WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Arachni v0.4.5.1-0.4.2 has been released (Open Source Web Application Security Scanner Framework)

From: Tasos Laskos <tasos.laskos () gmail com>
Date: Sun, 15 Sep 2013 01:57:51 +0300
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

* Optimized pattern matching to use less resources by grouping patterns to only
    be matched against the per-platform payloads. Bottom line, pattern matching
    operations have been greatly reduced overall and vulnerabilities can be used
    to fingerprint the remote platform.
* Modules
    * Path traversal (path_traversal)
        * Updated to use more generic signatures.
        * Added dot-truncation for MS Windows payloads.
        * Moved non-traversal payloads to the file_inclusion module.
    * File inclusion (file_inclusion) — Extracted from path_traversal.
        * Uses common server-side files and errors to identify issues.
    * SQL Injection (sqli) — Added support for the following databases:
        * Firebird
        * SAP Max DB
        * Sybase
        * Frontbase
        * IngresDB
        * HSQLDB
        * MS Access
    * localstart_asp — Checks if localstart.asp is accessible.
* Plugins — Added:
        * Uncommon headers (uncommon_headers) — Logs uncommon headers.

For more details about the new release please visit:
     http://www.arachni-scanner.com/blog/arachni-0-4-5-1-0-4-2-release/

Download page: http://www.arachni-scanner.com/download/

Homepage           - http://www.arachni-scanner.com
Blog               - http://www.arachni-scanner.com/blog
Documentation      - https://github.com/Arachni/arachni/wiki
Support            - http://support.arachni-scanner.com
GitHub page        - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author             - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter            - http://twitter.com/ArachniScanner
Copyright          - 2010-2013 Tasos Laskos
License            - Apache License v2

Cheers,
Tasos Laskos.



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus 
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: