Arachni v0.2.1 release (Web Application Security Scanner Framework)

[Tasos Laskos <tasos.laskos () gmail com>]

Hi guys,

I’m glad to announce the v0.2.1 
<http://github.com/Zapotek/arachni/downloads> release of the Arachni 
<http://github.com/Zapotek/arachni> Web Application Security Scanner 
Framework.

This release brings many improvements, optimisations, new features and 
components;
a list of which you can find in the ChangeLog. 
<http://zapotek.github.com/arachni/file.CHANGELOG.html#Version_0.2.1>
(http://zapotek.github.com/arachni/file.CHANGELOG.html#Version_0.2.1)

We have new modules, plug-in support, modular path extractors for the 
Spider,
XMLRPC Client/Server interfaces and probably more stuff I’m currently 
incapable of recalling.

The new plug-in functionality has been used to implement a passive proxy and
an automated login plug-in allowing for scripted, form based, 
authentication.

Using the passive proxy you can selectively choose the pages you want to 
audit
by browsing them, login to the web-application and enable Arachni to 
audit AJAX based web pages
by allowing it to see what your browser sees.

The AutoLogin plug-in enables the framework to log-in to a given web 
application
before the scanning process starts and alleviates the need to go through 
the hassle
of creating and setting your own cookie-jar.

The new XMLRPC services allow for remote and distributed –agent-like– 
deployment of Arachni.

Moreover, there’s basic integration 
<http://zapotek.github.com/arachni/file.EXPLOITATION.html> with the 
Metasploit framework
enabling pen testers to exploit vulnerabilities discovered by Arachni
in an assisted or completely automated manner — depending on user 
preference and/or type of vulnerability.
(http://zapotek.github.com/arachni/file.EXPLOITATION.html)

With the new release, I’d like to also introduce the Arachni Google 
Group. <http://groups.google.com/group/arachni>
If you’re hacking or using Arachni and have a related question don’t 
hesitate to drop us a line.
(http://groups.google.com/group/arachni)


Links
------------
Homepage: http://github.com/zapotek/arachni
News: http://trainofthought.segfault.gr/category/projects/arachni/
Documentation: http://github.com/Zapotek/arachni/wiki 
<http://trainofthought.segfault.gr/category/projects/arachni/>
Code Documentation: http://zapotek.github.com/arachni/
Google Group: http://groups.google.com/group/arachni
Author: Tasos “Zapotek” Laskos
Twitter: http://twitter.com/Zap0tek
Copyright: 2010
License: GNU General Public License v2
Download link for your convenience: 
http://github.com/Zapotek/arachni/downloads


Project Synopsis
-------------
Arachni is a feature-full, modular, high-performance Ruby framework
aimed towards helping penetration testers and administrators evaluate
the security of web applications.

Arachni is smart, it trains itself by learning from the HTTP responses
it receives during the audit process.

Unlike other scanners, Arachni takes into account the dynamic nature
of web applications and can detect changes caused while travelling
through the paths of a web application's cyclomatic complexity.

This way attack/input vectors that would otherwise be undetectable
by non-humans are seamlessly handled by Arachni.

Finally, Arachni yields great performance due to its asynchronous HTTP 
model (courtesy of Typhoeus).
Thus, you'll only be limited by the responsiveness of the server under 
audit and your available bandwidth.

Cheers,
Tasos L.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------