|
|
Documentation
General
Q) what is the arirang?
arirang - korean word. it's a korea's tradition folk song
'a~ri~rang a~ri~rang a ra ri yo. arirang ~~~~~~~~~~ '
Q) why did not support recent www vulnerabilities scanrule?
i have not time. please make scanrule then e-mail to me ;-)
Q) what is the license of arirang?
bsd license
Usage
Q) how do i check webserver version check for our network?
example C CLASS) arirang -G -h 192.168.0.1/24
Q) how do i check http request allow method for our network?
example C CLASS) arirang -O -h 192.168.0.1/24
Q) how do i use arirang script?
arirang script run with -R option , check arirang script exampls
Q) how do i write html report?
example) arirang -w report.html -G -h yourhost -r scanrule/request.uxe
example) arirang -w report.html -G -s 192.168.0.30 -e 192.168.0.130 -r scanrule/request.uxe
example) arirang -w report.html -G -s 192.168.0.30 -e 192.168.0.130
example) arirang -w report.html -O -h 192.168.0.1/16 -P 60
Q) how do i write scan result?
use the "script" command
Q) how do i convert html file to csv format(not rule scan)?
copy & paste html contents to text, load that file in office program, and use a filter '-' character.
you can use arirang ruby script file.
Q) how do i use -f option?
example) file format like below
192.168.0.1
www.xxx.xxx
Q) how do i use SSL with arirang?
arirang 1.90+ does support ssl scan. you can use -S option like below
example) arirang -S -G -h yoursite/24
example) arirang -S -R script/iisver.rb -s 192.168.0.1 -e 192.168.0.100
example) arirang -S -G -s 192.168.0.1 -e 192.168.0.100 -r scanrule/request.uxe
Q) how do i use proxy with arirang?
arirang does support HTTP, RELAY, SOCKS5 proxy. you can use -X option lik below
environment variables (PROXY_USER, PROXY_PASS, PROXY_TYPE)
default PROXY_TYPE is HTTP and default port is 3128/tcp
http proxy)
arirang -X proxyserver:3128 -G -h yourhost/30 -r request.uxe
http proxy auth)
export PROXY_USER="user"
export PROXY_USER="password"
arirang -X proxyserver:3128 -G -h yourhost/30 -r request.uxe
socks5 proxy)
export PROXY_TYPE="SOCKS5"
arirang -X proxyserver:1028 -R script/server.rb -h yourhost/24
caching relay only proxy)
export PROXY_TYPE="RELAY"
Q) how do i check IIS server,Apache,PHP,OpenSSL version in our network?
example wide ip) arirang -G -s 192.168.1.1 -e 192.168.2.255 -P 90 | grep OpenSSL
example C CLASS) arirang -G -s 192.168.1.1 -e 192.168.1.255|grep Apache
example B CLASS) arirang -R script/iisver.rb -h 192.168.0.1/16 -P 80
example specfic ip address) arirang -G -s 192.168.1.1 -e 192.168.1.60|grep PHP
Q) how do i scan our network against IIS .ida buffer overflow(can affect codered worm) ?
C CLASS
example) arirang -G -s 192.168.1.1 -e 192.168.1.255 -r codered.uxe
B CLASS example) arirang -G -h 192.168.0.1/16 -r codered.uxe -P 100
specfic ip address example)arirang -G -s 192.168.1.10 -e 192.168.1.40 -r codered.uxe
arirang scan rule, script files installed
/usr/local/share/arirang/ on OpenBSD, FreeBSD
/usr/pkg/share/arirang/ on NetBSD
Solaris,AIX Install method.
# ruby extconf.rb
# make
if make failed, modify Makefile
|
|
|
