search

JerryCai / arachni

15 stars 14 forks source link

ssh session for restful api #3

Open p3r1c0 opened 6 years ago

p3r1c0 commented 6 years ago

Hi,

I'm running the docker:

docker run --name arachni_docker -d -p 222:22 -p 7331:7331 -i -t be90b0752d4a

When I try to connect with: ssh -p 222 root@127.0.0.1 password:arachni I get connected.

On the other hand, if I try to connect to arachni RESTful API by: ssh -p 222 root@docker-machineIP with default password is "arachni" password: password I can't connected.

Do you know what it is the problem?

Taking advantage I want to ask if in the docker versions it's possible to use plugin like: --plugin=autologin

Many thanks,

Best regards,

JerryCai commented 6 years ago

I guess your connect ip 127.0.0.1 isn't your docker host's IP, you can use the docker-machine ip default to get it

p3r1c0 commented 6 years ago

Hi Jerry,

Thanks for your response but my problem is that I can't acces to ResfulAPI:

captura de pantalla 2018-07-13 a las 11 00 57

What is the endpoint to acces to api? I try with /api and the server always return the same error.

Regards

JerryCai commented 6 years ago 
POST
http://192.168.99.100:7331/scans
------------------------headers--------------------------
Authorization:Basic YXJhY2huaTpwYXNzd29yZA==
Accept:application/json; charset=UTF-8
------------------------ body --------------------------
{
  "url": "http://demo.testfire.net",
  "session": {},
  "checks": [
    "*"
  ],
  "platforms": [],
  "plugins": {},
  "no_fingerprinting": false
}
===================================================================================================

2018-07-22 12:24:33,372 INFO  http.AbstractResponse - 

=======================================[T-12 Response ]============================================
status code -->[200]
------------------------ response headers --------------------------
Content-Type:application/json
Vary:Accept-Encoding
X-Content-Type-Options:nosniff
Transfer-Encoding:chunked

------------------------ response content --------------------------
{"id":"a6f333e805a186631b01cd80d648628d"}
=================================================================================================
JerryCai commented 6 years ago

RESTful API endpoint will be

http://${docker-machineIP}:7331

Web endpoint can be access as:

http://${docker-machineIP}:9292

BTW, Today, I do test and find that web service is unavailable, So I have already fix this bug and build new image with latest tag, You can remove your older image by:

docker rmi -f arachni/arachni

then pull the latest by 

docker pull arachni/arachni
p3r1c0 commented 6 years ago

Hi @JerryCai,

Many thanks. Do you know how I can use plugin(like autologin) through RESTAPI.

I'm working to setup an aracnhi docker instance in AWS.

Regards,

JerryCai commented 6 years ago

@p3r1c0 Sorry, I don't know that :)