WebApp Sec mailing list archives
Arachni v0.2.1 release (Web Application Security Scanner Framework)
From: Tasos Laskos <tasos.laskos () gmail com>
Date: Thu, 25 Nov 2010 04:14:40 +0000
Hi guys,I’m glad to announce the v0.2.1 <http://github.com/Zapotek/arachni/downloads> release of the Arachni <http://github.com/Zapotek/arachni> Web Application Security Scanner Framework.
This release brings many improvements, optimisations, new features and components; a list of which you can find in the ChangeLog. <http://zapotek.github.com/arachni/file.CHANGELOG.html#Version_0.2.1>
(http://zapotek.github.com/arachni/file.CHANGELOG.html#Version_0.2.1)We have new modules, plug-in support, modular path extractors for the Spider, XMLRPC Client/Server interfaces and probably more stuff I’m currently incapable of recalling.
The new plug-in functionality has been used to implement a passive proxy andan automated login plug-in allowing for scripted, form based, authentication.
Using the passive proxy you can selectively choose the pages you want to audit by browsing them, login to the web-application and enable Arachni to audit AJAX based web pages
by allowing it to see what your browser sees.The AutoLogin plug-in enables the framework to log-in to a given web application before the scanning process starts and alleviates the need to go through the hassle
of creating and setting your own cookie-jar.The new XMLRPC services allow for remote and distributed –agent-like– deployment of Arachni.
Moreover, there’s basic integration <http://zapotek.github.com/arachni/file.EXPLOITATION.html> with the Metasploit framework
enabling pen testers to exploit vulnerabilities discovered by Arachniin an assisted or completely automated manner — depending on user preference and/or type of vulnerability.
(http://zapotek.github.com/arachni/file.EXPLOITATION.html)With the new release, I’d like to also introduce the Arachni Google Group. <http://groups.google.com/group/arachni> If you’re hacking or using Arachni and have a related question don’t hesitate to drop us a line.
(http://groups.google.com/group/arachni) Links ------------ Homepage: http://github.com/zapotek/arachni News: http://trainofthought.segfault.gr/category/projects/arachni/Documentation: http://github.com/Zapotek/arachni/wiki <http://trainofthought.segfault.gr/category/projects/arachni/>
Code Documentation: http://zapotek.github.com/arachni/ Google Group: http://groups.google.com/group/arachni Author: Tasos “Zapotek” Laskos Twitter: http://twitter.com/Zap0tek Copyright: 2010 License: GNU General Public License v2Download link for your convenience: http://github.com/Zapotek/arachni/downloads
Project Synopsis ------------- Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling through the paths of a web application's cyclomatic complexity. This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.Finally, Arachni yields great performance due to its asynchronous HTTP model (courtesy of Typhoeus). Thus, you'll only be limited by the responsiveness of the server under audit and your available bandwidth.
Cheers, Tasos L. This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE.Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Current thread:
- Arachni v0.2.1 release (Web Application Security Scanner Framework) Tasos Laskos (Nov 26)