Tuesday, April 30, 2013

Arachni v0.4.2 Released

Web Application Security Scanner Framework

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.  

The change-log is quite sizeable but the gist is:

* Brand new web interface -- allowing for team collaboration.
* Significant decreases in memory usage.
* Issue remarks – Providing extra context to logged issues.
* Improved payloads for Windows machines for path traversal and OS command injection.
* RPC API updates allowing for much easier remote scan management.
* Much improved profiling and detection of custom 404 responses.
* The ability to exclude pages from the scan based on content.


For more details and Download visit:    http://www.arachni-scanner.com

No comments: