Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process.
Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling
through the paths of a web application’s cyclomatic complexity.
This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.
Changelog
Framework v0.4.6
- Massively decreased RAM consumption.
- Amount of performed requests cut down by 1/3 — and thus 1/3 decrease in scan times.
- Overhauled timing attack and boolean/differential analysis algorithms to fix SQLi false-positives with misbehaving webapps/servers.
- Vulnerability coverage optimizations with 100% scores on WAVSEP’s tests for:
- SQL injection
- Local File Inclusion
- Remote File Inclusion
- Non-DOM XSS — DOM XSS not supported until Arachni v0.5.
WebUI v0.4.3
- Implemented Scan Scheduler with support for recurring scans.
- Redesigned Issue table during the Scan progress screen, to group and filter issues by type and severity.