Arirang Script (.rb)
Scan Rules (.uxe)
page updated
2011/10/03 KST


  • General
  • Q) what is the arirang?
    arirang - korean word. it's a korea's tradition folk song
    'a~ri~rang a~ri~rang a ra ri yo. arirang ~~~~~~~~~~ '

    Q) why did not support recent www vulnerabilities scanrule?
    i have not time. please make scanrule then e-mail to me ;-)

    Q) what is the license of arirang?
    bsd license

  • Usage
  • Q) how do i check webserver version check for our network?
    example C CLASS) arirang -G -h

    Q) how do i check http request allow method for our network?
    example C CLASS) arirang -O -h

    Q) how do i use arirang script?
    arirang script run with -R option , check arirang script exampls

    Q) how do i write html report?
    example) arirang -w report.html -G -h yourhost -r scanrule/request.uxe
    example) arirang -w report.html -G -s -e -r scanrule/request.uxe
    example) arirang -w report.html -G -s -e
    example) arirang -w report.html -O -h -P 60

    Q) how do i write scan result?
    use the "script" command

    Q) how do i convert html file to csv format(not rule scan)?
    copy & paste html contents to text, load that file in office program, and use a filter '-' character.
    you can use arirang ruby script file.

    Q) how do i use -f option?
    example) file format like below

    Q) how do i use SSL with arirang?
    arirang 1.90+ does support ssl scan. you can use -S option like below
    example) arirang -S -G -h yoursite/24
    example) arirang -S -R script/iisver.rb -s -e
    example) arirang -S -G -s -e -r scanrule/request.uxe

    Q) how do i use proxy with arirang?
    arirang does support HTTP, RELAY, SOCKS5 proxy. you can use -X option lik below
    environment variables (PROXY_USER, PROXY_PASS, PROXY_TYPE)
    default PROXY_TYPE is HTTP and default port is 3128/tcp

    http proxy)
    arirang -X proxyserver:3128 -G -h yourhost/30 -r request.uxe
    http proxy auth)
    export PROXY_USER="user"
    export PROXY_USER="password"
    arirang -X proxyserver:3128 -G -h yourhost/30 -r request.uxe

    socks5 proxy)
    export PROXY_TYPE="SOCKS5"
    arirang -X proxyserver:1028 -R script/server.rb -h yourhost/24

    caching relay only proxy)
    export PROXY_TYPE="RELAY"

    Q) how do i check IIS server,Apache,PHP,OpenSSL version in our network?
    example wide ip) arirang -G -s -e -P 90 | grep OpenSSL
    example C CLASS) arirang -G -s -e|grep Apache
    example B CLASS) arirang -R script/iisver.rb -h -P 80
    example specfic ip address) arirang -G -s -e|grep PHP

    Q) how do i scan our network against IIS .ida buffer overflow(can affect codered worm) ?
    C CLASS example) arirang -G -s -e -r codered.uxe
    B CLASS example) arirang -G -h -r codered.uxe -P 100
    specfic ip address example)arirang -G -s -e -r codered.uxe

    arirang scan rule, script files installed
    /usr/local/share/arirang/ on OpenBSD, FreeBSD
    /usr/pkg/share/arirang/ on NetBSD

    Solaris,AIX Install method.
    # ruby extconf.rb
    # make
    if make failed, modify Makefile