Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
Web Application Security Scanner Framework
It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.
Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by this framework.
Moreover, tool yields great performance due to its asynchronous HTTP model (courtesy of Typhoeus) — especially when combined with a High Performance Grid setup which allows you to combine the resources of multiple nodes for lightning fast scans. Thus, you’ll only be limited by the responsiveness of the server under audit.
Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.
Note: Despite the fact that Arachni is mostly targeted towards web application security, it can easily be used for general purpose scraping, data-mining, etc with the addition of custom modules.
There’s a new release available with enough boons for everybody, the overall scent of which is one of performance, accuracy and optimization. Pretty much everything has been profiled and benchmarked and optimized to keep RAM, CPU utilization and bandwidth consumption low (numbers will follow shortly) while also improving payload coverage and accuracy.
- Cookie-jar/cookie-string support.
- Custom header support.
- SSL support.
- User Agent spoofing.
- Proxy support for SOCKS4, SOCKS4A, SOCKS5, HTTP/1.1 and HTTP/1.0.
- Proxy authentication.
- Site authentication (Automated form-based, Cookie-Jar, Basic-Digest, NTLMv1 and others).
- Automatic log-out detection and re-login during the scan (when the initial login was performed via the
- Custom 404 page detection.
- UI abstraction:
- Pause/resume functionality.
- Hibernation support — Suspend to and restore from disk.
- High performance asynchronous HTTP requests.
- With adjustable concurrency.
- With the ability to auto-detect server health and adjust its concurrency automatically.
- Support for custom default input values, using pairs of patterns (to be matched against input names) and values to be used to fill in matching inputs.
Plugins add extra functionality to the system in a modular fashion, this way the core remains lean and makes it easy for anyone to add arbitrary functionality.
- Passive Proxy (
proxy) — Analyzes requests and responses between the web app and the browser assisting in AJAX audits, logging-in and/or restricting the scope of the audit.
- Form based AutoLogin (
- Dictionary attacker for HTTP Auth (
- Dictionary attacker for form based authentication (
- Cookie collector (
cookie_collector) — Keeps track of cookies while establishing a timeline of changes.
- WAF (Web Application Firewall) Detector (
waf_detector) — Establishes a baseline of normal behavior and uses rDiff analysis to determine if malicious inputs cause any behavioral changes.
- BeepNotify (
beep_notify) — Beeps when the scan finishes.
- EmailNotify (
email_notify) — Sends a notification (and optionally a report) over SMTP at the end of the scan.
- VectorFeed (
vector_feed) — Reads in vector data from which it creates elements to be audited. Can be used to perform extremely specialized/narrow audits on a per vector/element basis. Useful for unit-testing or a gazillion other things.
- Script (
script) — Loads and runs an external Ruby script under the scope of a plugin, used for debugging and general hackery.
- Uncommon headers (
uncommon_headers) — Logs uncommon headers.
- Content-types (
content_types) — Logs content-types of server responses aiding in the identification of interesting (possibly leaked) files.
Source && Download