Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.
This version includes lots of goodies, including:
This version includes lots of goodies, including:
- A new light-weight RPC implementation (No more XMLRPC)
- High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans
- Updated WebUI to provide access to HPG features and context-sensitive help
- Accuracy improvements and bugfixes for the XSS, SQL Injection and Path Traversal modules
- New report formats (JSON, Marshal, YAML)
- Cygwin package for Windows
New plugins
- ReScan — It uses the AFR report of a previous scan to extract the sitemap in order to avoid a redundant crawl.
- BeepNotify — Beeps when the scan finishes.
- LibNotify — Uses the libnotify library to send notifications for each discovered issue and a summary at the end of the scan.
- EmailNotify — Sends a notification (and optionally a report) over SMTP at the end of the scan.
- Manual verification — Flags issues that require manual verification as untrusted in order to reduce the signal-to-noise ratio.
- Resolver — Resolves vulnerable hostnames to IP addresses.
Windows download link: http://downloads.segfault.gr/arachni/arachni-v0.4.0.2-cygwin.exe
Linux download link: https://github.com/Zapotek/arachni/downloads/arachni-v0.4.0.2-cde.tar.gz
Read more: http://arachni.segfault.gr/news
No comments:
Post a Comment