>Arachni is a feature-full, modular, high-performance Ruby framework
aimed towards helping penetration testers and administrators evaluate
the security of web applications.
Arachni is smart, it trains itself by learning from the HTTP responses
it receives during the audit process.
Unlike other scanners, Arachni takes into account the dynamic nature
of web applications and can detect changes caused while travelling
through the paths of a web application’s cyclomatic complexity.
This way attack/input vectors that would otherwise be undetectable
by non-humans are seamlessly handled by Arachni.
Finally, Arachni yields great performance due to its asynchronous HTTP
model (courtesy of Typhoeus).
Thus, you’ll only be limited by the responsiveness of the server under
audit and your available bandwidth.
Code Documentation: Arachni – Web Application Security Scanner Framework
Google Group: Arachni – Web Application Security Scanner Framework | Google Groups
Author: Tasos “Zapotek” Laskos
Twitter: Tasos Laskos (Zap0tek) on Twitter
License: GNU General Public License v2
Download link for your convenience:
I’m glad to announce the v0.2.1
release of the Arachni
Web Application Security Scanner
This release brings many improvements, optimisations, new features and
a list of which you can find in the ChangeLog.
We have new modules, plug-in support, modular path extractors for the
XMLRPC Client/Server interfaces and probably more stuff I’m currently
incapable of recalling.
The new plug-in functionality has been used to implement a passive proxy and
an automated login plug-in allowing for scripted, form based,
Using the passive proxy you can selectively choose the pages you want to
by browsing them, login to the web-application and enable Arachni to
audit AJAX based web pages
by allowing it to see what your browser sees.
The AutoLogin plug-in enables the framework to log-in to a given web
before the scanning process starts and alleviates the need to go through
of creating and setting your own cookie-jar.
The new XMLRPC services allow for remote and distributed –agent-like–
deployment of Arachni.
Moreover, there’s basic integration
enabling pen testers to exploit vulnerabilities discovered by Arachni
in an assisted or completely automated manner — depending on user
preference and/or type of vulnerability.
With the new release, I’d like to also introduce the Arachni Google
If you’re hacking or using Arachni and have a related question don’t
hesitate to drop us a line.
(Arachni – Web Application Security Scanner Framework | Google Groups)