Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.
Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way, attack/input vectors that would otherwise be undetectable by non-humans can be handled seamlessly.
Moreover, due to its integrated browser environment, it can also audit and inspect client-side code, as well as support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX.
Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.
Demo
General
-
Cookie-jar/cookie-string support.
-
Custom header support.
-
SSL support with fine-grained options.
-
User Agent spoofing.
-
Proxy support for SOCKS4, SOCKS4A, SOCKS5, HTTP/1.1 and HTTP/1.0.
-
Proxy authentication.
-
Site authentication (SSL-based, form-based, Cookie-Jar, Basic-Digest, NTLMv1, Kerberos and others).
-
Automatic log-out detection and re-login during the scan (when the initial login was performed via the autologin, login_script or proxy plugins).
-
Custom 404 page detection.
-
UI abstraction:
-
Pause/resume functionality.
-
Hibernation support -- Suspend to and restore from disk.
-
High performance asynchronous HTTP requests.
-
With adjustable concurrency.
-
With the ability to auto-detect server health and adjust its concurrency automatically.
-
-
Support for custom default input values, using pairs of patterns (to be matched against input names) and values to be used to fill in matching inputs.
configuration
-
Filters for redundant pages like galleries, catalogs, etc. based on regular expressions and counters.
-
Can optionally detect and ignore redundant pages automatically.
-
-
URL exclusion filters using regular expressions.
-
Page exclusion filters based on content, using regular expressions.
-
URL inclusion filters using regular expressions.
-
Can be forced to only follow HTTPS paths and not downgrade to HTTP.
-
Can optionally follow subdomains.
-
Adjustable page count limit.
-
Adjustable redirect limit.
-
Adjustable directory depth limit.
-
Adjustable DOM depth limit.
-
Adjustment using URL-rewrite rules.
-
Can read paths from multiple user supplied files (to both restrict and extend the scope).
Audit
-
Can audit:
-
Forms
-
Can automatically refresh nonce tokens.
-
Can submit them via the integrated browser environment.
-
-
User-interface Forms
-
Input and button groups which don't belong to an HTML form element but are instead associated via JS code.
-
-
User-interface Inputs
-
Orphan elements with associated DOM events.
-
-
Links
-
Can load them via the integrated browser environment.
-
-
LinkTemplates
-
Can load them via the integrated browser environment.
-
-
Cookies
-
Can load them via the integrated browser environment.
-
-
Headers
-
Generic client-side DOM elements.
-
JSON request data.
-
XML request data.
-
-
Can ignore binary/non-text pages.
-
Can audit elements using both GET and POST HTTP methods.
-
Can inject both raw and HTTP encoded payloads.
-
Can submit all links and forms of the page along with the cookie permutations to provide extensive cookie-audit coverage.
-
Can exclude specific input vectors by name.
-
Can include specific input vectors by name.