HOWTO : Arachni on Ubuntu 14.04 LTS
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.
Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way, attack/input vectors that would otherwise be undetectable by non-humans can be handled seamlessly.
Moreover, due to its integrated browser environment, it can also audit and inspect client-side code, as well as support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX.
Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.
Install
Start Firefox and point to
* Default credentials are as the following :
Administrator account
E-mail: admin@admin.admin
Password: administrator
Regular user account
E-mail: user@user.user
Password: regular_user
Update/Upgrade
Then repeat the Install procedure but to download the latest version.
Reference
Wiki
That's all! See you.
It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.
Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way, attack/input vectors that would otherwise be undetectable by non-humans can be handled seamlessly.
Moreover, due to its integrated browser environment, it can also audit and inspect client-side code, as well as support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX.
Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.
Install
cd ~
cd arsenal
wget https://github.com/Arachni/arachni/releases/download/v1.2.1/arachni-1.2.1-0.5.7.1-linux-x86_64.tar.gz
tar -xvzf arachni-1.2.1-0.5.7.1-linux-x86_64.tar.gz
cd arachni-1.2.1-0.5.7.1/bin
./arachni_web
Start Firefox and point to
http://127.0.0.1:9292
* Default credentials are as the following :
Administrator account
E-mail: admin@admin.admin
Password: administrator
Regular user account
E-mail: user@user.user
Password: regular_user
Update/Upgrade
rm -R ~/arsenal/arachni-1.2.1-0.5.7.1
Then repeat the Install procedure but to download the latest version.
Reference
Wiki
That's all! See you.