UPDATE ARANCHI V0.4.2 - WEB APPLICATION SECURITY SCANNER FRAMEWORK
Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.
It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.
It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.
It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.
Features
- Cookie-jar/cookie-string support.
- Custom header support.
- SSL support.
- User Agent spoofing.
- Proxy support for SOCKS4, SOCKS4A, SOCKS5, HTTP/1.1 and HTTP/1.0.
- Proxy authentication.
- Site authentication (Automated form-based, Cookie-Jar, Basic-Digest, NTLM and
- others).
- Automatic log-out detection and re-login during the audit (when the initial login was
- performed via the AutoLogin plugin).
- Custom 404 page detection.
- UI abstraction:
- Command-line Interface.
- Web User Interface.
- Pause/resume functionality.
- High Performance asynchronous HTTP requests
Major improvements with 0.4.2
Users
Regular users can enjoy:- The ability to easily perform and manage scans via the brand new, Rails-based, simple, intuitive and beautiful web user interface — I’m overselling it a bit out of excitement.
- Much reduced RAM usage.
- More fluid and smoother progress %.
- Issue remarks – Providing extra context to logged issues and assisting you in determining the nature, variation and special circumstances that may apply.
- More resilient stance towards non-responsive servers.
- Much improved profiling and detection of custom 404 responses.
- Improved payloads for Windows machines for path traversal and OS command injection.
- The ability to exclude pages from the scan based on content.
Developers
Oh you devs out there controlling Arachni via RPC are gonna love these:- Default serialization changed to Marshal, which translates to much faster and less bandwidth consuming RPC calls.
- YAML serialization is still supported and it is an automatic fallback, YAML requests will still illicit a YAML response. Careful though, the engine has been changed to Psych, which has been the Ruby default for a while now.
- A bunch of convenience methods have been added to Arachni::RPC::Server::Instance, allowing you to perform and control scans much easier than before.
- More data returned for logged Issues during runtime.
Service providers
Well, you get to enjoy all of the above but at a higher, more abstract level:- Significantly reduced RAM consumption.
- Significantly reduced bandwidth and CPU usage for RPC calls.
- Improved progress information for statistics, issues and progress %.
I.e. Fewer costs, happier devs and happier clients.DOWNLOAD -
Linux
You can download self-contained packages for Linux for the following architectures:
Linux x86 32bit (SHA1)
Linux x86 64bit (SHA1)
If you get a GLIBC error please update your system.
Mac OSX 10.8 (Mountain Lion)
Mac OSX users can download the self-contained Mac OSX x86 64bit (SHA1) package.
If you get a segmentation fault please update your system.
Source-