Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Arachni v0.4.4-0.4.2 has been released (Open Source Web Application Security Scanner Framework)

From: Tasos Laskos <tasos.laskos () gmail com>
Date: Mon, 12 Aug 2013 21:44:49 +0300
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but some bullet points follow.

For the Framework (v0.4.4):

  * New checks
    * Source code disclosure (source_code_disclosure)
    * Code execution via the php://input wrapper (code_execution_php_input_wrapper)
    * X-Forwarded-For Access Restriction Bypass (x_forwarded_for_access_restriction_bypass)
    * Form-based upload logging (form_upload)
  * Accuracy improvements
    * Blind SQL Injection (Boolean/Differential analysis) (sqli_blind_rdiff)
      * Improved payloads and analysis technique.
    * Path traversal (path_traversal)
      * Updated to start with / and go all the way up to /../../../../../../.
      * Added fingerprints for /proc/self/environ.
      * Improved coverage for MS Windows
    * Remote file inclusion (rfi)
       * Updated to handle cases where the web application appends its own extension to the injected string.

For the Web User Interface (v0.4.2):

  * Fixed bug causing the system to hang after 1:24 hours of scan monitoring,
    caused by improper caching of RPC clients.
  * Profiles
      * Added HTTP auth options -- instead of only allowing credentials to
        be passed via the URL.

For more details about the new release please visit:
     http://www.arachni-scanner.com/blog/arachni-0-4-4-0-4-2-release/

Download page: http://www.arachni-scanner.com/download/

Homepage           - http://www.arachni-scanner.com
Blog               - http://www.arachni-scanner.com/blog
Documentation      - https://github.com/Arachni/arachni/wiki
Support            - http://support.arachni-scanner.com
GitHub page        - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author             - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter            - http://twitter.com/ArachniScanner
Copyright          - 2010-2013 Tasos Laskos
License            - Apache License v2

Cheers,
Tasos Laskos.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: