[Arachni v0.4.4] The Web Application Security Scanner Framework


Arachni is a Free/Open Source project, the code is released under the Apache License Version 2.0 and you are free to use it as you see fit.

Initially started as an educational exercise, it has since evolved into a powerful and modular framework allowing for fast, accurate and flexible security/vulnerability assessments. More than that, Arachni is highly extend-able allowing for anyone to improve upon it by adding custom components and tailoring most aspects to meet most needs.


Modules

There are new passive (recon) and active (audit) modules along with big coverage improvements for existing ones.

Recon

New

  • X-Forwarded-For Access Restriction Bypass ( x_forwarded_for_access_restriction_bypass)
    • Retries denied requests with a X-Forwarded-For header to try and trick the web application into thinking that the request originates from localhost and checks whether the restrictions were bypassed.
  • Form-based upload ( form_upload)
    • Flags file-upload forms as they require manual testing.

Improved

  • .htaccess LIMIT misconfiguration ( htaccess_limit)
    • Updated to use verb tampering as well.

Audit

New

  • Source code disclosure ( source_code_disclosure)
    • Checks whether or not the web application can be forced to reveal source code.
  • Code execution via the php://input wrapper ( code_execution_php_input_wrapper)
    • It injects PHP code into the HTTP request body and uses the php://input wrapper to try and load it.

Improved

  • Blind SQL Injection (Boolean/Differential analysis) ( sqli_blind_rdiff)
    • Improved accuracy of results.
  • Path traversal ( path_traversal)
    • Severity set to “High”.
    • Updated to start with / and go all the way up to /../../../../../../.
    • Added fingerprints for /proc/self/environ.
    • Improved coverage for MS Windows.
  • Remote file inclusion ( rfi)
    • Updated to handle cases where the web application appends its own extension to the injected string.