arachni 0.2.2.1

data/lib/ruby/xmlrpc/server.rb

@@ -0,0 +1,27 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+#
+# Overloads the {XMLRPC::BasicServer} class with a clear_handlers() method.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+module XMLRPC
+class BasicServer
+
+    def clear_handlers
+        @handler.clear
+    end
+
+end
+end

data/lib/spider.rb

@@ -0,0 +1,200 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+require Arachni::Options.instance.dir['lib'] + 'anemone'
+require Arachni::Options.instance.dir['lib'] + 'module/utilities'
+
+module Arachni
+
+#
+# Spider class
+#
+# Crawls the URL in opts[:url] and grabs the HTML code and headers.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class Spider
+
+    include Arachni::UI::Output
+    include Arachni::Module::Utilities
+
+    #
+    #
+    # @return [Options]
+    #
+    attr_reader :opts
+
+    attr_reader :pages
+
+    #
+    # Sitemap, array of links
+    #
+    # @return [Array]
+    #
+    attr_reader :sitemap
+
+    #
+    # Code block to be executed on each page
+    #
+    # @return [Proc]
+    #
+    attr_reader :on_every_page_blocks
+
+    #
+    # Constructor <br/>
+    # Instantiates Spider class with user options.
+    #
+    # @param  [Options] opts
+    #
+    def initialize( opts )
+        @opts = opts
+
+        @anemone_opts = {
+            :threads              =>  1,
+            :discard_page_bodies  =>  false,
+            :delay                =>  0,
+            :obey_robots_txt      =>  false,
+            :depth_limit          =>  false,
+            :link_count_limit     =>  false,
+            :redirect_limit       =>  false,
+            :storage              =>  nil,
+            :cookies              =>  nil,
+            :accept_cookies       =>  true,
+            :proxy_addr           =>  nil,
+            :proxy_port           =>  nil,
+            :proxy_user           =>  nil,
+            :proxy_pass           =>  nil
+        }
+
+        hash_opts = @opts.to_h
+        @anemone_opts.each_pair {
+            |k, v|
+            @anemone_opts[k] = hash_opts[k.to_s] if hash_opts[k.to_s]
+        }
+
+        @anemone_opts = @anemone_opts.merge( hash_opts )
+
+        @sitemap = []
+        @on_every_page_blocks = []
+
+        # if we have no 'include' patterns create one that will match
+        # everything, like '.*'
+        @opts.include =[ Regexp.new( '.*' ) ] if @opts.include.empty?
+    end
+
+    #
+    # Runs the Spider and passes parsed page to the block
+    #
+    # @param [Block] block
+    #
+    # @return [Arachni::Parser::Page]
+    #
+    def run( &block )
+        return if @opts.link_count_limit == 0
+
+        i = 1
+        # start the crawl
+        Anemone.crawl( @opts.url, @anemone_opts ) {
+            |anemone|
+
+            # apply 'exclude' patterns
+            anemone.skip_links_like( @opts.exclude ) if @opts.exclude
+
+            # apply 'include' patterns and grab matching pages
+            # as they are discovered
+            anemone.on_pages_like( @opts.include ) {
+                |page|
+
+                @pages = anemone.pages.keys || []
+
+                url = url_sanitize( page.url.to_s )
+
+                # something went kaboom, tell the user and skip the page
+                if page.error
+                    print_error( "[Error: " + (page.error.to_s) + "] " + url )
+                    print_debug_backtrace( page.error )
+                    next
+                end
+
+                # push the url in the sitemap
+                @sitemap.push( url )
+
+                print_line
+                print_status( "[HTTP: #{page.code}] " + url )
+
+                # call the block...if we have one
+                if block
+                    exception_jail{
+                        new_page = Arachni::Parser.new( @opts,
+                            Typhoeus::Response.new(
+                                :effective_url => url,
+                                :body          => page.body,
+                                :headers_hash  => page.headers
+                            )
+                        ).run
+                        new_page.code   = page.code
+                        new_page.method = 'GET'
+                        block.call( new_page.clone )
+                    }
+                end
+
+                # run blocks specified later
+                @on_every_page_blocks.each {
+                    |block|
+                    block.call( page )
+                }
+
+                # we don't need the HTML doc anymore
+                page.discard_doc!( )
+
+                # make sure we obey the link count limit and
+                # return if we have exceeded it.
+                if( @opts.link_count_limit &&
+                    @opts.link_count_limit <= i )
+                    return @sitemap.uniq
+                end
+
+                i+=1
+            }
+        }
+
+        return @sitemap.uniq
+    end
+
+    #
+    # Decodes URLs to reverse multiple encodes and removes NULL characters
+    #
+    def url_sanitize( url )
+
+        while( url =~ /%/ )
+            url = ( URI.decode( url ).to_s.unpack( 'A*' )[0] )
+        end
+
+        return url
+    end
+
+
+    #
+    # Hook for further analysis of pages, statistics etc.
+    #
+    # @param [Proc] block code to be executed for every page
+    #
+    # @return [self]
+    #
+    def on_every_page( &block )
+        @on_every_page_blocks.push( block )
+        self
+    end
+
+end
+end

data/lib/typhoeus/request.rb

@@ -0,0 +1,91 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+#
+# Override the on_complete methods of Typhoeus adding support
+# for multiple on_complete blocks.
+#
+# Also added support for on demand training of the response and
+# incremental request id numbers.
+#
+module Typhoeus
+
+    class Request
+
+        attr_accessor :id, :proxy, :proxy_username, :proxy_password,
+                      :proxy_username, :proxy_password, :proxy_type
+
+        alias :old_initialize :initialize
+
+        def initialize( url, options = {} )
+
+            old_initialize( url, options )
+
+            @proxy_type       = options[:proxy_type]
+            @proxy_username   = options[:proxy_username]
+            @proxy_password   = options[:proxy_password]
+            @proxy_auth_method = options[:proxy_auth_method]
+
+            @on_complete        = []
+            @handled_response   = []
+            @multiple_callbacks = false
+            @train              = false
+        end
+
+        def on_complete( multi = false, &block )
+
+            # remember user preference for subsequent calls
+            if( multi || @multiple_callbacks )
+                @multiple_callbacks = true
+                @on_complete << block
+            else
+                @on_complete = block
+            end
+
+        end
+
+        def on_complete=( multi = false, proc )
+
+            # remember user preference for subsequent calls
+            if( multi || @multiple_callbacks )
+                @multiple_callbacks = true
+                @on_complete << proc
+            else
+                @on_complete = proc
+            end
+
+        end
+
+        def call_handlers
+
+            if @on_complete.is_a? Array
+
+                @on_complete.each do |callback|
+                    @handled_response << callback.call(response)
+                end
+
+            else
+                @handled_response << @on_complete.call(response)
+            end
+
+          call_after_complete
+        end
+
+        def train?
+            @train
+        end
+
+        def train!
+            @train = true
+        end
+
+    end
+
+end

data/lib/typhoeus/response.rb

@@ -0,0 +1,34 @@
+
+module Typhoeus
+  class Response
+
+    #
+    # Converts obj to hash
+    #
+    # @param    [Object]  obj    instance of an object
+    #
+    # @return    [Hash]
+    #
+    def to_hash
+        hash = Hash.new
+        instance_variables.each {
+            |var|
+            key       = var.to_s.gsub( /@/, '' )
+            hash[key] = instance_variable_get( var )
+
+        }
+
+        hash['headers_hash'] = {}
+        headers_hash.each_pair {
+            |k, v|
+            hash['headers_hash'][k] = v
+        }
+
+        hash.delete( 'request' )
+
+        return hash
+    end
+
+
+  end
+end

data/lib/ui/cli/cli.rb

@@ -0,0 +1,744 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+
+module Arachni
+
+require Options.instance.dir['lib'] + 'ui/cli/output'
+require Options.instance.dir['lib'] + 'framework'
+
+module UI
+
+#
+# Arachni::UI:CLI class
+#
+# Provides a command line interface for the Arachni Framework.<br/>
+# Most of the logic is in the Framework class however profiles can only<br/>
+# be loaded and saved at this level.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1.6
+# @see Arachni::Framework
+#
+class CLI
+
+    #
+    # Instance options
+    #
+    # @return    [Options]
+    #
+    attr_reader :opts
+
+    # the output interface for CLI
+    include Arachni::UI::Output
+    include Arachni::Module::Utilities
+
+    #
+    # Initializes the command line interface and the framework
+    #
+    # @param    [Options]    opts
+    #
+    def initialize( opts )
+
+        @opts = opts
+
+        # if we have a load profile load it and merge it with the
+        # user supplied options
+        if( @opts.load_profile )
+            load_profile( @opts.load_profile )
+        end
+
+        #
+        # the stdout report is the default one for the CLI,
+        # each UI should have it's own default
+        #
+        # always load the stdout report unless the user requested
+        # to see a list of the available reports
+        #
+        # *do not* forget this check, otherwise the reports registry
+        # will desync
+        #
+        if( @opts.reports.empty? && @opts.lsrep.empty? )
+            @opts.reports['stdout'] = {}
+        end
+
+        # instantiate the big-boy!
+        @arachni = Arachni::Framework.new( @opts  )
+
+
+        # echo the banner
+        banner( )
+
+        # work on the user supplied arguments
+        parse_opts( )
+
+        # trap Ctrl+C interrupts
+        trap( 'INT' ) { handle_interrupt( ) }
+    end
+
+    #
+    # Runs Arachni
+    #
+    def run( )
+
+        print_status( 'Initing...' )
+
+        begin
+            # start the show!
+            @arachni.run( ){
+                @interrupt_handler.join if @interrupt_handler
+            }
+            print_stats
+        rescue Arachni::Exceptions::NoMods => e
+            print_error( e.to_s )
+            print_info( "Run arachni with the '-h' parameter for help or " )
+            print_info( "with the '--lsmod' parameter to see all available modules." )
+            print_line
+            exit 0
+        rescue Arachni::Exceptions => e
+            print_error( e.to_s )
+            print_info( "Run arachni with the '-h' parameter for help." )
+            print_line
+            exit 0
+        rescue Exception => e
+            exception_jail{ raise e }
+            exit 0
+        end
+    end
+
+    private
+
+    def print_stats( refresh_time = false )
+
+        stats   = @arachni.stats( refresh_time )
+
+        audited = stats[:auditmap_size]
+        mapped  = stats[:sitemap_size]
+        progress = ( Float( audited ) / mapped ) * 100
+
+        print_line
+        print_info( "Audit progress: #{progress.to_s[0...5]}% ( #{audited}/#{mapped} pages )" )
+        print_line
+        print_info( "Sent #{stats[:requests]} requests." )
+        print_info( "Received and analyzed #{stats[:responses]} responses." )
+        print_info( 'In ' + stats[:time] )
+
+        avg = 'Average: ' + stats[:avg] + ' requests/second.'
+        print_info( avg )
+
+        print_line
+        print_info( "Currently auditing           #{stats[:current_page]}" )
+        print_info( "Burst response time total    #{stats[:curr_res_time]}" )
+        print_info( "Burst response count total   #{stats[:curr_res_cnt]} " )
+        print_info( "Burst average response time  #{stats[:average_res_time]}" )
+        print_info( "Burst average                #{stats[:curr_avg]} requests/second" )
+        print_info( "Original max concurrency     #{@opts.http_req_limit}" )
+        print_info( "Throttled max concurrency    #{stats[:max_concurrency]}" )
+
+        print_line
+
+    end
+
+
+    #
+    # Handles Ctrl+C interrupts
+    #
+    # Once an interrupt has been trapped the system pauses and waits
+    # for user input. <br/>
+    # The user can either continue or exit.
+    #
+    # The interrupt will be handled after a module has finished.
+    #
+    def handle_interrupt( )
+        return if @interrupt_handler && @interrupt_handler.alive?
+
+        only_positives_opt = only_positives?
+        @@only_positives = false
+        @interrupt_handler = Thread.new {
+
+             Thread.new {
+                if gets[0] == 'e'
+                    @@only_positives = false
+                    unmute!
+                    @interrupt_handler.kill
+
+                     print_info( 'Exiting...' )
+                     exit 0
+                end
+
+                @@only_positives = only_positives_opt
+                unmute!
+                @interrupt_handler.kill
+                Thread.kill
+            }
+
+            while( 1 )
+
+                unmute!
+                print_line
+                clear_screen
+                print_info( 'Results thus far:' )
+
+                begin
+                    print_issues( @arachni.audit_store( true ) )
+                    print_stats( true )
+                rescue Exception => e
+                    exception_jail{ raise e }
+                    exit 0
+                end
+
+                print_info( 'Continue? (hit \'enter\' to continue, \'e\' to exit)' )
+                mute!
+
+                ::IO::select( nil, nil, nil, 1 )
+            end
+
+            unmute!
+        }
+
+    end
+
+    def clear_screen
+        puts "\e[H\e[2J"
+    end
+
+    def print_issues( audit_store )
+
+        print_line( )
+        print_info( audit_store.issues.size.to_s +
+          ' issues have been detected.' )
+
+        print_line( )
+        audit_store.issues.each {
+            |issue|
+
+            print_ok( "#{issue.name} (In #{issue.elem} variable '#{issue.var}'" +
+              " - Severity: #{issue.severity} - Variations: #{issue.variations.size.to_s})" )
+
+            print_info( issue.variations[0]['url'] )
+
+            print_line( )
+        }
+
+        print_line( )
+
+    end
+
+    #
+    # It parses and processes the user options.
+    #
+    # Loads modules, reports, saves/loads profiles etc.<br/>
+    # It basically prepares the framework before calling {Arachni::Framework#run}.
+    #
+    def parse_opts(  )
+
+        if !@opts.repload
+
+            if( !@opts.mods || @opts.mods.empty? )
+                print_info( "No modules were specified." )
+                print_info( " -> Will run all mods." )
+
+                @opts.mods = ['*']
+            end
+
+            if( !@opts.audit_links &&
+                !@opts.audit_forms &&
+                !@opts.audit_cookies &&
+                !@opts.audit_headers
+              )
+                print_info( "No audit options were specified." )
+                print_info( " -> Will audit links, forms and cookies." )
+
+                @opts.audit_links   = true
+                @opts.audit_forms   = true
+                @opts.audit_cookies = true
+            end
+
+        end
+
+        @arachni.plugins.load_defaults!
+        @opts.to_h.each {
+            |opt, arg|
+
+            case opt.to_s
+
+                when 'help'
+                    usage
+                    exit 0
+
+                when 'arachni_verbose'
+                    verbose!
+
+                when 'debug'
+                    debug!
+
+                when 'only_positives'
+                    only_positives!
+
+                when 'lsmod'
+                    next if arg.empty?
+                    lsmod
+                    exit 0
+
+                when 'lsplug'
+                    next if arg.empty?
+                    lsplug
+                    exit 0
+
+                when 'lsrep'
+                    next if arg.empty?
+                    lsrep
+                    exit 0
+
+                when 'show_profile'
+                    print_profile( )
+                    exit 0
+
+                when 'save_profile'
+                    exception_jail{ save_profile( arg ) }
+                    exit 0
+
+                when 'mods'
+                    begin
+                        exception_jail{
+                            @opts.mods = @arachni.modules.load( arg )
+                        }
+                    rescue
+                        exit 0
+                    end
+
+                when 'reports'
+                    begin
+                        exception_jail{ @arachni.reports.load( arg.keys ) }
+                    rescue
+                        exit 0
+                    end
+
+                when 'plugins'
+                    begin
+                        exception_jail{ @arachni.plugins.load( arg.keys ) }
+                    rescue
+                        exit 0
+                    end
+
+                when 'repload'
+                    exception_jail{ @arachni.reports.run( AuditStore.load( arg ), false ) }
+                    exit 0
+
+            end
+        }
+
+        # Check for missing url
+        if( !@opts.url &&  !@opts.repload )
+            print_error( "Missing url argument." )
+            exit 0
+        end
+
+    end
+
+    #
+    # Outputs all available modules and their info.
+    #
+    def lsmod
+        print_line
+        print_line
+        print_info( 'Available modules:' )
+        print_line
+
+        mods = @arachni.lsmod( )
+
+        i = 0
+        mods.each {
+            |info|
+
+            print_status( "#{info[:mod_name]}:" )
+            print_line( "--------------------" )
+
+            print_line( "Name:\t\t"       + info[:name] )
+            print_line( "Description:\t"  + info[:description] )
+
+            if( info[:elements] && info[:elements].size > 0 )
+                print_line( "Elements:\t" +
+                    info[:elements].join( ', ' ).downcase )
+            end
+
+            print_line( "Author:\t\t"     + info[:author] )
+            print_line( "Version:\t"      + info[:version] )
+
+            if( info[:references] )
+                print_line( "References:" )
+                info[:references].keys.each {
+                    |key|
+                    print_info( key + "\t\t" + info[:references][key] )
+                }
+            end
+
+            print_line( "Targets:" )
+            info[:targets].keys.each {
+                |key|
+                print_info( key + "\t\t" + info[:targets][key] )
+            }
+
+            if( info[:issue] &&
+                ( sploit = info[:issue][:metasploitable] ) )
+                print_line( "Metasploitable:\t" + sploit )
+            end
+
+            print_line( "Path:\t"    + info[:path] )
+
+            i+=1
+
+            # pause every 3 modules to give the user time to read
+            # (cheers to aungkhant@yehg.net for suggesting it)
+            if( i % 3 == 0 && i != mods.size )
+                print_line
+                print_line( 'Hit <space> <enter> to continue, any other key to exit. ' )
+
+                if gets[0] != " "
+                    print_line
+                    return
+                end
+
+            end
+
+            print_line
+        }
+
+    end
+
+    #
+    # Outputs all available reports and their info.
+    #
+    def lsrep
+        print_line
+        print_line
+        print_info( 'Available reports:' )
+        print_line
+
+        @arachni.lsrep().each {
+            |info|
+
+            print_status( "#{info[:rep_name]}:" )
+            print_line( "--------------------" )
+
+            print_line( "Name:\t\t"       + info[:name] )
+            print_line( "Description:\t"  + info[:description] )
+
+            if( info[:options] && !info[:options].empty? )
+                print_line( "Options:\t" )
+
+                info[:options].each {
+                    |option|
+                    print_info( "\t#{option.name} - #{option.desc}" )
+                    print_info( "\tType:        #{option.type}" )
+                    print_info( "\tDefault:     #{option.default}" )
+                    print_info( "\tRequired?:   #{option.required?}" )
+
+                    print_line( )
+                }
+            end
+
+            print_line( "Author:\t\t"     + info[:author] )
+            print_line( "Version:\t"      + info[:version] )
+            print_line( "Path:\t"         + info[:path] )
+
+            print_line
+        }
+
+    end
+
+    #
+    # Outputs all available reports and their info.
+    #
+    def lsplug
+        print_line
+        print_line
+        print_info( 'Available plugins:' )
+        print_line
+
+        @arachni.lsplug().each {
+            |info|
+
+            print_status( "#{info[:plug_name]}:" )
+            print_line( "--------------------" )
+
+            print_line( "Name:\t\t"       + info[:name] )
+            print_line( "Description:\t"  + info[:description] )
+
+            if( info[:options] && !info[:options].empty? )
+                print_line( "Options:\t" )
+
+                info[:options].each {
+                    |option|
+                    print_info( "\t#{option.name} - #{option.desc}" )
+                    print_info( "\tType:        #{option.type}" )
+                    print_info( "\tDefault:     #{option.default}" )
+                    print_info( "\tRequired?:   #{option.required?}" )
+
+                    print_line( )
+                }
+            end
+
+            print_line( "Author:\t\t"     + info[:author] )
+            print_line( "Version:\t"      + info[:version] )
+            print_line( "Path:\t"         + info[:path] )
+
+            print_line
+        }
+
+    end
+
+
+    #
+    # Loads an Arachni Framework Profile file and merges it with the
+    # user supplied options.
+    #
+    # @param    [String]    filename    the file to load
+    #
+    def load_profile( profiles )
+        exception_jail{
+            @opts.load_profile = nil
+            profiles.each {
+                |filename|
+                @opts.merge!( YAML::load( IO.read( filename ) ) )
+            }
+        }
+    end
+
+    #
+    # Saves options to an Arachni Framework Profile file.<br/>
+    # The file will be appended with the {PROFILE_EXT} extension.
+    #
+    # @param    [String]    filename
+    #
+    def save_profile( filename )
+
+        if filename = @opts.save( filename )
+            print_status( "Saved profile in '#{filename}'." )
+            print_line( )
+        else
+            banner( )
+            print_error( 'Could not save profile.' )
+            exit 0
+        end
+    end
+
+    def print_profile( )
+        print_info( 'Running profile:' )
+        print_info( @opts.to_args )
+    end
+
+    #
+    # Outputs Arachni banner.<br/>
+    # Displays version number, revision number, author details etc.
+    #
+    # @see VERSION
+    # @see REVISION
+    #
+    # @return [void]
+    #
+    def banner
+
+        print_line 'Arachni - Web Application Security Scanner Framework v' +
+            @arachni.version + ' [' + @arachni.revision + ']
+       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+                                      <zapotek@segfault.gr>
+               (With the support of the community and the Arachni Team.)
+
+       Website:       http://github.com/Zapotek/arachni
+       Documentation: http://github.com/Zapotek/arachni/wiki'
+        print_line
+        print_line
+
+    end
+
+    #
+    # Outputs help/usage information.<br/>
+    # Displays supported options and parameters.
+    #
+    # @return [void]
+    #
+    def usage
+        print_line <<USAGE
+  Usage:  arachni \[options\] url
+
+  Supported options:
+
+
+    General ----------------------
+
+    -h
+    --help                      output this
+
+    -v                          be verbose
+
+    --debug                     show what is happening internally
+                                  (You should give it a shot sometime ;) )
+
+    --only-positives            echo positive results *only*
+
+    --http-req-limit            concurent HTTP requests limit
+                                  (Be carefull not to kill your server.)
+                                  (Default: 60)
+                                  (*NOTE*: If your scan seems unresponsive try lowering the limit.)
+
+    --http-harvest-last         build up the HTTP request queue of the audit for the whole site
+                                 and harvest the HTTP responses at the end of the crawl.
+                                 (In some test cases this option has split the scan time in half.)
+                                 (Default: responses will be harvested for each page)
+                                 (*NOTE*: If you are scanning a high-end server and
+                                   you are using a powerful machine with enough bandwidth
+                                   *and* you feel dangerous you can use
+                                   this flag with an increased '--http-req-limit'
+                                   to get maximum performance out of your scan.)
+                                 (*WARNING*: When scanning large websites with hundreads
+                                  of pages this could eat up all your memory pretty quickly.)
+
+    --cookie-jar=<cookiejar>    netscape HTTP cookie file, use curl to create it
+
+
+    --user-agent=<user agent>   specify user agent
+
+    --authed-by=<who>           who authorized the scan, include name and e-mail address
+                                  (It'll make it easier on the sys-admins during log reviews.)
+                                  (Will be appended to the user-agent string.)
+
+
+    Profiles -----------------------
+
+    --save-profile=<file>       save the current run profile/options to <file>
+
+    --load-profile=<file>       load a run profile from <file>
+                                  (Can be used multiple times.)
+                                  (You can complement it with more options, except for:
+                                      * --mods
+                                      * --redundant)
+
+    --show-profile              will output the running profile as CLI arguments
+
+
+    Crawler -----------------------
+
+    -e <regex>
+    --exclude=<regex>           exclude urls matching regex
+                                  (Can be used multiple times.)
+
+    -i <regex>
+    --include=<regex>           include urls matching this regex only
+                                  (Can be used multiple times.)
+
+    --redundant=<regex>:<count> limit crawl on redundant pages like galleries or catalogs
+                                  (URLs matching <regex> will be crawled <count> links deep.)
+                                  (Can be used multiple times.)
+
+    -f
+    --follow-subdomains         follow links to subdomains (default: off)
+
+    --obey-robots-txt           obey robots.txt file (default: off)
+
+    --depth=<number>            depth limit (default: inf)
+                                  (How deep Arachni should go into the site structure.)
+
+    --link-count=<number>       how many links to follow (default: inf)
+
+    --redirect-limit=<number>   how many redirects to follow (default: inf)
+
+    --spider-first              spider first, audit later
+
+
+    Auditor ------------------------
+
+    -g
+    --audit-links               audit link variables (GET)
+
+    -p
+    --audit-forms               audit form variables
+                                  (usually POST, can also be GET)
+
+    -c
+    --audit-cookies             audit cookies (COOKIE)
+
+    --exclude-cookie=<name>     cookies not to audit
+                                  (You should exclude session cookies.)
+                                  (Can be used multiple times.)
+
+    --audit-headers             audit HTTP headers
+                                  (*NOTE*: Header audits use brute force.
+                                   Almost all valid HTTP request headers will be audited
+                                   even if there's no indication that the web app uses them.)
+                                  (*WARNING*: Enabling this option will result in increased requests,
+                                   maybe by an order of magnitude.)
+
+
+    Modules ------------------------
+
+    --lsmod=<regexp>            list available modules based on the provided regular expression
+                                  (If no regexp is provided all modules will be listed.)
+                                  (Can be used multiple times.)
+
+
+    -m <modname,modname..>
+    --mods=<modname,modname..>  comma separated list of modules to deploy
+                                  (Use '*' as a module name to deploy all modules or inside module names like so:
+                                      xss_*   to load all xss modules
+                                      sqli_*  to load all sql injection modules
+                                      etc.
+
+                                   You can exclude modules by prefixing their name with a dash:
+                                      --mods=*,-backup_files,-xss
+                                   The above will load all modules except for the 'backup_files' and 'xss' modules.
+
+                                   Or mix and match:
+                                      -xss_*   to unload all xss modules. )
+
+
+    Reports ------------------------
+
+    --lsrep                       list available reports
+
+    --repload=<file>              load audit results from an .afr file
+                                    (Allows you to create new reports from finished scans.)
+
+    --report='<report>:<optname>=<val>,<optname2>=<val2>,...'
+
+                                  <report>: the name of the report as displayed by '--lsrep'
+                                    (Default: stdout)
+                                    (Can be used multiple times.)
+
+
+    Plugins ------------------------
+
+    --lsplug                      list available plugins
+
+    --plugin='<plugin>:<optname>=<val>,<optname2>=<val2>,...'
+
+                                  <plugin>: the name of the plugin as displayed by '--lsplug'
+                                    (Can be used multiple times.)
+
+
+    Proxy --------------------------
+
+    --proxy=<server:port>         specify proxy
+
+    --proxy-auth=<user:passwd>    specify proxy auth credentials
+
+    --proxy-type=<type>           proxy type can be http, http_1_0, socks4, socks5, socks4a
+                                    (Default: http)
+
+
+USAGE
+    end
+
+end
+
+end
+end