고민이 되네요. Arachni 가 벤치 마킹 기준으로 굉장히 좋은 성능을 가지며 오픈소스이지만 결정적으로 어마어마한 스캔 시간이 발목을 잡는 것 같습니다.

처음에는 헤드리스 브라우저인 phantomjs를 전 테스팅 구간에 사용(아니 왜… 크롤링만 그걸로 하고 일반 스캐너처럼 해도 나쁘지 않을텐데)하기 떄문에 그런줄만 알았는데요, 찾아보디 몇가지 내용이 있어 더 공유드립니다.

Solution1 - Down scan performance

Arachni는 자체적으로 서버에 대한 스트레스 테스트를 진행합니다. 만약 스캔에서 발생하는 요청으로 인해 대상 서버가 느려지는 경우(응답 시간으로 판별) 자체적으로 스캔 쓰레드를 조정하거나 요청을 멈춰버립니다. 약한 서버에 돌렸을 때 스캔 시간이 아주 늘어지는 이유이기도 하죠.(또한 앞단에 보안 장비로 인해서 느려질수도 있겠네요)

대게 이런 경우는 단시간에 많은 요청이 발생하기 때문에 그렇습니다. 그래서 오히려 스캔 속도를 조정해주는게 총 스캔 시간에서 이득을 볼 수 있는 방법이라고 합니다.

스캔 시간에 직접 관여되는 것 중 가장 큰건 request-concurrency입니다. 동시에 얼마나 많은 양의 테스트를 할 수 있는지에 대한 항목인데, 오히려 갯수를 줄여서 스캔 퍼포먼스를 줄여서 서버의 스트레스를 낮춰 전체 스캔 시간에서 이득을 볼 수 있습니다. 물론 이 방법은 대상 서버가 스트레스를 받아서 Arachni의 자체적인 속도 타협으로 인해 스캔 시간이 늘어지는 걸 막을 때 사용합니다. (보통은 퍼포먼스가 더 줄겠죠)

Default: 20

command line

--http-request-concurrency=10

REST API

{
  "http-request-concurrency":"10",
   ....
}

Solution2 - 스캔 항목 타협

Arachni는 기본 옵션으로 모든 스캔 항목에 대해 테스트를 진행합니다. 가장 좋은 결과를 얻을 순 있지만, 스캔 속도에 막대한 영향을 끼칩니다. 조정이 가능하다면 적절히 타협봐서 사용하는게 속도를 늘리는 좋은 방법입니다.

Default: *

command line

-checks=*,-common_*,-backup_*,-backdoors

REST API

{
  "checks":"*,-xss,csrf"
}

다만 아쉬운점이 있다면 보편적인 스캐너 입장에선 뺄만한게 없습니다. [ check list ]

 [*] session_fixation:
--------------------
Name:        Session fixation
Description:    
Checks whether or not the session cookie can be set to an arbitrary value.

Severity:    High
Elements:    form, link, link_template
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.2
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/session_fixation.rb

 [*] unvalidated_redirect:
--------------------
Name:        Unvalidated redirect
Description:    
Injects URLs and checks the `Location` HTTP response header field and/or browser
URL to determine whether the attack was successful.

Severity:    Medium
Elements:    link, form, cookie, header, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.5
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/unvalidated_redirect.rb

 [*] no_sql_injection:
--------------------
Name:        NoSQL Injection
Description:    
NoSQL injection check, uses known DB errors to identify vulnerabilities.

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/no_sql_injection.rb

 [*] xss_path:
--------------------
Name:        XSS in path
Description:    
Cross-Site Scripting check for path injection

Severity:    High
Elements:    path
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.11
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss_path.rb

 [*] xss_event:
--------------------
Name:        XSS in HTML element event attribute
Description:    
Cross-Site Scripting in event tag of HTML element.

Severity:    High
Elements:    form, link, cookie, header
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.9
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss_event.rb

 [*] code_injection_timing:
--------------------
Name:        Code injection (timing)
Description:    
Injects code snippets and assess whether or not the injection was successful using
a time delay.

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.3.2
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/code_injection_timing.rb

 [*] xss_dom:
--------------------
Name:        DOM XSS
Description:    
Injects an HTML element into page DOM inputs and then parses the HTML markup of
tainted responses to look for proof of vulnerability.

Severity:    High
Elements:    link_dom, form_dom, cookie_dom, link_template_dom, ui_input_dom, ui_form_dom
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.4
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss_dom.rb

 [*] xss_tag:
--------------------
Name:        XSS in HTML tag
Description:    
Cross-Site Scripting in HTML tag.

Severity:    High
Elements:    form, link, cookie, header
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.11
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss_tag.rb

 [*] csrf:
--------------------
Name:        CSRF
Description:    
It uses differential analysis to determine which forms affect business logic and
checks them for lack of anti-CSRF tokens.

(Works best with a valid session.)

Severity:    High
Elements:    form
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.4
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/csrf.rb

 [*] sql_injection_timing:
--------------------
Name:        Blind SQL injection (timing attack)
Description:    
Blind SQL Injection check using timing attacks.

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.3.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/sql_injection_timing.rb

 [*] source_code_disclosure:
--------------------
Name:        Source code disclosure
Description:    
It tries to identify whether or not the web application can be forced to reveal
source code.

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.4
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/source_code_disclosure.rb

 [*] xpath_injection:
--------------------
Name:        XPath Injection
Description:    
XPath injection check

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.6
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xpath_injection.rb

 [*] xss_dom_script_context:
--------------------
Name:        DOM XSS in script context
Description:    
Injects JS taint code and checks to see if it gets executed as proof of vulnerability.

Severity:    High
Elements:    link_dom, form_dom, cookie_dom, link_template_dom, ui_input_dom, ui_form_dom
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.2
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss_dom_script_context.rb

 [*] os_cmd_injection:
--------------------
Name:        OS command injection
Description:    
Tries to find Operating System command injections.

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.6
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/os_cmd_injection.rb

 [*] os_cmd_injection_timing:
--------------------
Name:        OS command injection (timing)
Description:    
Tries to find operating system command injections using timing attacks.

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.3.2
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/os_cmd_injection_timing.rb

 [*] rfi:
--------------------
Name:        Remote File Inclusion
Description:    
Injects a remote URL in all available inputs and checks for relevant content in
the HTTP response body.

Severity:    High
Elements:    link, form, cookie, header, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.3.2
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/rfi.rb

 [*] response_splitting:
--------------------
Name:        Response Splitting
Description:    
Injects arbitrary and checks if any of them end up in the response header.

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/response_splitting.rb

 [*] xss_script_context:
--------------------
Name:        XSS in script context
Description:    
Injects JS taint code and check to see if it gets executed as proof of vulnerability.

Severity:    High
Elements:    form, link, cookie, header, link_template
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.5
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss_script_context.rb

 [*] xss:
--------------------
Name:        XSS
Description:    
Injects an HTML element into page inputs and then parses the HTML markup of
tainted responses to look for proof of vulnerability.

Severity:    High
Elements:    form, link, cookie, header, link_template
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.4.9
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xss.rb

 [*] xxe:
--------------------
Name:        XML External Entity
Description:    
Injects a custom External Entity into XML documents prior to submitting them and
determines the existence of a vulnerability by checking whether that entity was
processed based on the resulting HTTP response.

Severity:    High
Elements:    xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.2
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/xxe.rb

 [*] no_sql_injection_differential:
--------------------
Name:        Blind NoSQL Injection (differential analysis)
Description:    
It uses differential analysis to determine how different inputs affect the behavior
of the web application and checks if the displayed behavior is consistent with
that of a vulnerable application.

Severity:    High
Elements:    link, form, cookie
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.2
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/no_sql_injection_differential.rb

 [*] file_inclusion:
--------------------
Name:        File Inclusion
Description:    
Injects paths of common files (like `/etc/passwd` and `boot.ini`) and evaluates
the existence of a file inclusion vulnerability based on the presence of relevant
content or errors in the HTTP response body.

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.7
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/file_inclusion.rb

 [*] code_injection_php_input_wrapper:
--------------------
Name:        Code injection (php://input wrapper)
Description:    
Injects PHP code into the HTTP request body and uses the `php://input` wrapper
to try and load it.

Severity:    High
Elements:    form, link, cookie, header
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/code_injection_php_input_wrapper.rb

 [*] sql_injection_differential:
--------------------
Name:        Blind SQL Injection (differential analysis)
Description:    
It uses differential analysis to determine how different inputs affect behavior
of the web application and checks if the displayed behavior is consistent with
that of a vulnerable application.

Severity:    High
Elements:    link, form, cookie
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.4.4
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/sql_injection_differential.rb

 [*] path_traversal:
--------------------
Name:        Path Traversal
Description:    
It injects paths of common files ( like `/etc/passwd` and `boot.ini`) and
evaluates the existence of a path traversal vulnerability based on the presence
of relevant content in the HTML responses.

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.4.8
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/path_traversal.rb

 [*] unvalidated_redirect_dom:
--------------------
Name:        Unvalidated DOM redirect
Description:    
Injects URLs and checks the browser URL to determine whether the attack was successful.

Severity:    High
Elements:    link_dom, form_dom, cookie_dom, ui_form_dom
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/unvalidated_redirect_dom.rb

 [*] sql_injection:
--------------------
Name:        SQL Injection
Description:    
SQL injection check, uses known SQL DB errors to identify vulnerabilities.

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/sql_injection.rb

 [*] code_injection:
--------------------
Name:        Code injection
Description:    
Injects code snippets and assess whether or not execution was successful.

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.5
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/code_injection.rb

 [*] ldap_injection:
--------------------
Name:        LDAPInjection
Description:    
It tries to force the web application to return LDAP error messages, in order to
discover failures in user input validation.

Severity:    High
Elements:    link, form, cookie, header, link_template, json, xml
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.4
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/ldap_injection.rb

 [*] trainer:
--------------------
Name:        Trainer
Description:    
Pokes and probes all inputs of a given page in order to uncover new input vectors.
It also forces Arachni to train itself by analyzing the server responses.

Elements:    form, link, cookie, header
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.5
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/active/trainer.rb

 [*] password_autocomplete:
--------------------
Name:        Password field with auto-complete
Description:    
Greps pages for forms which have password fields
                without explicitly disabling auto-complete.

Severity:    Low
Elements:    form
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.3.1
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/password_autocomplete.rb

 [*] cookie_set_for_parent_domain:
--------------------
Name:        Cookie set for parent domain
Description:    
Logs cookies that are accessible by all subdomains.

Severity:    Informational
Elements:    cookie
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.2
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/cookie_set_for_parent_domain.rb

 [*] mixed_resource:
--------------------
Name:        Mixed Resource
Description:    
Looks for resources served over HTTP when the HTML code is server over HTTPS.

Severity:    Medium
Elements:    body
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.5
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/mixed_resource.rb

 [*] private_ip:
--------------------
Name:        Private IP address finder
Description:    
Scans pages for private IP addresses.

Severity:    Low
Elements:    body, header
Author:        Tasos Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/private_ip.rb

 [*] insecure_cors_policy:
--------------------
Name:        Insecure CORS policy
Description:    
Checks the host for a wildcard (`*`) `Access-Control-Allow-Origin` header.

Severity:    Low
Elements:    server
Author:        Tasos Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.1
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/insecure_cors_policy.rb

 [*] hsts:
--------------------
Name:        HTTP Strict Transport Security
Description:    
Checks HTTPS pages for missing `Strict-Transport-Security` headers.

Severity:    Medium
Elements:    server
Author:        Tasos Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/hsts.rb

 [*] form_upload:
--------------------
Name:        Form-based File Upload
Description:    
Logs upload forms which require manual testing.

Severity:    Informational
Elements:    form
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/form_upload.rb

 [*] http_only_cookies:
--------------------
Name:        HttpOnly cookies
Description:    
Logs cookies that are accessible via JavaScript.

Severity:    Informational
Elements:    cookie
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.5
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/http_only_cookies.rb

 [*] insecure_cookies:
--------------------
Name:        Insecure cookies
Description:    
Logs cookies that are served over an encrypted channel but without having the
`secure` flag set.

Severity:    Informational
Elements:    cookie
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.5
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/insecure_cookies.rb

 [*] x_frame_options:
--------------------
Name:        Missing X-Frame-Options header
Description:    
Checks the host for a missing `X-Frame-Options` header.

Severity:    Low
Elements:    server
Author:        Tasos Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.2
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/x_frame_options.rb

 [*] cvs_svn_users:
--------------------
Name:        CVS/SVN users
Description:    
Scans every page for CVS/SVN users.

Severity:    Low
Elements:    body
Author:        Tasos Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.3.1
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/cvs_svn_users.rb

 [*] unencrypted_password_forms:
--------------------
Name:        Unencrypted password forms
Description:    
Looks for password inputs that don't submit data
                over an encrypted channel (HTTPS).

Severity:    Medium
Elements:    form
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.2
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/unencrypted_password_forms.rb

 [*] html_objects:
--------------------
Name:        HTML objects
Description:    
Logs the existence of HTML object tags.
                Since Arachni can't execute things like Java Applets and Flash
                this serves as a heads-up to the penetration tester to review
                the objects in question using a different method.

Severity:    Informational
Elements:    body
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.4
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/html_objects.rb

 [*] ssn:
--------------------
Name:        SSN
Description:    
Greps pages for disclosed US Social Security Numbers.

Severity:    High
Elements:    body
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>, haliphax
Version:    0.1.4
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/ssn.rb

 [*] emails:
--------------------
Name:        E-mail address
Description:    
Greps pages for disclosed e-mail addresses.

Severity:    Informational
Elements:    body
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/emails.rb

 [*] credit_card:
--------------------
Name:        Credit card number disclosure
Description:    
Scans pages for credit card numbers.

Severity:    Medium
Elements:    body
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.4
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/credit_card.rb

 [*] captcha:
--------------------
Name:        CAPTCHA
Description:    
Greps pages for forms with CAPTCHAs.

Severity:    Informational
Elements:    form
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.2
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/grep/captcha.rb

 [*] backdoors:
--------------------
Name:        Backdoors
Description:    
Tries to find common backdoors on the server.

Severity:    High
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.6
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/backdoors.rb

 [*] allowed_methods:
--------------------
Name:        Allowed methods
Description:    
Checks for supported HTTP methods.

Severity:    Informational
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/allowed_methods.rb

 [*] htaccess_limit:
--------------------
Name:        .htaccess LIMIT misconfiguration
Description:    
Checks for misconfiguration in LIMIT directives that blocks
                GET requests but allows POST.

Severity:    High
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.7
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/htaccess_limit.rb

 [*] xst:
--------------------
Name:        XST
Description:    
Sends an HTTP TRACE request and checks if it succeeded.

Severity:    Medium
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.8
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/xst.rb

 [*] directory_listing:
--------------------
Name:        Directory listing
Description:    
Tries to force directory listings.

Severity:    Low
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.7
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/directory_listing.rb

 [*] http_put:
--------------------
Name:        HTTP PUT
Description:    
Checks if uploading files is possible using the HTTP PUT method.

Severity:    High
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/http_put.rb

 [*] insecure_client_access_policy:
--------------------
Name:        Insecure client-access policy
Description:    
Checks `clientaccesspolicy.xml` files for wildcard domain policies.

Severity:    Low
Elements:    server
Author:        Tasos Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/insecure_client_access_policy.rb

 [*] webdav:
--------------------
Name:        WebDAV
Description:    
Checks for WebDAV enabled directories.

Severity:    Informational
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.5
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/webdav.rb

 [*] common_files:
--------------------
Name:        Common files
Description:    
Tries to find common sensitive files on the server.

Severity:    Low
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.4
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/common_files.rb

 [*] insecure_cross_domain_policy_headers:
--------------------
Name:        Insecure cross-domain policy (allow-http-request-headers-from)
Description:    
Checks `crossdomain.xml` files for wildcard `allow-http-request-headers-from` policies.

Severity:    Low
Elements:    server
Author:        Tasos Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/insecure_cross_domain_policy_headers.rb

 [*] localstart_asp:
--------------------
Name:        localstart.asp
Description:    
Checks for localstart.asp.

Severity:    Low
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/localstart_asp.rb

 [*] interesting_responses:
--------------------
Name:        Interesting responses
Description:    
Logs all non 200 (OK) server responses.

Severity:    Informational
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.1
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/interesting_responses.rb

 [*] backup_directories:
--------------------
Name:        Backup directories
Description:    
Tries to find backed-up directories.

Severity:    Medium
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/backup_directories.rb

 [*] origin_spoof_access_restriction_bypass:
--------------------
Name:        Origin Spoof Access Restriction Bypass
Description:    
Retries denied requests with a spoofed origin header
                to trick the web application into thinking that the request originated
                from localhost and checks whether the restrictions was bypassed.

Severity:    High
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/origin_spoof_access_restriction_bypass.rb

 [*] common_admin_interfaces:
--------------------
Name:        Common administration interfaces
Description:    
Tries to find common admin interfaces on the server.

Severity:    Low
Elements:    server
Author:        Brendan Coles <bcoles@gmail.com>, Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1.1
References:
 [~] Apache.org        http://httpd.apache.org/docs/2.0/mod/mod_access.html
 [~] WASC        http://projects.webappsec.org/w/page/13246953/Predictable%20Resource%20Location
Targets:
 [~] Generic
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/common_admin_interfaces.rb

 [*] common_directories:
--------------------
Name:        Common directories
Description:    
Tries to find common directories on the server.

Severity:    Medium
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.2.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/common_directories.rb

 [*] backup_files:
--------------------
Name:        Backup files
Description:    
Tries to identify backup files.

Severity:    Medium
Elements:    server
Author:        Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.3.3
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/backup_files.rb

 [*] insecure_cross_domain_policy_access:
--------------------
Name:        Insecure cross-domain policy (allow-access-from)
Description:    
Checks `crossdomain.xml` files for `allow-access-from` wildcard policies.

Severity:    Low
Elements:    server
Author:        Tasos Laskos <tasos.laskos@arachni-scanner.com>
Version:    0.1
Path:    /home/hahwul/HAHWUL/tool/arachni/arachni-1.5.1-0.5.12/system/gems/gems/arachni-1.5.1/components/checks/passive/insecure_cross_domain_policy_access.rb

Solution3 - phantomjs(Browser cluster), 자잘한 옵션 조정

위에서 가장 먼저 이야기드렸지만, 헤드리스 브라우저를 이용해서 Request/Response 테스트를 진행하기 때문에 다르 스캐너보다 느릴 수 밖에 없습니다.

따지고 보면 가상의 브라우저가 각 웹 페이지를 랜더링 하면서 테스트한다고 생각하면 되니 당연한 결과겠지요.

가장 현실적인 대안인데요, 전체적인 스캔 퍼포먼스를 조절하는게 아닌 테스팅을 하는 각 모듈에 대한 항목을 조정하는 방법이 있습니다.

Browser cluster 관련 항목쪽은 헤드리스 브라우저에서 테스트하는 옵션을 조정할 수 있어 브라우저의 갯수를 늘리고 분석 Detph를 낮추면 속도면에서 많이 타협볼 수 있을 것 같습니다.

그리고.. 이외에도 redirection 갯수, timtout 시간 등을 조정해서 속도를 좀 더 빠르게 떙겨볼 수 있습니다.

Reference

http://support.arachni-scanner.com/kb/general-use/optimizing-for-faster-scans