Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Arachni v0.4.6-0.4.3 has been released (Open Source Web Application Security Scanner Framework)

From: Tasos Laskos <tasos.laskos () gmail com>
Date: Wed, 01 Jan 2014 20:01:17 +0200
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

Framework
----------
* Massively decreased RAM consumption.
* Amount of performed requests cut down by 1/3 -- and thus 1/3 decrease in scan times.
* Overhauled timing attack and boolean/differential analysis algorithms to fix
  SQLi false-positives with misbehaving webapps/servers.
* Vulnerability coverage optimizations with 100% scores on WAVSEP's tests for:
  * SQL injection
  * Local File Inclusion
  * Remote File Inclusion
  * Non-DOM XSS -- DOM XSS not supported until Arachni v0.5.

WebUI
-----
* Implemented Scan Scheduler with support for recurring scans.
* Redesigned Issue table during the Scan progress screen, to group
  and filter issues by type and severity.

For more details about the new release please visit:
     http://www.arachni-scanner.com/blog/arachni-0-4-6-0-4-3-release/

Download page: http://www.arachni-scanner.com/download/

Homepage           - http://www.arachni-scanner.com
Blog               - http://www.arachni-scanner.com/blog
Documentation      - https://github.com/Arachni/arachni/wiki
Support            - http://support.arachni-scanner.com
GitHub page        - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author             - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter            - http://twitter.com/ArachniScanner
Copyright          - 2010-2014 Tasos Laskos
License            - Apache License v2

Cheers,
Tasos Laskos.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: