Penetration Testing mailing list archives
Arachni v0.4.4-0.4.2 has been released (Open Source Web Application Security Scanner Framework)
From: Tasos Laskos <tasos.laskos () gmail com>
Date: Mon, 12 Aug 2013 21:44:49 +0300
Hey folks, There's a new version of Arachni, an Open Source, modular and high-performance Web Application Security Scanner Framework written in Ruby. The change-log is quite sizeable but some bullet points follow. For the Framework (v0.4.4): * New checks * Source code disclosure (source_code_disclosure) * Code execution via the php://input wrapper (code_execution_php_input_wrapper) * X-Forwarded-For Access Restriction Bypass (x_forwarded_for_access_restriction_bypass) * Form-based upload logging (form_upload) * Accuracy improvements * Blind SQL Injection (Boolean/Differential analysis) (sqli_blind_rdiff) * Improved payloads and analysis technique. * Path traversal (path_traversal) * Updated to start with / and go all the way up to /../../../../../../. * Added fingerprints for /proc/self/environ. * Improved coverage for MS Windows * Remote file inclusion (rfi) * Updated to handle cases where the web application appends its own extension to the injected string. For the Web User Interface (v0.4.2): * Fixed bug causing the system to hang after 1:24 hours of scan monitoring, caused by improper caching of RPC clients. * Profiles * Added HTTP auth options -- instead of only allowing credentials to be passed via the URL. For more details about the new release please visit: http://www.arachni-scanner.com/blog/arachni-0-4-4-0-4-2-release/ Download page: http://www.arachni-scanner.com/download/ Homepage - http://www.arachni-scanner.com Blog - http://www.arachni-scanner.com/blog Documentation - https://github.com/Arachni/arachni/wiki Support - http://support.arachni-scanner.com GitHub page - http://github.com/Arachni/arachni Code Documentation - http://rubydoc.info/github/Arachni/arachni Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek) Twitter - http://twitter.com/ArachniScanner Copyright - 2010-2013 Tasos Laskos License - Apache License v2 Cheers, Tasos Laskos. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Arachni v0.4.4-0.4.2 has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Aug 12)