Penetration Testing mailing list archives
Arachni v0.4 has been released (Open Source Web Application Security Scanner Framework)
From: Tasos Laskos <tasos.laskos () gmail com>
Date: Sat, 07 Jan 2012 08:49:34 +0200
Hi guys, This is just to let you know that there's a new version of Arachni.Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.
This version includes lots of goodies, including: * A new light-weight RPC implementation (No more XMLRPC)* High Performance Grid (HPG) -- Combines the resources of multiple nodes for lightning-fast scans * Updated WebUI to provide access to HPG features and context-sensitive help
* New plugins* ReScan — It uses the AFR report of a previous scan to extract the sitemap in order to avoid a redundant crawl.
* BeepNotify — Beeps when the scan finishes.* LibNotify — Uses the libnotify library to send notifications for each discovered issue and a summary at the end of the scan. * EmailNotify — Sends a notification (and optionally a report) over SMTP at the end of the scan. * Manual verification — Flags issues that require manual verification as untrusted in order to reduce the signal-to-noise ratio.
* Resolver — Resolves vulnerable hostnames to IP addresses.* Accuracy improvements and bugfixes for the XSS, SQL Injection and Path Traversal modules
* New report formats (JSON, Marshal, YAML) * Cygwin package for Windows For a more detailed walk-through of what's new check-out: http://trainofthought.segfault.gr/2012/01/07/arachni-v0-4-is-out/ Details at: http://arachni.segfault.gr/latest ChangeLog: http://arachni.segfault.gr/latest#v0.4 Homepage: http://arachni.segfault.gr Github page: http://github.com/zapotek/arachni Documentation: http://github.com/Zapotek/arachni/wiki Google Group: http://groups.google.com/group/arachni Author: Tasos "Zapotek" Laskos Twitter: http://twitter.com/Zap0tek Copyright: 2010-2012 License: GNU General Public License v2All available installation options and usage instructions can be found in the homepage and the GitHub page.
I hope that you find it useful.If you run into any problems or want to make a suggestion or feature request the following pages will allow you to do so:
https://github.com/Zapotek/arachni/issues http://groups.google.com/group/arachni Cheers, Tasos "Zapotek" Laskos. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Arachni v0.4 has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Jan 06)