Penetration Testing mailing list archives
Arachni v0.4.5.1-0.4.2 has been released (Open Source Web Application Security Scanner Framework)
From: Tasos Laskos <tasos.laskos () gmail com>
Date: Sun, 15 Sep 2013 01:57:51 +0300
Hey folks, There's a new version of Arachni, an Open Source, modular and high-performance Web Application Security Scanner Framework written in Ruby. Brief list of changes: * Optimized pattern matching to use less resources by grouping patterns to only be matched against the per-platform payloads. Bottom line, pattern matching operations have been greatly reduced overall and vulnerabilities can be used to fingerprint the remote platform. * Modules * Path traversal (path_traversal) * Updated to use more generic signatures. * Added dot-truncation for MS Windows payloads. * Moved non-traversal payloads to the file_inclusion module. * File inclusion (file_inclusion) — Extracted from path_traversal. * Uses common server-side files and errors to identify issues. * SQL Injection (sqli) — Added support for the following databases: * Firebird * SAP Max DB * Sybase * Frontbase * IngresDB * HSQLDB * MS Access * localstart_asp — Checks if localstart.asp is accessible. * Plugins — Added: * Uncommon headers (uncommon_headers) — Logs uncommon headers. For more details about the new release please visit: http://www.arachni-scanner.com/blog/arachni-0-4-5-1-0-4-2-release/ Download page: http://www.arachni-scanner.com/download/ Homepage - http://www.arachni-scanner.com Blog - http://www.arachni-scanner.com/blog Documentation - https://github.com/Arachni/arachni/wiki Support - http://support.arachni-scanner.com GitHub page - http://github.com/Arachni/arachni Code Documentation - http://rubydoc.info/github/Arachni/arachni Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek) Twitter - http://twitter.com/ArachniScanner Copyright - 2010-2013 Tasos Laskos License - Apache License v2 Cheers, Tasos Laskos. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Arachni v0.4.5.1-0.4.2 has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Sep 14)