Results 1 to 2 of 2

Thread: Arachni - Scanner/Pentest for Web Applications

  1. #1
    Moderator firebits's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    353

    Lightbulb Arachni - Scanner/Pentest for Web Applications

    Arachni is a feature-full, modular, high-performance Ruby framework
    aimed towards helping penetration testers and administrators evaluate
    the security of web applications.

    Arachni is smart, it trains itself by learning from the HTTP responses
    it receives during the audit process.

    Unlike other scanners, Arachni takes into account the dynamic nature
    of web applications and can detect changes caused while travelling
    through the paths of a web application's cyclomatic complexity.

    This way attack/input vectors that would otherwise be undetectable
    by non-humans are seamlessly handled by Arachni.

    Finally, Arachni yields great performance due to its asynchronous HTTP
    model (courtesy of Typhoeus).
    Thus, you'll only be limited by the responsiveness of the server under
    audit and your available bandwidth.

    Links
    ------------
    Homepage: http://github.com/zapotek/arachni
    News: Zapotek's train of thought… » Arachni
    Documentation: http://github.com/Zapotek/arachni/wiki
    <http://trainofthought.segfault.gr/category/projects/arachni/>
    Code Documentation: Arachni - Web Application Security Scanner Framework
    Google Group: Arachni - Web Application Security Scanner Framework | Google Groups
    Author: Tasos “Zapotek” Laskos
    Twitter: Tasos Laskos (Zap0tek) on Twitter
    Copyright: 2010
    License: GNU General Public License v2
    Download link for your convenience:
    http://github.com/Zapotek/arachni/downloads

    I’m glad to announce the v0.2.1
    <http://github.com/Zapotek/arachni/downloads> release of the Arachni
    <http://github.com/Zapotek/arachni> Web Application Security Scanner
    Framework.

    This release brings many improvements, optimisations, new features and
    components;
    a list of which you can find in the ChangeLog.
    <http://zapotek.github.com/arachni/file.CHANGELOG.html#Version_0.2.1>
    (File: CHANGELOG)

    We have new modules, plug-in support, modular path extractors for the
    Spider,
    XMLRPC Client/Server interfaces and probably more stuff I’m currently
    incapable of recalling.

    The new plug-in functionality has been used to implement a passive proxy and
    an automated login plug-in allowing for scripted, form based,
    authentication.

    Using the passive proxy you can selectively choose the pages you want to
    audit
    by browsing them, login to the web-application and enable Arachni to
    audit AJAX based web pages
    by allowing it to see what your browser sees.

    The AutoLogin plug-in enables the framework to log-in to a given web
    application
    before the scanning process starts and alleviates the need to go through
    the hassle
    of creating and setting your own cookie-jar.

    The new XMLRPC services allow for remote and distributed –agent-like–
    deployment of Arachni.

    Moreover, there’s basic integration
    <http://zapotek.github.com/arachni/file.EXPLOITATION.html> with the
    Metasploit framework
    enabling pen testers to exploit vulnerabilities discovered by Arachni
    in an assisted or completely automated manner — depending on user
    preference and/or type of vulnerability.
    (File: EXPLOITATION)

    With the new release, I’d like to also introduce the Arachni Google
    Group. <http://groups.google.com/group/arachni>
    If you’re hacking or using Arachni and have a related question don’t
    hesitate to drop us a line.
    (Arachni - Web Application Security Scanner Framework | Google Groups)

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Arachni - Scanner/Pentest for Web Applications

    This may not get included due to dependency issues, with regards to ruby 1.9.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Similar Threads

  1. BT4 And BT3 applications used
    By [d.u.i.] in forum Beginners Forum
    Replies: 1
    Last Post: 11-08-2010, 07:45 PM
  2. how to install applications
    By evilkid in forum Beginners Forum
    Replies: 1
    Last Post: 09-11-2010, 07:47 PM
  3. Updating applications in BT3?
    By Yeeshkull in forum OLD Newbie Area
    Replies: 9
    Last Post: 09-21-2009, 07:27 PM
  4. BT3 Web Applications
    By nitras in forum OLD BT3beta General
    Replies: 1
    Last Post: 06-04-2008, 07:28 AM
  5. BT3 Applications
    By Paint in forum OLD Newbie Area
    Replies: 7
    Last Post: 01-29-2008, 05:32 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •