WebApp Sec mailing list archives
Arachni v0.4.4-0.4.2 has been released (Open Source Web Application Security Scanner Framework)
From: Tasos Laskos <tasos.laskos () gmail com>
Date: Mon, 12 Aug 2013 21:44:49 +0300
Hey folks, There's a new version of Arachni, an Open Source, modular and high-performance Web Application Security Scanner Framework written in Ruby. The change-log is quite sizeable but some bullet points follow. For the Framework (v0.4.4): * New checks * Source code disclosure (source_code_disclosure) * Code execution via the php://input wrapper (code_execution_php_input_wrapper) * X-Forwarded-For Access Restriction Bypass (x_forwarded_for_access_restriction_bypass) * Form-based upload logging (form_upload) * Accuracy improvements * Blind SQL Injection (Boolean/Differential analysis) (sqli_blind_rdiff) * Improved payloads and analysis technique. * Path traversal (path_traversal) * Updated to start with / and go all the way up to /../../../../../../. * Added fingerprints for /proc/self/environ. * Improved coverage for MS Windows * Remote file inclusion (rfi) * Updated to handle cases where the web application appends its own extension to the injected string. For the Web User Interface (v0.4.2): * Fixed bug causing the system to hang after 1:24 hours of scan monitoring, caused by improper caching of RPC clients. * Profiles * Added HTTP auth options -- instead of only allowing credentials to be passed via the URL. For more details about the new release please visit: http://www.arachni-scanner.com/blog/arachni-0-4-4-0-4-2-release/ Download page: http://www.arachni-scanner.com/download/ Homepage - http://www.arachni-scanner.com Blog - http://www.arachni-scanner.com/blog Documentation - https://github.com/Arachni/arachni/wiki Support - http://support.arachni-scanner.com GitHub page - http://github.com/Arachni/arachni Code Documentation - http://rubydoc.info/github/Arachni/arachni Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek) Twitter - http://twitter.com/ArachniScanner Copyright - 2010-2013 Tasos Laskos License - Apache License v2 Cheers, Tasos Laskos. This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE.Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Current thread:
- Arachni v0.4.4-0.4.2 has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Aug 13)